92 percent of enterprises struggle to integrate security into DevOps
A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report.
The study commissioned by application security specialist Checkmarx looks at the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve.
"Today, software is everywhere and the majority of respondents agree that it is integral to most business initiatives, yet there are still many gaps when it comes to securing that software," says Maty Siman, Checkmarx founder and CTO. "Increased software complexity and the need to move at the speed of DevOps is creating a new type of risk in the form of software exposure, and as the results of this report attest, software security also needs to change."
The report finds 96 percent of respondents believe it is 'desirable' or 'highly desirable' for developers to be properly trained on how to produce secure code. As developers take responsibility for the security of their software, respondents believe it is more important to educate developers and empower them than it is to educate other stakeholders in the organization like ops specialists and security specialists. However, 41 percent agree that defining clear ownership and responsibility in relation to software security remains a big challenge, and just 11 percent say they have adequately addressed the need for developer education.
Software security is a boardroom issue according to 57 percent of respondents, it's a matter of business risk. Yet an identical percentage strongly agree or agree with the statement that software security is now a software issue. In order to ensure better software security, developers and security teams need support from their executive teams, but 45 percent find it challenging to get senior management to approve funding for security training. In addition 44 percent say executives don't care about how quickly, frequently and safely developers deliver software, they just want them to do it.
Almost 100 percent agree that developers, testers, security specialists and ops staff need to work together. Yet 72 percent of respondents say that different teams and disciplines within IT are still too often reluctant to trust each other.
You can read more about the findings on the Checkmarx blog.