DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • DevOps Flow: Accelerating Velocity With Software Factory Best Practices
  • Survey: More Cybersecurity Pros Embedded in DevOps Teams
  • The Impact of Developer Happiness on Productivity
  • AWS Delivers on Latest Graviton3 Price/Performance Promise
  • Five Tips for Moving IT Ops to DevOps

Home » Blogs » Survey: More Cybersecurity Pros Embedded in DevOps Teams

Survey: More Cybersecurity Pros Embedded in DevOps Teams

Avatar photoBy: Mike Vizard on March 7, 2023 Leave a Comment

A survey of 2,500 C-level executives published today by Palo Alto Networks found 81% of organizations have embedded cybersecurity professionals within their DevOps teams.

Despite the presence of those cybersecurity professionals, however, the survey also suggested there is much work to do in terms of optimizing DevSecOps workflows. A full 90% of organizations cannot detect, contain and resolve cybersecurity threats within an hour, the survey found.

TechStrong Con 2023Sponsorships Available

Bob West, chief security officer for Palo Alto Networks, said most of the challenges associated with DevSecOps are directly related to persistent cloud security issues. More than three-quarters of organizations (78%) said they had distributed responsibility for cloud security, but almost half (47%) said a majority of their workforce still does not understand their security responsibilities.

In many cases, developers with little to no cybersecurity expertise are responsible for provisioning cloud infrastructure. As a result, misconfigurations that create security issues are commonplace, noted West. That’s especially problematic because three-quarters of organizations (75%) are deploying new or updated code to production weekly, with almost 40% committing new code daily, the survey found. Given that developers far outnumber cybersecurity professionals in most organizations, it remains challenging to ensure application code is secure, noted West.

In addition to improving the overall state of cloud security, organizations need to focus on fundamentals such as training developers to be more mindful of cybersecurity issues, he added. Most developers never had any formal cybersecurity training, so it’s up to organizations to make sure that particular skills gap is closed, he noted. In addition, organizations need to make sure they have a robust set of patch management processes in place alongside a capability to manage permissions and entitlements, added West.

Overall, the survey found organizations are using more than 30 security tools, on average, including six to 10 dedicated to cloud security. More than three-quarters of respondents (76%) said relying on multiple security tools created blind spots that affected their ability to prioritize risk and prevent threats. A full 80% said they would benefit from a centralized security solution that sits across all of their cloud accounts and services.

One way or another, a rising tide of regulations focused on improving the security of software supply chains will force organizations to improve cloud security, said West. The survey showed there is a strong commitment in terms of making cybersecurity professionals an integral part of a DevOps workflow. The issue is that there are still a raft of training and process issues that need to be addressed at a time when cybercriminals are becoming increasingly adept at compromising applications both as they are developed and after they are deployed.

Of course, training and modifying processes take time. DevSecOps is as much about changing culture as it is about acquiring new tools. DevOps teams are still highly committed to building and deploying applications as quickly as possible. The challenge is finding a way to insert a set of cybersecurity gates within those workflows without slowing down the pace at which applications are developed.

Recent Posts By Mike Vizard
  • AWS Delivers on Latest Graviton3 Price/Performance Promise
  • Five Great DevOps Job Opportunities
  • Report Identifies Top 10 Open Source Software Risks
Avatar photo More from Mike Vizard
Related Posts
  • Survey: More Cybersecurity Pros Embedded in DevOps Teams
  • Cybric Launches Industry-First Continuous Security-as-a-Service Platform
  • New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security
    Related Categories
  • Blogs
  • Business of DevOps
  • DevOps Culture
  • DevOps Practice
  • DevSecOps
  • Features
  • IT Security
  • News
    Related Topics
  • devops
  • devsecops
  • embedded
  • Palo Alto Networks
  • teams
Show more
Show less

Filed Under: Blogs, Business of DevOps, DevOps Culture, DevOps Practice, DevSecOps, Features, IT Security, News Tagged With: devops, devsecops, embedded, Palo Alto Networks, teams

« The Impact of Developer Happiness on Productivity
DevOps Flow: Accelerating Velocity With Software Factory Best Practices »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Getting Kubernetes Costs Under Control
Wednesday, March 8, 2023 - 1:00 pm EST
Terraform Cloud Workshop: Security Beyond Static Misconfiguration Checking
Thursday, March 9, 2023 - 11:00 am EST
The State of Infrastructure-as-Code (IaC) 2023
Thursday, March 9, 2023 - 3:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

DevOps Flow: Accelerating Velocity With Software Factory Best Practices
March 7, 2023 | Neil McEvoy
Survey: More Cybersecurity Pros Embedded in DevOps Teams
March 7, 2023 | Mike Vizard
The Impact of Developer Happiness on Productivity
March 7, 2023 | Aaron Upright
AWS Delivers on Latest Graviton3 Price/Performance Promise
March 6, 2023 | Mike Vizard
Five Tips for Moving IT Ops to DevOps
March 6, 2023 | Itzik Reich

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

LinkedIn Job Scams: Out of Hand ¦ 4-Day Workweek: Let’s Get Serious
March 2, 2023 | Richi Jennings
How GitHub Actions Simplifies Your CI/CD Workflow
March 2, 2023 | Sirish Patel
Despite Tech Layoffs, Developer Shortage Continues
March 2, 2023 | George V. Hulme
Why You Need to Break the Observability Data Silo
March 1, 2023 | Chris Cooney
Sysdig Launches Wireshark Foundation
March 2, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.