As companies shift towards hybrid and multicloud environments, CISOs have expressed concerns over keeping their software and data secure.
According to research by Dynatrace, the continued use of siloed tools for development, delivery and security tasks is hindering the maturity of DevSecOps adoption.
Findings from the research also include:
- More than two-thirds (68%) of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.
- 50% of CISOs are fully confident that the software delivered by development teams has been completely tested for vulnerabilities before going live in production environments.
- 77% of CISOs say it’s a significant challenge to prioritize vulnerabilities because they lack information about the risk these vulnerabilities pose to their environment.
- 58% of the vulnerability alerts that security scanners alone flag as “critical” are not important in production, wasting valuable development time chasing down false positives.
- On average, each member of development and application security teams spends nearly a third (28%) of their time — or 11 hours each week — on vulnerability management tasks that could be automated.
- 75% of CISOs say the prevalence of team silos and point solutions throughout the DevSecOps lifecycle makes it easier for vulnerabilities to slip into production.
- 81% of CISOs say they will see more vulnerability exploits if they can’t make DevSecOps work more effectively; however, 12% of organizations have a mature DevSecOps culture.
- 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges.
- 76% of CISOs say the time it takes between the discovery of zero-day attacks and their ability to patch every instance is a significant challenge to minimizing risk.