|
oftware intelligence company ,
S Dynatrace , has announced the findings of an independent global survey of 700 CISOs , which reveals the rising adoption of cloudnative architectures , DevOps and agile methodologies has broken traditional approaches to application security .
As organisations shift more responsibility ‘ left ’ to developers to accelerate innovation , increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts , many of which are false positives reflecting vulnerabilities in libraries that are not used in production . Organisations are calling for a new approach that is optimised for multi-cloud environments , Kubernetes and DevSecOps .
This research reveals :
• 89 % of CISOs say microservices , containers and Kubernetes have created application security blind spots
• 97 % of organisations do not have real-time visibility into runtime vulnerabilities in containerised production environments
• Nearly two-thirds ( 63 %) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities
|
• 74 % of CISOs say traditional security controls such as vulnerability scanners no longer fit today ’ s cloud-native world
• 71 % of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production
“ The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security ,” said Bernd Greifeneder , Founder and Chief Technology Officer at Dynatrace .
“ This research confirms what we ’ ve long anticipated : manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today ’ s dynamic cloud environments and rapid innovation cycles .
“ Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies , runtime dynamics , continuous delivery and polyglot software development which uses an ever-growing number of third-party technologies .
“ Already stretched teams are forced to choose between speed and security , exposing their organisations to unnecessary risk .”
Additional findings include :
• On average , organisations need to react to 2,169 new alerts of potential application security vulnerabilities each month
• 77 % of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures
|
• 68 % of CISOs say the volume of alerts makes it very difficult to prioritise vulnerabilities based on risk and impact
• 64 % of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production
• 77 % of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment , configuration and management with automated approaches
• 28 % of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery
|
“ As organisations embrace DevSecOps , they also need to give their teams solutions that offer automatic , continuous and real-time risk and impact analysis for every vulnerability , across both pre-production and production environments , and not based on point-in-time ‘ snapshots ’,” said Greifeneder .
“ With the Application Security Module on the Dynatrace Software Intelligence Platform , organisations can leverage the automation , AI , scalability and enterprisegrade robustness of Dynatrace , and extend this to deliver more secure release cycles with confidence their cloud-native applications are free from exposures .” u
|
intelligent SOFTWARE SECURITY |
www . intelligentciso . com
|
61
|