Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

IT Security Sucks

DZone's Guide to

IT Security Sucks

The realization that the state of software security is...less than ideal has started to take hold, and it's affecting the speed of the business.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

It’s rare to find a bunch of people who agree on anything. It’s even rarer when you find a bunch of people who agree that they all suck.

Welcome to a rare situation.

A few weeks ago, I spoke at the AWS re:Invent conference in Las Vegas. In my audience were hundreds of IT professionals. Some were responsible for security, others were responsible for cloud operations or application development. I asked my audience whether they thought that their existing IT security products and policies were slowing down the business, and I saw about 80% of the hands were raised.

This is similar to the finding that Gartner published in a report titled “DevSecOps: How to Seamlessly Integrate Security Into DevOps”. In this report, the analysts stated:

“Surveys at Gartner’s data center and information security summits in 2015 indicate that information security is viewed as an inhibitor to the agility and speed required by digital business and DevOps initiatives. Both information security professionals (Figure 1) and IT operations professionals (Figure 2) were surveyed. As shown in Figures 1 and 2, both information security and IT operations professionals, in nearly identical ratios (approximately 4 to 1), believe information security is slowing down IT’s ability to respond to the needs of the business.”*

IT security sucks

 

IT security sucks

Did you catch that?  77% of IT security professionals said that their information security policies and teams are slowing IT down!

What is happening? Why are we seeing these widespread admissions that security is slowing down the business?  I’ll cover that in my next blog post.

*Gartner “DevSecOps: How to Seamlessly Integrate Security Into DevOps”, Neil MacDonald and Ian Head, 30 September 2016

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,software delivery ,gartner ,devsecops ,devops

Published at DZone with permission of Jack Marsal, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}