Enterprises Sacrifice Cybersecurity for Speed
Major SecOps Reality Gap: 85% of Companies Say Practicing SecOps is a Goal While 35% Actually Do
March 15, 2018

Pete Cheslock
Threat Stack

More than half of companies (52%) admit to cutting back on security measures to meet a business deadline or objective, according to a SecOps research report released by Threat Stack.

As further evidence that companies are sacrificing security for speed, Threat Stack found that 68% of companies say their CEO demands that DevOps and security teams not do anything that slows the business down. But that pressure doesn’t just come from the corner office, as 62% of companies also admit that their operations team pushes back when asked to deploy security technology.


“Businesses have grappled with the ‘Speed or Security’ problem for years, but the emergence of SecOps practices really means that companies can achieve both,” said Brian M. Ahern, Threat Stack Chairman and CEO. “The survey findings show that the vast majority of companies are bought-in, but unfortunately, a major gap exists between the intent of practicing SecOps and the reality of their fast-growing businesses. It’s important that stakeholders across every enterprise prioritize the alignment of DevOps and security.”

The SecOps Reality Gap

The purpose and intent of SecOps is to build towards distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required controls. Survey respondents demonstrated a clear understanding of the importance of SecOps to the overall success of their business, with 85% saying that SecOps is a goal for their organization.

Despite clear intent to implement SecOps, only 35% of respondents say SecOps is completely or mostly an established practice at their organizations, while only 18% say it’s not established at all. These numbers dwindle according to specific job roles: 25% of security professionals believe that SecOps is an established practice at their companies, while only 10% of DevOps professionals agreed.

DevOps and Security Teams Operating in Silos

To help understand the obstacles to implementing SecOps, Threat Stack’s research found that challenges are primarily centered on organizational alignment as DevOps and security teams are not routinely integrated.

■ 44% of developers are not trained in secure coding, and 42% of operations staff are not trained in basic security practices.

■ Only 40% of respondents agree that DevOps are always incorporated into security processes.

■ A security specialist is a part of only 27% of Ops teams and 18% of Dev teams.

■ When respondents were asked whether they have the ability to fix a security-related issue themselves, 44% of DevOps respondents said they rely on someone else vs. 35% of security respondents.

■ 41% of DevOps professionals rated their organizations’ ability to detect and remediate security incidents as “average” vs. 35% of security professionals.

The Cloud Security Consequences

The speed of today’s business is driving companies to capitalize on the business benefits of cloud infrastructure and automation in order to compete. Threat Stack’s survey showed that the lack of SecOps adoption impacts the security of this infrastructure, given that more than half of the participating professionals rated the security of their organizations’ cloud infrastructure and environment as average or worse.

Pete Cheslock is Sr. Director, Ops & Support, at Threat Stack
Share this

Industry News

October 30, 2024

LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.

October 30, 2024

StackHawk launched Oversight to provide security teams with a birds-eye view of their API security program.

October 30, 2024

DataStax announced the enhancement of its GitHub Copilot extension with its AI Platform-as-a-Service (AI PaaS) solution.

October 30, 2024

Opsera partnered with Databricks to empower software and DevOps engineers to deliver software faster, safer and smarter through AI/ML model deployments and schema rollback capabilities.

October 29, 2024

GitHub announced the next evolution of its Copilot-powered developer platform.

October 29, 2024

Crowdbotics released an extension for GitHub Copilot, available now through the GitHub and Azure Marketplaces.

October 28, 2024

Copado has integrated Copado AI into its Community to streamline support and accelerate issues resolution.

October 28, 2024

Mend.io and HeroDevs have forged a new partnership allowing Mend.io to offer HeroDevs support for deprecated packages.

October 28, 2024

Synechron has acquired Cloobees, a Salesforce implementation partner.

October 24, 2024

Opsera announced its AI Code Assistant Insights.

October 24, 2024

Gearset released its latest innovation for Salesforce DevOps: Dev Sandbox Syncing.

October 23, 2024

Treblle announced the release of Treblle 3.0, its AI-enhanced API intelligence platform.

October 23, 2024

WhiteRabbitNeo released a major new version trained on new cybersecurity and threat intelligence data on the Qwen 2.5 family of models, a top performing software engineering model on HumEval.

October 23, 2024

Contrast Security announced the launch of Contrast One™, a new managed Application Security (AppSec) service.