Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro.
In an effort to better understand the DevOps culture, Trend Micro commissioned Vanson Bourne to poll 1,310 IT decision makers in SMB and enterprise organizations across the globe about their organizational culture.
“It’s no secret that developers and security teams have a history of butting heads,” said Steve Quane, executive vice president of network defense and hybrid cloud security for Trend Micro. “We want to help businesses breakdown those barriers by providing technology and solutions that work for developers, IT and security teams. To do that best, we have to understand how the DevOps community and IT security teams collaborate – so we asked them for input directly. Understanding their goals will help us continue to provide solutions that help them do their jobs, and help the end results be secure.”
DevOps is a bigger priority today than a year ago for 79% of companies, but 34% admitted security teams are not always consulted in project plans. This is despite 94% of respondents stating that they have encountered security risks when implementing projects.
This challenge is also highlighted in newly published research from ESG, also commissioned by Trend Micro along with other cybersecurity vendors, which states that only 20% of cloud-native application security product purchases for DevOps projects are actually made by IT security teams. To tackle the issue, ESG found that 68% of organizations have, or plan to have, a centralized team to handle DevOps security.
ESG’s survey found only 30% of organizations include a member of their cybersecurity team from the beginning of their software development process.