Security Professionals Express Frustration with Deployment Process, Warn of Increased Risks in New Waratek Survey
Waratek, the Security-as-Code industry pioneer empowering security teams to scale with the speed of modern software development, announced the results of the company’s “What Security Professionals Really Think About DevOps” survey. The survey set out to uncover a greater understanding of what challenges security teams on the front lines face. The respondents largely agreed that the increased rate of software deployments has introduced a serious challenge to security teams, leading to burnout and higher security risks.
“The survey paints a picture of a very frustrated security industry,” said Doug Ennis, CEO of Waratek. “The never-ending deployment treadmill has security teams feeling like they are moving fast but going nowhere. As software grows in complexity and release cycles continue to accelerate, previously fixed vulnerabilities are being reintroduced at an alarming rate, making it increasingly difficult to simply even maintain an existing security posture. Manual security processes in the DevOps process, even introduced earlier, just aren’t a sustainable way to address the ever-growing threat landscape.”
Recommended AI News: Tyson & Blake makes Follow-on Investment in StrongRoom AI “SRAI”
Key takeaways from the report include:
- Nearly 83 percent of security professionals say that the increase in rate of deployment led to an increase in previously remediated vulnerabilities being reintroduced.
- 61 percent of teams have to delay critical security work, even when security is “shifted left” in the DevOps process.
- Tooling is designed to save time, yet almost a third of security professionals spend nearly a third of their week investigating scanner results.
- More than 50 percent of security professionals say they spend days or weeks per year investigating false positives.
“What we found very interesting is that even though security teams are implementing manual security activities earlier in the DevOps process, it’s just relocating existing pain,” said Ennis. “It’s clear that the time is ripe for a Security-as-Code platform that automates the desired security behavior within every deployment, release after release. Companies shouldn’t have to choose between staying competitive or staying protected. By providing security teams the template to immutably tell their applications what behavior they want to secure and what they expect, both security and development teams can focus on just doing their jobs.”
“Utilizing security as code enables organizations to scale with modern software development by codifying security and policy into development processes and workflows,” explained Melinda Marks, Senior Analyst, ESG.
Recommended AI News: Datanomix Announces Automated Downtime Insights
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.