Skip to main content

451 Research: Balance Speed & Safety in Application Security

Balance Speed & Safety in Application Security         Technology is a competitive advantage, and software is getting more complex DevOps implementations are shifting to cloud architectures, introducing new challenges for management. 1% Today 3% In Two Years Don't know On-premises, non-cloud infrastructure Hosted, non-cloud infrastructure Hosted private cloud On-premises private cloud Primary Environment for DevOps Implementations Today, in Two Years  20% 7% 5% 12% 11% 19% 24%  12% 14% 16%  17%  21% Regulated companies are under increasing scrutiny to deliver on security and privacy Meeting compliance requirements is the second most common approval mechanism for security projects. Risk assessment 24% Compliance requirement Platform as a service (PaaS) Infrastructure as a service (IaaS)/public cloud Software as a service (SaaS) and hosted applications   5%3%5% 6% 6% 8% 12% 7% Key determinant in security project approval Driven by due diligence (e.g., customer requirement) Audit response Business requirement Championed by a senior leader (e.g., sacred cow) Return on investment (ROI) Reputational/brand risk Data breach or security incident response Requirement to support cloud workloads Other 15% 10% Organizations are under intense pressure to go faster Releases are getting faster among newer companies, and mature companies must often content with legacy technology footprints. 24% 15% 8% 8% 5% Daily Monthly Semi-annually Annually 6% 11%  More than half of infosec projects are driven by compliance- and risk-related determinants  33% 26% Age of companies <10 Years Old Between 10-24.9 Years Old 25+ Years Old        29% 25% 16% Weekly 26%          11% 4% 4% Hourly Frequency With Which Organizations Deployed Software Apps to Production in the Past Year, by Age of Company 26% 21% 9% Quarterly 1% 7% 2% 0% There is increasing pressure on the software development lifecycle. Organizations can either: Go fast and ignore the risks. Release software and fix problems later, risking fines and brand reputation. Go slow and safe. Don’t release code until all risks have been mitigated. But there aren’t enough application security resources to cover the work.      Application security skills are inadequately addressed among security professionals today Security Skill Sets Cloud platform expertise Application security/coding Skill Sets Inadequately Most Important Addressed Skill Set Today 48% 54% 39% 30%      Enterprises need to find a balance between speed and risk Sources: 451 Research's Voice of the Enterprise: DevOps, Workloads & Key Projects 2020; Voice of the Enterprise: Information Security, Workloads & Key Projects 2020; Voice of the Enterprise: Information Security, Organizational Dynamics 2019 Go Fast. Stay Safe. Adopt Balanced Development Automation (BDA) to: Drive speed through automation Get real-time status on application security and compliance Reduce risk of fines and breaches WWW.SECURITYCOMPASS.COM