Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
From DevOps to DevSecOps: The Impact of Container Security on Organizational Culture
August 14, 2019
The fast-moving nature of container and Kubernetes adoption is having a ripple effect throughout organizations. Not only is the adoption of cloud native technologies fueling digital transformation — especially in the areas of operations and service delivery — it's also forcing organizations to rethink how they structure their business units to accommodate the demands of rapid iteration, agile development, and increasingly critical security standards.
In the fall of 2018, StackRox surveyed a number of IT professionals across a range of industries to understand the state of the container and Kubernetes security within their organizations and how the cloud-native stack is shaping security strategies, operations and IT culture. Just six months later, we updated the survey, and the results highlight a number of organizational changes driven by the quick maturation of container and Kubernetes adoption.
We found that, despite rapid container adoption, organizations are still struggling to secure containers. Although respondents reported a staggering uptick in Kubernetes deployments in the last six months — a 51 percent increase — they also reported escalating concerns about container security investments and lack of strategic planning. On the surface, this data might seem alarming, but ultimately it reveals that organizations are thinking more comprehensively about their use of containers, the importance of containerized applications in their business and the role that security plays in maintaining operations.
These same adoption trends are also shaping how businesses are cultivating their IT teams. With the continued growth of containerization, respondents are reporting that the DevSecOps role is taking on increasing prominence in managing container security. Across all operations roles, the allocation of management responsibility by role has remained consistent, but the jump in those citing DevSecOps as the responsible operator for container security is significant. This increase came despite 38% of respondents identifying their role as product development/engineering. We saw an even larger jump in the allocation of responsibility to DevSecOps when we isolated responses to just those who are in a security or compliance role. Among those respondents, 42% view DevSecOps as the right organization to run container security platforms.
These results indicate that security professionals are finding increasing value in designating the specific role of DevSecOps and its responsibility in running containers security platforms. More importantly, however, we see that containers and Kubernetes have the power to unify what used to be very separate disciplines. The opportunity to create "security as code" is powerful with the cloud-native stack, but it requires workflows, processes, and security tooling that creates and enables that integration across groups.
Ultimately, it's clear that organizations are potentially putting the operational benefits of agility and flexibility at risk by not ensuring their cloud-native assets are built, deployed, and running securely. The right security tooling is critical to continue to bridge the gap between DevOps and security teams in order for security to be effective. Moreover, the continued effort to "shift left" with security, propelling the DevSecOps movement, underscores the importance of having security that's built in, not bolted on, for these cloud-native applications and environments.
Industry News
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
April 09, 2025
Veracode has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix.
April 09, 2025
Zesty announced that its automated Kubernetes optimization platform, Kompass, now includes full pod scaling capabilities, with the addition of Vertical Pod Autoscaler (VPA) alongside the existing Horizontal Pod Autoscaler (HPA).
April 08, 2025
Check Point® Software Technologies Ltd.(link is external) has emerged as a leading player in Attack Surface Management (ASM) with its acquisition of Cyberint, as highlighted in the recent GigaOm Radar report.
April 08, 2025
GitHub announced the general availability of security campaigns with Copilot Autofix to help security and developer teams rapidly reduce security debt across their entire codebase.
April 08, 2025
DX and Spotify announced a partnership to help engineering organizations achieve higher returns on investment and business impact from their Spotify Portal for Backstage implementation.
April 07, 2025
Appfire announced its launch of the Appfire Cloud Advantage Alliance.
April 07, 2025
Salt Security announced API integrations with the CrowdStrike Falcon® platform to enhance and accelerate API discovery, posture governance and threat protection.
April 07, 2025
Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.
April 03, 2025
StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.
