Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
The enduring approach to DevOps, ITOps, and security (SecOps) has exposed foundational cracks in the operational structure of digital businesses. The specialized organizations created to support innovation, IT performance, and the protection of business-critical infrastructure — DevOps, ITOps and security teams — are too often fragmented to the point that they create security vulnerabilities that represent significant potential business damage. Modern IT environments demand a cohesive approach comprising these most crucial teams, an approach we describe as XOps.
Unaddressed cyber hygiene is the leading cause of data loss and compromised digital business systems. A serious lapse has the potential to inflict damage to a businesses’ reputation, employees and customers. It can force substantial fines, restitution payments, IT expenses, competitive disadvantage and catastrophic business disruption.
There is a growing tension between the tasks, tempo and tools of security professionals and ITOps and DevOps teams. It's not that there isn’t an interest in organization-wide protection, it's simply not the domain of these teams. Infrastructure reliability, agility, innovation and speed to market have become at odds with security. This is a self-defeating dynamic that has had an unfortunate impact on many businesses.
To figure out where these breakdowns are most common and how different teams address them, SaltStack commissioned an independent market research firm to conduct a survey that examined the level of collaboration and communication between IT and security teams and how it impacts infrastructure security. We did this shortly before the COVID-19 outbreak became a pandemic but the recent global events and subsequent digital surge have put an even greater emphasis on the need to align ITOps, DevOps and security in support of holistic business protection.
The key findings in The State of XOps Report, Q2 2020 — Successful SecOps Teams Automate and Align provide insight into why IT security operations teams are falling short too often and how they are working together to fix it. The survey revealed that organizations using software to help IT and security alignment are three times more confident in the effectiveness of their information security efforts.
However, despite the obvious security benefits of improving team alignment, only 54 percent of security leaders say they communicate effectively with IT professionals, while only 45 percent of IT professionals agree. This apparent gap in communication was particularly prevalent among respondents working in the financial services vertical where large enterprise teams struggle to collaborate and communicate to secure digital infrastructure.
The reality is that to be truly secure, security must be a shared responsibility, starting with the development team developing secure code and applications, and continuing with the IT operations team building secure underlying infrastructure. Security teams then must either advocate security across these functions or rely on other teams to help the cause.
The reason we used XOps as an umbrella term to refer to generalized operations of IT disciplines and responsibilities, including development and security, is because organizations must focus on converging these areas of IT. Development, security, networking and cloud operations must be integrated with and supported by IT operations to be efficiently maintained, secure and reliable.
The importance of the security function, which includes regulatory compliance, cannot be underestimated or treated secondary to the functions of development and IT operations. This is even more true now that countless organizations have embraced remote and work from home policies and must mitigate the sprawl of IT assets and connectivity as a result. Factor in the recent enactment of personal privacy laws, like California's CCPA, HIPAA and PCI-DSS and Europe's GDPR, and we recognize an even stronger need for the shared approach.
The survey findings offer additional insight into communication breakdowns and how teams are working together to fix them. In companies where software is used to help IT and security teams collaborate, managers are four times more likely to say their IT and security teams communicate effectively on important tasks. Moreover, these same organizations are eight times more likely to say their IT and security teams work together, not just communicate, effectively to secure infrastructure.
But the survey also revealed two areas of undeniable alignment between security and IT professionals:
■ 70 percent of both security and IT managers say their company sacrifices data security for faster innovation.
■ Both security and IT managers reported that data protection should be prioritized over innovation, speed to market and cost.
Even though both IT and security teams agree that security is more important than innovation, we’re seeing the impact of rapid innovation with lagging security, which increases the likelihood that infrastructure misconfiguration and known vulnerabilities will open the door to risks and threats. An exploited vulnerability can lead to customer and revenue loss, regulatory violations, and diminished brand trust, which were some of the most-concerning consequences of a breach according to the survey respondents. There should be a real fear that a security exploit combined with pandemic-induced economic headwinds could be a double black swan scenario that kills a company.
Survey respondents estimated that a major data breach would cost their company roughly $707,000, on average. Security leaders pointed to a skills and talent shortage, followed by misconfigured infrastructure and unaddressed vulnerabilities, as the top contributors to risk. IT managers, on the other hand, suggested that the highest risk stems from unintentional employee leaks and endpoint attacks.
Security leaders have a point. Recent breaches point to system misconfiguration and known, unpatched vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases, as the most common cause of data exposure and successful exploits. This also naturally speaks to the security skills gap prevalent in the industry.
Simply, DevOps, ITOps and security teams need force multipliers in order to secure digital infrastructure at scale. For many organizations, this can be found in the form of IT and security automation. Using automation to promote collaboration and security mindedness and to arm teams with capabilities can help overcome skills gaps, mitigate known and unknown threats and establish hardened, resilient environments that businesses can rely on in times of stress.
Industry News
Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.
Securiti announced a new solution - Security for AI Copilots in SaaS apps.
Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.