Search form

Upcoming Webinars

Spark Performance Tuning on Kubernetes Best Practices - Part 2
September 28, 2021
How to Get Started with OpenTelemetry
October 07, 2021
Managing Big Data Analytics in the Cloud – Are You Ready?
October 12, 2021
Getting Started with Kubernetes the Right Way
October 19, 2021
Improve Big Data Performance on Dataproc: Best Practices
October 26, 2021

On-Demand Webinars

Eliminate Waste and Lower Cloud Costs for GPU Accelerated Big Data Applications
5 Rs: Which Strategy Is Right For Your Application Modernization & Migration to Google Cloud?
Big Data Cloud Automation: Navigating Through the Noise of Recommendations
Cross-Domain Enrichment for AIOps: the Linchpin or a Landmine?
How to Use Digital Experience Monitoring to Improve Core Web Vitals
Cloud Performance Benchmarking: How Is Your Performance?
Optimize Spark Performance on Kubernetes
When Cloud Costs Run Amok: Big Data Architect's Worst Nightmare?
Presto Performance Best Practices: Get Visibility Into Your Presto Queries
The State of Observability 2021
Drive Performance on Amazon EMR with Managed Autoscaling
Big Data Self-Service Performance Analytics: Best Practices
Kafka Performance: Best Practices for Monitoring and Improving
Fix Spark Performance Issues Without Thinking Too Hard
Isolating Issues and Improving User-Experience Across Your Full Stack
SplunkLive! Americas
How Splunk uses Splunk Observability to Monitor Cloud Apps
Splunk Momentum: Infrastructure
Managing Big Data Analytics in the Cloud–Are You Ready?
The Future of Big Data: A Perspective from IT Leaders Transforming IT Ops
Controlling Cost and Complexity in the Cloud with Managed Autoscaling
Optimize Spark Performance on Kubernetes
Best Practices for Spark Performance Management
Scaling Kubernetes with Splunk and AWS
Leveraging Application Observability to Simplify Cloud Migration
Simplify Kubernetes Performance Management with End-to-End Visibility
12 Immutable Rules for Observability
RESOLVE '21 Virtual Conference
2021 IT Ops Predictions
Taking the Risk Out of Innovation - How to Move Fast Without Breaking

All Webinars...

Analyst Reports

IDC Worldwide IT Operations Analytics Software Market Shares, 2020
Omdia Universe: Selecting an AIOps Solution, 2021–22
Gartner 2021 Magic Quadrant for Application Performance Monitoring
Gartner 2021 Market Guide for AIOps Platforms
GigaOm Radar for Cloud Observability, 2021
IDG 2020 ITOps Report
Gartner Report: Use AIOps for a Data-Driven Approach to Improve Insights from ITOps Monitoring Tools
451 Research: IT Monitoring Meltdown
GigaOm Radar for AIOps
Aberdeen Research Report: APM Redefined - Face DevOps Challenges Head-On
451 Research: The Future of IT Ops is Autonomous

All Analyst Reports...

White Papers

APIs in Action
How to Correctly Frame and Calculate Latency SLOs
How to Optimize Digital Experience with Service-Level Objectives
The State of Observability 2021
The 2021 Kubernetes & Big Data Report
Improve Performance with Real Insight Into How Queries are Executing
Spark on Hadoop: A Quick Guide
Big Data Cloud Technology Report 2021
Infrastructure Monitoring 101: The Power to Predict and Prevent
The 5 Foundational DevOps Practices
Get Your Cloud & Hybrid Migration Strategy Right in Government
Scalability in Cloud Computing
AI and Machine Learning in Your Organization
Making Sense of Digital Experience Monitoring Solutions
APIs in Action: A Guide to Monitoring APIs for Performance
Six Cloud Strategy Pitfalls and How to Avoid Them
5 Things to Consider When Choosing an APM Tool
The Guide to Modern APM
Splunk Predictions 2021: Executive Report
Fast-Track Your Multicloud Monitoring Initiative
The Essential Guide to Container Monitoring
The Data Age Is Here. Are You Ready?
CIO Dive: How AIOps Cuts Costly Downtime and Supports Teams
Autonomous Operations: How to Intelligently Automate and Scale IT Operations at Global Enterprises
AIOps Brings Calm to Overwhelmed IT Ops Teams
Can AIOps Reduce the Noise?

All White Papers...

Cloud-Native Architectures Break Traditional Approaches to Application Security
June 07, 2021
Share this

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to Precise, automatic risk and impact assessment is key for DevSecOps, a new report from Dynatrace, based on an independent global survey of 700 CISOs.


As organizations shift more responsibility "left" to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production.

Organizations are calling for a new approach that is optimized for multicloud environments, Kubernetes, and DevSecOps.

This research reveals:

■ 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.

■ 97% of organizations do not have real-time visibility into runtime vulnerabilities in containerized production environments.

■ Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.

■ 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today's cloud-native world.

■ 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

"The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security," said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. "This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Additional findings include:

■ On average, organizations need to react to 2,169 new alerts of potential application security vulnerabilities each month.

■ 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.

■ 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

■ 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.

■ 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

■ 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," continued Greifeneder.

Methodology: The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021. The sample included 200 respondents in the US, 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

Share this

Hot Topics

Cloud
DevOps

The Latest

Better Connections Required for the Future of Work
September 23, 2021

The Internet played a greater role than ever in supporting enterprise productivity over the past year-plus, as newly remote workers logged onto the job via residential links that, it turns out, left much to be desired in terms of enabling work ...

Hybrid Work Is Here to Stay, Bringing Its Own Mix of Complexities for IT
September 22, 2021

The world's appetite for cloud services has increased but now, more than 18 months since the beginning of the pandemic, organizations are assessing their cloud spend and trying to better understand the IT investments that were made under pressure. This is a huge challenge in and of itself, with the added complexity of embracing hybrid work ...

IT Pro Day: Tech Pros Motivated to Take on New Challenges and Expand Responsibilities
September 21, 2021

After a year of unprecedented challenges and change, tech pros responding to this year’s survey, IT Pro Day 2021 survey: Bring IT On from SolarWinds, report a positive perception of their roles and say they look forward to what lies ahead ...

Why Incident Triage is a Key Element in Your MTTR
September 20, 2021

One of the key performance indicators for IT Ops is MTTR (Mean-Time-To-Resolution). MTTR essentially measures the length of your incident management lifecycle: from detection; through assignment, triage and investigation; to remediation and resolution. IT Ops teams strive to shorten their incident management lifecycle and lower their MTTR, to meet their SLAs and maintain healthy infrastructures and services. But that's often easier said than done, with incident triage being a key factor in that challenge ...

The IT Automation Toolbox: What's Needed?
September 16, 2021

Achieve more with less. How many of you feel that pressure — or, even worse, hear those words — trickle down from leadership? The reality is that overworked and under-resourced IT departments will only lead to chronic errors, missed deadlines and service assurance failures. After all, we're only human. So what are overburdened IT departments to do? Reduce the human factor. In a word: automate ...

Organizations with Mature Data Practices Innovate Twice as Fast
September 15, 2021

On average, data innovators release twice as many products and increase employee productivity at double the rate of organizations with less mature data strategies, according to the State of Data Innovation report from Splunk ...

Observability is Mission Critical
September 14, 2021

While 90% of respondents believe observability is important and strategic to their business — and 94% believe it to be strategic to their role — just 26% noted mature observability practices within their business, according to the 2021 Observability Forecast ...

Apps That Crash? How App Stability Impacts User Experience and Affects a Business's Bottom Line
September 13, 2021

Let's explore a few of the most prominent app success indicators and how app engineers can shift their development strategy to better meet the needs of today's app users ...

Efficient Load and Performance Testing is Business-Critical - Know Why?
September 09, 2021

Business enterprises aiming at digital transformation or IT companies developing new software applications face challenges in developing eye-catching, robust, fast-loading, mobile-friendly, content-rich, and user-friendly software. However, with increased pressure to reduce costs and save time, business enterprises often give a short shrift to performance testing services ...

How Observability Helps Ingest and Normalize Data for DevOps Engineers
September 08, 2021

DevOps, SRE and other operations teams use observability solutions with AIOps to ingest and normalize data to get visibility into tech stacks from a centralized system, reduce noise and understand the data's context for quicker mean time to recovery (MTTR). With AI using these processes to produce actionable insights, teams are free to spend more time innovating and providing superior service assurance. Let's explore AI's role in ingestion and normalization, and then dive into correlation and deduplication too ...