Story image

Lack of IT security input in DevOps creates unnecessary risk 

Organisational silos create unnecessary security risk for global businesses, a new survey from Trend Micro reveals. 

The research says the lack of security involvement in DevOps projects was reportedly creating cyber risk for 63% of IT leaders.
 
“It’s no secret that developers and security teams have a history of butting heads,” says Mick McCluney, technical director, Trend Micro ANZ. 

“We want to help businesses breakdown those barriers by providing technology and solutions that work for developers, IT and security teams. To do that best, we have to understand how the DevOps community and IT security teams collaborate – so we asked them for input directly,” he explained. 

“Understanding their goals will help us continue to provide solutions that help them do their jobs, and help the end results be secure.”
 
DevOps is a bigger priority today than a year ago for 69% of companies, but 27% of respondents admitted security teams are not always consulted in project plans, the research shows. 

This is despite 83% of respondents stating that they have encountered security risks when implementing projects.
 
This challenge is also highlighted in newly published research from ESG, also commissioned by Trend Micro along with other cybersecurity vendors, which states that only 20% of cloud-native application security product purchases for DevOps projects are actually made by IT security teams. 

To tackle the issue, ESG found that 68% of organisations have, or plan to have, a centralised team to handle DevOps security.
 
ESG’s survey found only 30% of organisations include a member of their cybersecurity team from the beginning of their software development process.
 
Led by independent research specialist Vanson Bourne, Trend Micro polled 1,310 IT decision makers in SMB and enterprise organisations across the globe about their organisational culture.