Over half of enterprises willing to sacrifice security for speed
A new survey reveals that 52 percent of companies admit to cutting back on security measures to meet a business deadline or objective.
The report into SecOps (Security Operations) from intrusion detection company Threat Stack also reveals that 68 percent of companies say their CEO demands that DevOps and security teams don’t do anything that slows the business down.
This pressure comes from lower down the business pyramid too, with 62 percent of companies also admitting their operations team pushes back when asked to deploy security technology.
"Businesses have grappled with the 'Speed or Security' problem for years but the emergence of SecOps practices really means that companies can achieve both," says Brian M Ahern, Threat Stack chairman and CEO. "The survey findings show that the vast majority of companies are bought-in, but, unfortunately, a major gap exists between intent of practicing SecOps and the reality of their fast-growing businesses. It's important that stakeholders across every enterprise prioritize the alignment of DevOps and security."
Survey respondents show a clear understanding of SecOps' importance to the overall success of their business, with 85 percent of respondents saying SecOps is a goal for their organization. But despite a clear intent to implement SecOps, only 35 percent of respondents say it's completely or mostly an established practice at their organizations, while only 18 percent say it's not established at all.
These numbers vary with specific job roles, with 25 percent of security professionals believing that SecOps is an established practice at their companies while only 10 percent of DevOps professionals agree.
DevOps and security teams are not routinely integrated either. Some 44 percent of developers are not trained in secure coding, and 42 percent of operations staff are not trained in basic security practices. Only 40 percent of respondents agree that DevOps are always incorporated into security processes, and a security specialist is a part of only 27 percent of ops teams and just 18 percent of dev teams.
You can read more about the findings in the full report which is available from the Threat Stack website.