Many firms shortchange security in DevOps projects, much to their own peril
Organizational silos and the lack of security involvement in DevOps projects are creating unnecessary security risks for global businesses, according to a report by cyber security provider Trend Micro.
The company commissioned research firm Vanson Bourne to survey 1,310 IT decision makers in worldwide about their organizational culture, and found that 72 percent said a lack of cyber security involvement in DevOps projects was creating risk for companies.
DevOps is a bigger priority today than a year ago for 79 percent of those surveyed. But 34 percent admitted security teams are not always consulted in project plans. This is despite the fact that 94 percent of respondents said they have encountered security risks when implementing projects.
This challenge is also highlighted in new research from ESG , also commissioned by Trend Micro along with other cyber security vendors, that said only 20 percent of cloud-native application security product purchases for DevOps projects are actually made by IT security teams.
To tackle the issue, a majority of organizations have, or plan to have, a centralized team to handle DevOps security. The ESG report found that a minority of organizations include a member of their cyber security team from the beginning of their software development process.