Lack of Visibility and Fragmented Tools Drive Security Risks in Cloud Applications
August 14, 2023

Amit Shah
Dynatrace

The prevalence of team silos and point solutions throughout the DevSecOps lifecycle make it increasingly difficult for development, security, and operational teams to have comprehensive visibility into the threats affecting their cloud environments. In fact, according to a recent Dynatrace study, 77% of chief information security officers (CISOs) say it's a significant challenge to prioritize vulnerabilities because of a lack of information about the risks they pose. This issue underscores the critical role that risk assessment plays in effective vulnerability management.

As organizations modernize their application stacks around cloud-native technologies such as microservices and containers, a best practice is to adopt both shift-left and shift-right strategies. Shifting security left means identifying security vulnerabilities in development through testing, while shifting right means identifying vulnerabilities in production through runtime vulnerability analysis and other methods.

Combining these strategies helps to reduce the time it takes to find vulnerabilities from days or weeks to minutes and enables teams to be more effective in their resolution strategies. By using shift-left and -right strategies, organizations can enhance their overall cybersecurity posture and effectively address vulnerabilities throughout the software development lifecycle.

While the advantages of these practices and DevSecOps are widely recognized, many organizations are still in the initial phases of implementation.

Overcoming the Challenges of Siloed Tools

Siloed vulnerability management tools make it difficult for companies to identify and mitigate risks. Switching between and reconciling the insights from siloed tools also proves to be extremely time-consuming, as it hinders IT teams from gaining a holistic view. According to the Dynatrace study, more than 40% of CISOs say analysis is time-consuming, and managing alerts from different tools is labor-intensive.

Time spent on manual analysis detracts from time spent on innovation and problem resolution. According to the study, each member of development and application security teams spends nearly a third (28%) of their time — or 11 hours each week — on vulnerability management tasks that could be automated. Further, only 33% of CISOs have automated handoffs across functions.

The integration and automation of workflows streamline cross-functional collaboration, enabling faster response times and smoother coordination across teams. Organizations must look to adopt a platform approach to eliminate manual processes and error. In fact, 88% of CISOs say DevSecOps would be more effective if all teams worked from one platform integrated into their process.

Implementing an Approach That Converges Observability and Security

By leveraging observability and security across DevSecOps and integrating application security principles and practices into software development and operations, organizations can deliver software and services at speed without compromising application security. IT leaders need to adopt platform solutions that converge observability and security data and are powered by trusted AI and intelligent automation. Solutions that converge observability and security improve an organization's overall security posture and reduce the risk of cyberattacks, helping companies protect their reputation, minimize manual intervention, and deliver precise answers through explainable, intelligent automation.

Looking Ahead with DevSecOps: The Importance of AI and Automation

According to the study, 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. By adopting AI and automation and using tools that converge observability and security, customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95%, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.

Amit Shah is Director of Product Marketing at Dynatrace
Share this

Industry News

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.