Cloud-Native Architectures Break Traditional Approaches to Application Security
June 07, 2021
Share this

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.


As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.

Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.

This research reveals:

■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.

■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.

■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.

■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.

■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Additional findings include:

■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.

■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.

■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.

■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.

Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

Share this

The Latest

September 23, 2021

The Internet played a greater role than ever in supporting enterprise productivity over the past year-plus, as newly remote workers logged onto the job via residential links that, it turns out, left much to be desired in terms of enabling work ...

September 22, 2021

The world's appetite for cloud services has increased but now, more than 18 months since the beginning of the pandemic, organizations are assessing their cloud spend and trying to better understand the IT investments that were made under pressure. This is a huge challenge in and of itself, with the added complexity of embracing hybrid work ...

September 21, 2021

After a year of unprecedented challenges and change, tech pros responding to this year’s survey, IT Pro Day 2021 survey: Bring IT On from SolarWinds, report a positive perception of their roles and say they look forward to what lies ahead ...

September 20, 2021

One of the key performance indicators for IT Ops is MTTR (Mean-Time-To-Resolution). MTTR essentially measures the length of your incident management lifecycle: from detection; through assignment, triage and investigation; to remediation and resolution. IT Ops teams strive to shorten their incident management lifecycle and lower their MTTR, to meet their SLAs and maintain healthy infrastructures and services. But that's often easier said than done, with incident triage being a key factor in that challenge ...

September 16, 2021

Achieve more with less. How many of you feel that pressure — or, even worse, hear those words — trickle down from leadership? The reality is that overworked and under-resourced IT departments will only lead to chronic errors, missed deadlines and service assurance failures. After all, we're only human. So what are overburdened IT departments to do? Reduce the human factor. In a word: automate ...

September 15, 2021

On average, data innovators release twice as many products and increase employee productivity at double the rate of organizations with less mature data strategies, according to the State of Data Innovation report from Splunk ...

September 14, 2021

While 90% of respondents believe observability is important and strategic to their business — and 94% believe it to be strategic to their role — just 26% noted mature observability practices within their business, according to the 2021 Observability Forecast ...

September 13, 2021

Let's explore a few of the most prominent app success indicators and how app engineers can shift their development strategy to better meet the needs of today's app users ...

September 09, 2021

Business enterprises aiming at digital transformation or IT companies developing new software applications face challenges in developing eye-catching, robust, fast-loading, mobile-friendly, content-rich, and user-friendly software. However, with increased pressure to reduce costs and save time, business enterprises often give a short shrift to performance testing services ...

September 08, 2021

DevOps, SRE and other operations teams use observability solutions with AIOps to ingest and normalize data to get visibility into tech stacks from a centralized system, reduce noise and understand the data's context for quicker mean time to recovery (MTTR). With AI using these processes to produce actionable insights, teams are free to spend more time innovating and providing superior service assurance. Let's explore AI's role in ingestion and normalization, and then dive into correlation and deduplication too ...