Skip to main content

Cloud-Native Architectures Break Traditional Approaches to Application Security

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.


As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.

Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.

This research reveals:

■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.

■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.

■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.

■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.

■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Additional findings include:

■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.

■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.

■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.

■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.

Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

Hot Topics

The Latest

64% of enterprise networking teams use internally developed software or scripts for network automation, but 61% of those teams spend six or more hours per week debugging and maintaining them, according to From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation and How Vendors Can Help, my latest EMA report ...

Cloud computing has transformed how we build and scale software, but it has also quietly introduced one of the most persistent challenges in modern IT: cost visibility and control ... So why, after more than a decade of cloud adoption, are cloud costs still spiraling out of control? The answer lies not in tooling but in culture ...

CEOs are committed to advancing AI solutions across their organization even as they face challenges from accelerating technology adoption, according to the IBM CEO Study. The survey revealed that executive respondents expect the growth rate of AI investments to more than double in the next two years, and 61% confirm they are actively adopting AI agents today and preparing to implement them at scale ...

Image
IBM

 

A major architectural shift is underway across enterprise networks, according to a new global study from Cisco. As AI assistants, agents, and data-driven workloads reshape how work gets done, they're creating faster, more dynamic, more latency-sensitive, and more complex network traffic. Combined with the ubiquity of connected devices, 24/7 uptime demands, and intensifying security threats, these shifts are driving infrastructure to adapt and evolve ...

Image
Cisco

The development of banking apps was supposed to provide users with convenience, control and piece of mind. However, for thousands of Halifax customers recently, a major mobile outage caused the exact opposite, leaving customers unable to check balances, or pay bills, sparking widespread frustration. This wasn't an isolated incident ... So why are these failures still happening? ...

Cyber threats are growing more sophisticated every day, and at their forefront are zero-day vulnerabilities. These elusive security gaps are exploited before a fix becomes available, making them among the most dangerous threats in today's digital landscape ... This guide will explore what these vulnerabilities are, how they work, why they pose such a significant threat, and how modern organizations can stay protected ...

The prevention of data center outages continues to be a strategic priority for data center owners and operators. Infrastructure equipment has improved, but the complexity of modern architectures and evolving external threats presents new risks that operators must actively manage, according to the Data Center Outage Analysis 2025 from Uptime Institute ...

As observability engineers, we navigate a sea of telemetry daily. We instrument our applications, configure collectors, and build dashboards, all in pursuit of understanding our complex distributed systems. Yet, amidst this flood of data, a critical question often remains unspoken, or at best, answered by gut feeling: "Is our telemetry actually good?" ... We're inviting you to participate in shaping a foundational element for better observability: the Instrumentation Score ...

We're inching ever closer toward a long-held goal: technology infrastructure that is so automated that it can protect itself. But as IT leaders aggressively employ automation across our enterprises, we need to continuously reassess what AI is ready to manage autonomously and what can not yet be trusted to algorithms ...

Much like a traditional factory turns raw materials into finished products, the AI factory turns vast datasets into actionable business outcomes through advanced models, inferences, and automation. From the earliest data inputs to the final token output, this process must be reliable, repeatable, and scalable. That requires industrializing the way AI is developed, deployed, and managed ...

Cloud-Native Architectures Break Traditional Approaches to Application Security

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.


As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.

Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.

This research reveals:

■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.

■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.

■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.

■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.

■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Additional findings include:

■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.

■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.

■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.

■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.

Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

Hot Topics

The Latest

64% of enterprise networking teams use internally developed software or scripts for network automation, but 61% of those teams spend six or more hours per week debugging and maintaining them, according to From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation and How Vendors Can Help, my latest EMA report ...

Cloud computing has transformed how we build and scale software, but it has also quietly introduced one of the most persistent challenges in modern IT: cost visibility and control ... So why, after more than a decade of cloud adoption, are cloud costs still spiraling out of control? The answer lies not in tooling but in culture ...

CEOs are committed to advancing AI solutions across their organization even as they face challenges from accelerating technology adoption, according to the IBM CEO Study. The survey revealed that executive respondents expect the growth rate of AI investments to more than double in the next two years, and 61% confirm they are actively adopting AI agents today and preparing to implement them at scale ...

Image
IBM

 

A major architectural shift is underway across enterprise networks, according to a new global study from Cisco. As AI assistants, agents, and data-driven workloads reshape how work gets done, they're creating faster, more dynamic, more latency-sensitive, and more complex network traffic. Combined with the ubiquity of connected devices, 24/7 uptime demands, and intensifying security threats, these shifts are driving infrastructure to adapt and evolve ...

Image
Cisco

The development of banking apps was supposed to provide users with convenience, control and piece of mind. However, for thousands of Halifax customers recently, a major mobile outage caused the exact opposite, leaving customers unable to check balances, or pay bills, sparking widespread frustration. This wasn't an isolated incident ... So why are these failures still happening? ...

Cyber threats are growing more sophisticated every day, and at their forefront are zero-day vulnerabilities. These elusive security gaps are exploited before a fix becomes available, making them among the most dangerous threats in today's digital landscape ... This guide will explore what these vulnerabilities are, how they work, why they pose such a significant threat, and how modern organizations can stay protected ...

The prevention of data center outages continues to be a strategic priority for data center owners and operators. Infrastructure equipment has improved, but the complexity of modern architectures and evolving external threats presents new risks that operators must actively manage, according to the Data Center Outage Analysis 2025 from Uptime Institute ...

As observability engineers, we navigate a sea of telemetry daily. We instrument our applications, configure collectors, and build dashboards, all in pursuit of understanding our complex distributed systems. Yet, amidst this flood of data, a critical question often remains unspoken, or at best, answered by gut feeling: "Is our telemetry actually good?" ... We're inviting you to participate in shaping a foundational element for better observability: the Instrumentation Score ...

We're inching ever closer toward a long-held goal: technology infrastructure that is so automated that it can protect itself. But as IT leaders aggressively employ automation across our enterprises, we need to continuously reassess what AI is ready to manage autonomously and what can not yet be trusted to algorithms ...

Much like a traditional factory turns raw materials into finished products, the AI factory turns vast datasets into actionable business outcomes through advanced models, inferences, and automation. From the earliest data inputs to the final token output, this process must be reliable, repeatable, and scalable. That requires industrializing the way AI is developed, deployed, and managed ...