Security and risk compliance: Still the most important part of IT strategy

Security practice is the number one priority for IT teams, with a clear majority (59%) reporting deficiencies in the controls, that should ensure data processing and storage systems adhere to security policies; while over a quarter (27%) pointing to a lack of relevant skills as inhibiting quality assurance in the evolving Testing environment, according to Capgemini.

security and risk compliance

The report further highlights insufficient progress in test data and test environments management (TDM and TEM) as challenges continue to escalate for organizations: 60% of respondents this year said the greatest test environment roadblock they face is cost. This figure is up from 39% just two years ago.

Security remains essential, with new issues to address

The report revealed challenges and opportunities when it comes to security; on the upside, 58% reported they now undertake security testing in cloud environments, up from 42% in 2015.

While 53% also reported that Test Automation has reduced the overall security risk to their organization. However, 44% of respondents have highlighted “enhance security” as the most important IT priority this year.

Furthermore, among technical issues in current applications development, challenges with security validation is cited by 52% of the respondents.

Automation is making a difference, but brings challenges

Test automation (TA), a steadily growing trend over recent years, has delivered benefits including improved control and transparency of test activities (cited by 63%), better detection of defects (56%), and reduction of test costs (56%) and cycle time (54%).

However, this year’s survey indicates how TA is increasingly a full-lifecycle need and that this development is leading to gaps: when asked about the technical challenges they face in developing applications, 63% noted a ‘lack of end-to-end automation from build to deployment’, up from 55% in last year’s survey.

Greater use of automation and artificial intelligence are also revealing a skills gap in some organizations. 41% identified a ‘lack of proper skills for QA & Testing’ as a technical challenge.

While 58% of organizations surveyed have brought in external AI expertise, either because it’s not part of their core business, (23%), they needed AI knowledge fast (24%) or it was a requirement for a limited amount of time only (11%).

Lack of alignment between business goals and quality ambitions impedes the rate of agile and DevOps adoption. This year’s survey found that high-level commercial goals increasingly determine the key objectives for testing and quality assurance (QA) within organizations.

The respondents ranked “contribute to business outcomes” and “end user satisfaction” (both at 40%), as the two most crucial Testing and QA objectives for this year.

security and risk compliance

Recommendations for the growth of testing in DevOps environments

The report concludes with a series of recommendations to support organizations in progressing wider agile and DevOps adoption:

  • Build a smart and connected testing eco-system deploying intelligent analytics
  • Expand AI-related skillsets within the test team by onboarding data science, statistics, mathematics, and more
  • Re-imagine test automation as a platform
  • Raise awareness and visibility of test environments; adopt a center of excellence approach for test data management
  • Raise the game on security. Introduce security testing early in the lifecycle — during Design
Share this
You are reading
lock

Security and risk compliance: Still the most important part of IT strategy