The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.
As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.
Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.
This research reveals:
■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.
■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.
■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.
■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.
■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.
"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."
Additional findings include:
■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.
■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.
■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.
■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.
■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.
■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.
"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.
Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.
The Latest
Gartner has highlighted the top trends that will impact technology providers in 2024: Generative AI (GenAI) is dominating the technical and product agenda of nearly every tech provider ...
In MEAN TIME TO INSIGHT Episode 4 - Part 1, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) discusses artificial intelligence and network management ...
The integration and maintenance of AI-enabled Software as a Service (SaaS) applications have emerged as pivotal points in enterprise AI implementation strategies, offering both significant challenges and promising benefits. Despite the enthusiasm surrounding AI's potential impact, the reality of its implementation presents hurdles. Currently, over 90% of enterprises are grappling with limitations in integrating AI into their tech stack ...
In the intricate landscape of IT infrastructure, one critical component often relegated to the back burner is Active Directory (AD) forest recovery — an oversight with costly consequences ...
eBPF is a technology that allows users to run custom programs inside the Linux kernel, which changes the behavior of the kernel and makes execution up to 10x faster(link is external) and more efficient for key parts of what makes our computing lives work. That includes observability, networking and security ...
Data mesh, an increasingly important decentralized approach to data architecture and organizational design, focuses on treating data as a product, emphasizing domain-oriented data ownership, self-service tools and federated governance. The 2024 State of the Data Lakehouse report from Dremio presents evidence of the growing adoption of data mesh architectures in enterprises ... The report highlights that the drive towards data mesh is increasingly becoming a business strategy to enhance agility and speed in problem-solving and innovation ...
Too much traffic can crash a website ... That stampede of traffic is even more horrifying when it's part of a malicious denial of service attack ... These attacks are becoming more common, more sophisticated and increasingly tied to ransomware-style demands. So it's no wonder that the threat of DDoS remains one of the many things that keep IT and marketing leaders up at night ...
Today, applications serve as the backbone of businesses, and therefore, ensuring optimal performance has never been more critical. This is where application performance monitoring (APM) emerges as an indispensable tool, empowering organizations to safeguard their applications proactively, match user expectations, and drive growth. But APM is not without its challenges. Choosing to implement APM is a path that's not easily realized, even if it offers great benefits. This blog deals with the potential hurdles that may manifest when you actualize your APM strategy in your IT application environment ...
This year's Super Bowl drew in viewership of nearly 124 million viewers and made history as the most-watched live broadcast event since the 1969 moon landing. To support this spike in viewership, streaming companies like YouTube TV, Hulu and Paramount+ began preparing their IT infrastructure months in advance to ensure an exceptional viewer experience without outages or major interruptions. New Relic conducted a survey to understand the importance of a seamless viewing experience and the impact of outages during major streaming events such as the Super Bowl ...