Cloud complexity calls for observability and security convergence

81% of CISOs say they will see an increase in vulnerability exploits if they can’t make DevSecOps work more effectively.

  • 7 months ago Posted in

Dynatrace has published the findings of an independent global survey of 1,300 chief information security officers (CISOs) in large organizations. The research reveals that CISOs find it increasingly difficult to keep their software secure as their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments. It also finds that the continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption. These insights highlight the growing need for the convergence of observability and security to fuel data-driven automation that enables development, security, and IT operations teams to deliver faster, more secure innovation.

 

Findings from the research include:

 

More than two-thirds (68%) of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

Only 50% of CISOs are fully confident that the software delivered by development teams has been completely tested for vulnerabilities before going live in production environments.

77% of CISOs say it’s a significant challenge to prioritize vulnerabilities because they lack information about the risk these vulnerabilities pose to their environment.

58% of the vulnerability alerts that security scanners alone flag as “critical” are not important in production, wasting valuable development time chasing down false positives.

On average, each member of development and application security teams spends nearly a third (28%) of their time – or 11 hours each week – on vulnerability management tasks that could be automated.

 

“Organizations are struggling to balance the need for faster innovation with the governance and security controls they established to keep their services and data safe,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “The growing complexity of software supply chains and the cloud-native technology stacks that provide the foundation for digital innovation make it increasingly difficult to quickly identify, assess, and prioritize response efforts when new vulnerabilities emerge. These tasks have grown beyond human ability to manage. Development, security, and IT teams are finding that the vulnerability management controls they have in place are no longer adequate in today’s dynamic digital world, which exposes their businesses to unacceptable risk.”

 

Additional findings include:

 

75% of CISOs say the prevalence of team silos and point solutions throughout the DevSecOps lifecycle makes it easier for vulnerabilities to slip into production.

81% of CISOs say they will see more vulnerability exploits if they can’t make DevSecOps work more effectively; however, just 12% of organizations have a mature DevSecOps culture.

86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges.

76% of CISOs say the time it takes between the discovery of zero-day attacks and their ability to patch every instance is a significant challenge to minimizing risk. 

 

“Despite a widespread understanding of the many benefits of DevSecOps, most organizations remain in the early stages of adopting these practices due to siloed data that lacks context and limits analytics,” continued Greifeneder. “To overcome this, they should use solutions that converge observability and security data and are powered by trusted AI and intelligent automation. This is precisely what we architected the Dynatrace platform to do. As a result, our customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95 percent, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.”

Although most remain “unsure how it actually works”, 40% of C-level executives are planning to use AI and the advantages that can be gained through Generative AI (Gen AI) such as ChatGPT to cover critical skills shortages, according to new research by Kaspersky.
Civo has published the results of its research into the challenges faced by Machine Learning (ML) developers in their roles. With more businesses deploying ML, the research highlights the current hurdles faced and the high rate of project failure.
Now Assist in Virtual Agent, flow generation, and Now Assist for Field Service Management are the latest in powerful GenAI solutions to be embedded into the ServiceNow Platform.
Report unveils AI adoption rates for 2024 along with other tech and customer experience predictions.
New innovations in cloud threat detection give SOC teams the edge to pinpoint suspicious activity across their attack surface.
A new report from Appsbroker and CTS shows 86% of organisations have already been impacted by GenAI, with a better understanding of the potentially disruptive impacts of the technology a top priority for 78% of them.
LANL adopts SambaNova Suite and expands existing SambaNova DataScale® deployment to run AI workloads for performing national security, science, technology, and engineering projects.
Collaboration brings together companies’ deep expertise and research in AI and large language models, powered by NVIDIA AI Enterprise software.