78% of CISOs say they will see an increase in vulnerability exploits if they can’t make DevSecOps work more effectively
Sydney, April 27, 2023 – Dynatrace (NYSE: DT), the leader in unified observability and security, has announced the findings of an independent global survey of 1,300 chief information security officers (CISOs), including 100 respondents from Australia, in large organisations. The research reveals that CISOs find it increasingly difficult to keep their software secure as their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments. It also finds that the continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption. These insights highlight the growing need for the convergence of observability and security to fuel data-driven automation that enables development, security, and IT operations teams to deliver faster, more secure innovation.
The complimentary report, The convergence of observability and security is critical to realszing DevSecOps potential, is available for download here: https://www.dynatrace.com/info/ciso-report-devsecops-potential/
Findings from the Australian data include:
- 61% of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.
- Only 55% of CISOs are fully confident that the software delivered by development teams has been completely tested for vulnerabilities before going live in production environments.
- 77% of CISOs say it’s a significant challenge to prioritise vulnerabilities because they lack information about the risk these vulnerabilities pose to their environment.
- 56% of the vulnerability alerts that security scanners alone flag as “critical” are not important in production, wasting valuable development time chasing down false positives.
- On average, each member of development and application security teams spends nearly a third (29%) of their time – or 11 hours each week – on vulnerability management tasks that could be automated.
“Organisations are struggling to balance the need for faster innovation with the governance and security controls they established to keep their services and data safe,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “The growing complexity of software supply chains and the cloud-native technology stacks that provide the foundation for digital innovation make it increasingly difficult to quickly identify, assess, and prioritise response efforts when new vulnerabilities emerge. These tasks have grown beyond human ability to manage. As such, development, security, and IT teams are finding that the vulnerability management controls they have in place are no longer adequate in today’s dynamic digital world, exposing their businesses to unacceptable risk as a result.”
Additional Australian findings include:
- 77% of CISOs say the prevalence of team silos and point solutions throughout the DevSecOps lifecycle makes it easier for vulnerabilities to slip into production.
- 78% of CISOs say they will see more vulnerability exploits if they can’t make DevSecOps work more effectively; however, just 6% of organisations have a mature DevSecOps culture.
- 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges.
- 82% of CISOs say the time it takes between the discovery of zero-day attacks and their ability to patch every instance is a significant challenge to minimising risk.
“Despite a widespread understanding of the many benefits of DevSecOps, most organisations remain in the early stages of adopting these practices due to siloed data that lacks context and limits analytics,” continued Greifeneder. “To overcome this, they should use solutions that converge observability and security data and are powered by trusted AI and intelligent automation. This is precisely what we architected the Dynatrace platform to do. As a result, our customers have reduced the time they spend identifying and prioritising vulnerabilities by up to 95 percent, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.”
The report is based on a global survey of 1,300 CISOs (including 100 in Australia) in large organisations with more than 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in March 2023. The sample included 200 respondents in the U.S., 100 each in the UK, France, Germany, Spain, Italy, the Nordics, the Middle East, Australia, and India, and 50 each in Singapore, Malaysia, Brazil, and Mexico.
Dynatrace (NYSE: DT) exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at an enormous scale. This enables innovators to modernise and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That’s why the world’s largest organisations trust the Dynatrace® platform to accelerate digital transformation.