The CISOs of companies have more and more complications to keep software secure of their organizations, due to the increasing complexity of multicloud and hybrid environments. This is also due, in certain cases, to the fact that some teams continue to rely on manual processes, which can lead to vulnerabilities slipping into production processes. This has been reflected in the Dynatrace CISO Report 2023for which 1,300 CISOs from companies with more than 1,000 employees from various countries, including Spain, have been interviewed.
The report shows that the continuous use of isolated tools for development, delivery and security is an obstacle to consolidating a DevSecOps strategy. Also, that every time. it is more necessary to combine observability with security to give a boost to data-driven automation. Thus, operations, development, security and IT teams can offer greater security when innovating.
66% of the CISOs interviewed point out that managing vulnerabilities is more complicated due to the growing complexity of multicloud ecosystems and their software supply chain. Furthermore, only half are convinced that the software offered by development teams has been thoroughly and thoroughly tested for vulnerabilities before it is released to production.
Another 91% of those surveyed highlight the importance of prioritizing vulnerability analysis, since there is usually not enough data on the risk that these pose to their environments. And 58% say that vulnerability alerts identified as critical by security scans are not usually important in production, so a lot of development time is spent managing false positives. Each member of the development and security team spends, on average, a third of their working time managing vulnerability detection tasks that could be automated.
Of the CISOs surveyed, 76% ensure that the isolation of teams and specific solutions during the life cycle of a DevSecOps strategy facilitates security breaches. And 77% of the CISOs in Spain surveyed are convinced that there will be more vulnerabilities if the level of effectiveness of DevSecOps is not raised. In fact, only 12% of those surveyed indicate that they have a mature and consolidated DevSecOps culture.
For 91%, automation and the use of AI are keys to DevSecOps success, as well as to overcome resource problems, and 87% highlight that the time that passes between the discovery of a “zero-day” attack » and your ability to fix it is one of the biggest challenges in reducing risk.
According to Bernd Greifeneder, CTO of Dynatrace«Companies are struggling to find the balance between the need to innovate ever faster and do it in a secure way to keep their data and services safe. The increasing complexity of software supply chains and cloud-native technologies that provide the foundation for digital innovation make it increasingly difficult to identify, assess, and prioritize response times when new vulnerabilities emerge. These tasks have grown beyond human management capabilities.«.
Greifeneder has also recalled that «development, security and IT teams are finding that the vulnerability management controls they have are not adequate for today’s dynamic digital world, exposing their companies to risks that cannot be allowed.Despite the wide Aware of the many benefits of DevSecOps, many companies remain green in adopting this practice because their data is siled, lacks context, and limited to analysis.
To overcome this point, solutions that combine observability and security must be used, being driven by AI and intelligent automation. This is precisely what we designed the Dynatrace platform for. As a result, our clients have reduced the time spent identifying and prioritizing incidents by 95%, helping them to innovate faster and more securely, allowing them to stay ahead of their industries.«.
