Over a million developers have joined DZone.

IT Security Sucks

DZone's Guide to

IT Security Sucks

The realization that the state of software security is...less than ideal has started to take hold, and it's affecting the speed of the business.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

It’s rare to find a bunch of people who agree on anything. It’s even rarer when you find a bunch of people who agree that they all suck.

Welcome to a rare situation.

A few weeks ago, I spoke at the AWS re:Invent conference in Las Vegas. In my audience were hundreds of IT professionals. Some were responsible for security, others were responsible for cloud operations or application development. I asked my audience whether they thought that their existing IT security products and policies were slowing down the business, and I saw about 80% of the hands were raised.

This is similar to the finding that Gartner published in a report titled “DevSecOps: How to Seamlessly Integrate Security Into DevOps”. In this report, the analysts stated:

“Surveys at Gartner’s data center and information security summits in 2015 indicate that information security is viewed as an inhibitor to the agility and speed required by digital business and DevOps initiatives. Both information security professionals (Figure 1) and IT operations professionals (Figure 2) were surveyed. As shown in Figures 1 and 2, both information security and IT operations professionals, in nearly identical ratios (approximately 4 to 1), believe information security is slowing down IT’s ability to respond to the needs of the business.”*

IT security sucks


IT security sucks

Did you catch that?  77% of IT security professionals said that their information security policies and teams are slowing IT down!

What is happening? Why are we seeing these widespread admissions that security is slowing down the business?  I’ll cover that in my next blog post.

*Gartner “DevSecOps: How to Seamlessly Integrate Security Into DevOps”, Neil MacDonald and Ian Head, 30 September 2016

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

security ,software delivery ,gartner ,devsecops ,devops

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}