Trend Micro Survey Finds Lack of IT Security Input In DevOps Introduces Cyber Risk for 63% of …

There are a  few terms we all use (yes, myself included) that make me cringe. “Shift left” is one of them. But… the obvious time to identify threats and build security controls is during the development cycle. So why don’t we?…:

[…] “It’s no secret that developers and security teams have a history of butting heads,” said Mick McCluney, Technical Director, Trend Micro ANZ. “We want to help businesses breakdown those barriers by providing technology and solutions that work for developers, IT and security teams. To do that best, we have to understand how the DevOps community and IT security teams collaborate – so we asked them for input directly. Understanding their goals will help us continue to provide solutions that help them do their jobs, and help the end results be secure.”

DevOps is a bigger priority today than a year ago for 69% of Australian companies, but 27% of respondents admitted security teams are not always consulted in project plans. This is despite 83% of respondents stating that they have encountered security risks when implementing projects.

This challenge is also highlighted in newly published research from ESG , also commissioned by Trend Micro along with other cybersecurity vendors, which states that only 20% of cloud-native application security product purchases for DevOps projects are actually made by IT security teams. To tackle the issue, ESG found that 68% of organisations have, or plan to have, a centralised team to handle DevOps security.

[…]

Original article here