ynatrace has announced the

As organisations shift more responsibility ‘ left ’ to developers to accelerate innovation , increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts , many of which are false positives reflecting vulnerabilities in libraries that are not used in production .

This research reveals :

• 89 % of CISOs say microservices , containers and Kubernetes have created application security blind spots

• 97 % of organisations do not have real-time visibility into runtime vulnerabilities in containerised production environments

• Nearly two-thirds ( 63 %) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities

• 74 % of CISOs say traditional security controls such as vulnerability scanners no longer fit today ’ s cloudnative world

• 71 % of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production

Bernd Greifeneder , Founder and CTO , Dynatrace , said : “ The increased use of cloud-native architectures

has fundamentally broken traditional approaches to application security . This research confirms what we ’ ve long anticipated : manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today ’ s dynamic cloud environments and rapid innovation cycles .

Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies , runtime dynamics , continuous delivery and polyglot software development which uses an ever-growing number of third-party technologies . Already stretched teams are forced to choose between speed and security , exposing their organisations to unnecessary risk .

Further findings include :

• On average , organisations need to react to 2,169 new alerts of potential application security vulnerabilities each month

• 77 % of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures

• 68 % of CISOs say the volume of alerts makes it very difficult to prioritise vulnerabilities based on risk and impact

• 64 % of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production

• 77 % of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment , configuration and management with automated approaches

• 28 % of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery

Greifeneder added : “ As organisations embrace DevSecOps , they also need to give their teams solutions that offer automatic , continuous and real-time risk and impact analysis for every vulnerability , across both pre-production and production environments and not based on point-in-time ‘ snapshots ’. With the Application Security Module on the Dynatrace Software Intelligence Platform , organisations can leverage the automation , AI , scalability and enterprise-grade robustness of Dynatrace and extend this to deliver more secure release cycles with confidence their cloud-native applications are free from exposures .”

The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees , conducted by Coleman Parkes and commissioned by Dynatrace in 2021 .

The sample included 200 respondents in the US , 100 in the UK , France , Germany and Spain and 50 in Brazil and Mexico , respectively . u

intelligent CLOUD SECURITY

www . intelligentciso . com

55