Search form

Upcoming Webinars

Application-Centric Infrastructure Monitoring
February 09, 2023

On-Demand Webinars

What the World's SREs Know: The 2023 SRE Report
Gaining App-Centric Visibility into Your IT Infrastructure
Bridging Visibility Gaps in Your Multi-Cloud Infrastructure
Reduce Your SIEM Costs and Improve MTTR by Over 50%
Reduce Your Cloud Spend on Kubernetes with Pepperdata Capacity Optimizer
Exploring the "AI" in AIOps
Giving Your AIOps a Makeover with Full-Stack Service Map
Observability Trends in 2022: A Look into the Future
Cloud Trends and How Observability Enables Hybrid Cloud and Operational Efficiency
Shift Left for Cloud Cost Control
Composable Analytics for AIOps
Why Cost Control is Essential for your Modern Data Stack
Migrating to the Modern Data Stack
Robotic Data Automation Fabric & AIOps Conference
Modern Strategies for Cloud Cost Optimization
Transform the Performance of Your Hyperscale Distributed Systems
Beyond Observability: Optimizing High-Performance Big Data
BigPanda Resolve 22 Virtual Conference
Automatically Optimize Kubernetes and Improve Container Visibility
Monitoring Spark on Kubernetes: Key Performance Metrics
Drive Better Business Decisions with Optimization and Observability
Reduce Your Cloud Spend with Kubernetes Capacity Optimization
Control Cloud Costs with IT Chargeback
Monitor and Automatically Improve Kubernetes Performance: 5 Best Practices
Tuning Apache Kafka for Optimal Big Data Performance
Take the Interactive Pepperdata Product Tour
Start Optimizing Your Kubernetes Deployment
Getting Started with Kubernetes the Right Way

All Webinars...

Analyst Reports

Honeycomb Named a Leader in the 2022 Gartner® Magic Quadrant™ for APM and Observability
Honeycomb's O'Reilly Book Observability Engineering
ManageEngine Positioned in the Gartner Magic Quadrant for Application Performance Monitoring and Observability
The Modern IT Outage: Costs, Causes and Cures
2022 Gartner Critical Capabilities for APM and Observability
Why Composable Analytics Matter for Multi-Cloud AIOps
Gartner Top Strategic Technology Trends for 2022
Gartner 2022 Market Guide for AIOps Platforms
GigaOm Radar for AIOps
451 Research: The Future of IT Ops is Autonomous

All Analyst Reports...

White Papers

Using Honeycomb to Optimize CI/CD Delivery Pipeline Performance with CircleCI
Best Ways to Map Impact of Application Performance Issues on Business Goals
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
7-Step Guide to IT Cost Reduction in 2023
Essential CDN Monitoring for Digital-First Organizations: The Authoritative Guide
G2 Users Love Pepperdata
Autonomous FinOps for Kubernetes
The Comprehensive Guide to Border Gateway Protocol
2023 SRE Report
Leveraging Observability to Build Better Applications
Data Building Blocks for an Observability Solution
AIOps + DataFabric = A Game-Changer for IT?
AIOps Best Practices for IT Teams and IT Leaders
IT Ops Reporting and Analytics Are Broken
2022 Big Data Kubernetes Survey Results
Pragmatic AIOps: A Buyer’s Guide
A Practical Guide to IT Ops Maturity
AIOps Benchmark Report
Enrichment for Faster Event Correlation and Root Cause Analysis
CIO Dive: How AIOps Cuts Costly Downtime and Supports Teams
Autonomous Operations: How to Intelligently Automate and Scale IT Operations at Global Enterprises
AIOps Brings Calm to Overwhelmed IT Ops Teams
Can AIOps Reduce the Noise?

All White Papers...

Cloud-Native Architectures Break Traditional Approaches to Application Security
June 07, 2021
Share this

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.


As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.

Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.

This research reveals:

■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.

■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.

■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.

■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.

■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Additional findings include:

■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.

■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.

■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.

■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.

Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

Share this

Hot Topics

Cloud
DevOps

The Latest

Avoiding Tool Sprawl in Your Observability Practice
January 26, 2023

As enterprises work to implement or improve their observability practices, tool sprawl is a very real phenomenon ... Tool sprawl can and does happen all across the organization. In this post, though, we'll focus specifically on how and why observability efforts often result in tool sprawl, some of the possible negative consequences of that sprawl, and we'll offer some advice on how to reduce or even avoid sprawl ...

Observability Tools Fall Short
January 25, 2023

As companies generate more data across their network footprints, they need network observability tools to help find meaning in that data for better decision-making and problem solving. It seems many companies believe that adding more tools leads to better and faster insights ... And yet, observability tools aren't meeting many companies' needs. In fact, adding more tools introduces new challenges ...

Engineers Waste 25% of the Work Week on Troubleshooting
January 24, 2023

Driven by the need to create scalable, faster, and more agile systems, businesses are adopting cloud native approaches. But cloud native environments also come with an explosion of data and complexity that makes it harder for businesses to detect and remediate issues before everything comes to a screeching halt. Observability, if done right, can make it easier to mitigate these challenges and remediate incidents before they become major customer-impacting problems ...

Balancing the Rising Costs of Public Cloud
January 23, 2023

The spiraling cost of energy is forcing public cloud providers to raise their prices significantly. A recent report by Canalys predicted that public cloud prices will jump by around 20% in the US and more than 30% in Europe in 2023. These steep price increases will test the conventional wisdom that moving to the cloud is a cheap computing alternative ...

State of Digital Transformation Report: DX Leaders Manage "the Complex" Better
January 19, 2023

Despite strong interest over the past decade, the actual investment in DX has been recent. While 100% of enterprises are now engaged with DX in some way, most (77%) have begun their DX journey within the past two years. And most are early stage, with a fourth (24%) at the discussion stage and half (49%) currently transforming. Only 27% say they have finished their DX efforts ...

Stepping Into the New Network Architecture
January 18, 2023

While most thought that distraction and motivation would be the main contributors to low productivity in a work-from-home environment, many organizations discovered that it was gaps in their IT systems that created some of the most significant challenges ...

FAA Outage: System Downtime Puts an Entire Industry on Hold
January 17, 2023
The US aviation sector was struggling to return to normal following a nationwide ground stop imposed by Federal Aviation Administration (FAA) early Wednesday over a computer issue ...
EMA-APMdigest Podcast - Episode 1
January 13, 2023

APMdigest and leading IT research firm Enterprise Management Associates (EMA) are teaming up on the EMA-APMdigest Podcast, a new podcast focused on the latest technologies impacting IT Operations. In Episode 1, Dan Twing, President and COO of EMA, discusses Observability and Automation with Will Schoeppner, Research Director covering Application Performance Management and Business Intelligence at EMA ...

2023 Cloud Predictions
January 12, 2023

APMdigest is following up our list of 2023 Application Performance Management Predictions with predictions from industry experts about how the cloud will evolve in 2023 ...

Understanding Observability Data's Impact Across an Organization
January 11, 2023

As demand for digital services increases and distributed systems become more complex, organizations must collect and process a growing amount of observability data (logs, metrics, and traces). Site reliability engineers (SREs), developers, and security engineers use observability data to learn how their applications and environments are performing so they can successfully respond to issues and mitigate risk ...