A global survey conducted by Coleman Parkes for Dynatrace found that multicloud deployments make IT security more complex.
The survey, based on a survey of 1,300 chief information security officers (CISOs) in organizations with more than 1,000 employees, found that despite taking a multi-layered approach to IT security, three-quarters of CISOs (75%) are concerned that too many application vulnerabilities are creeping into production.
When asked about their approach to securing open source software, only a quarter (25%) of respondents said their security teams can access a fully accurate, continuously updated report of every application and library in real time. of code in production. A third (33%) admit that their security teams don’t always know which third-party code libraries they use in production. Almost all (95%) said their organizations were at risk from Log4Shell, and 35% rated their risk as ‘high’ or ‘severe’.
More than two-thirds (69%) of CISOs said managing vulnerabilities has become more difficult as the need to accelerate digital transformation has grown. JThe survey found that the speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries make vulnerability management more difficult. Three-quarters of CISOs surveyed say that despite a layered security posture, persistent coverage gaps allow vulnerabilities to enter production. .
According to Dynatrace, the drive to accelerate transformation is also driving organizations to adopt agile practices such as DevSecOps, to eliminate traditional bottlenecks that can tax understaffed security teams. DevSecOps enables developers to secure their own code, so organizations can release new services faster. However, Dynatrace cautioned that this practice is still maturing and that many developers lack the resources to take more responsibility for security. Shifting responsibility for security “left” to development is not enough, according to Dynatrace. He recommended that organizations also need to move to the “right” to ensure applications run securely in production. Without this, vulnerabilities that have infiltrated production may go undetected and therefore remain open to exploitation.
“Organizations are realizing that to effectively manage vulnerabilities in the cloud-native era, security must become a shared responsibility,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “The convergence of observability and security is key to providing development, operations, and security teams with the context to understand how their applications are connected, where vulnerabilities exist, and which ones to prioritize. This speeds up risk management and incident response.