Sad but true: Over 50 percent of companies admit to cutting back on security measures to meet a business deadline or objective, a new survey found.
With companies thinking security and business speed are an either or situation instead of demanding both, enterprises will remain insecure.
Based on a survey of over 200 senior-level operations and security professionals, research from Threat Stack explored how companies have united security principles and standards within DevOps practices.
As further evidence companies are sacrificing security for speed, researchers found 68 percent of companies say their chief executive demands DevOps and security teams not do anything that slows the business down.
In addition, 62 percent of companies also admit their operations team pushes back when asked to deploy security technology.
“Businesses have grappled with the ‘Speed or Security’ problem for years but the emergence of SecOps practices really means that companies can achieve both,” said Brian Ahern, Threat Stack chairman and chief executive. “The survey findings show that the vast majority of companies are bought-in, but unfortunately, a major gap exists between intent of practicing SecOps and the reality of their fast-growing businesses. It’s important that stakeholders across every enterprise prioritize the alignment of DevOps and security.”
Survey respondents demonstrated a clear understanding of the importance of SecOps to the overall success of their business, with 85 percent of respondents saying SecOps is a goal for their organization.
Despite clear intent to implement SecOps, only 35 percent of respondents say SecOps is completely or mostly an established practice at their organizations, while only 18 percent say it’s not established at all.
To help understand the obstacles to implementing SecOps, Threat Stack’s research found challenges center on organizational alignment as DevOps and security teams are not routinely integrated:
• 42 percent of developers are not trained in secure coding, and 42 percent of operations staff are not trained in basic security practices.
• 40 percent of respondents agree DevOps are always incorporated into security processes.
• A security specialist is a part of 27 percent of Ops teams and 18 percent of Dev teams.
• When respondents were asked if they have the ability to fix a security-related issue themselves, 44 percent of DevOps respondents said they rely on someone else versus 35 percent of security respondents.
• 41 percent of DevOps professionals rated their organizations’ ability to detect and remediate security incidents as “average” versus 35 percent of security professionals.
Click here for more information.