Divide between developer and security teams widens
Over half of developers surveyed (52.4 percent) say they feel that security policies stifle their innovation, and only 22 percent strongly agree that they understand which security policies they are expected to comply with.
Just one in three (38.4 percent) of developers report that they are thoroughly educated on the security procedures they are expected to execute.
Interestingly, 45.1 percent of development respondents say they are in security planning, but only 37.8 percent of security respondents say they involve development teams, which suggests developers are even less involved in security strategy planning than they think they are.
While 73 percent of respondents agree that their senior leadership focuses more on strengthening the relationship between development and security than it did two years ago, relationships are still strained. In fact, one in three (34 percent) decision makers report that their organizations' teams are not effectively collaborating.
"Our research shows that security needs a perception shift," says Rick McElroy, principal cybersecurity strategist at VMware. "Rather than be seen as the team that only swoops in to fix breaches and leaks, or who 'gets in the way' of innovation, security should be embedded across people, processes, and technologies. Security needs to be a team sport that works alongside IT and developers to ensure protection across clouds, apps and all digital infrastructure. We have to develop a culture where all teams have shared interests and common goals or metrics, and where they speak one language. There's overwhelming value to the business when IT, security, and developers are all part of the decision making, design, and execution."
Looking to the future 53 percent of respondents expect their security and development teams to be unified within three years. Also 42 percent expect security to become more embedded in the development process in that same period. There's recognition too that cross-team alignment helps businesses to reduce team silos (71 percent), create more secure applications (70 percent) and increase agility to adopt new workflows & technologies (66 percent).
The full report is available from the VMWare site.