Security or Agility? An Unnecessary Choice

 
 
By Karen A. Frenkel  |  Posted 08-08-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Security or Agility? An Unnecessary Choice
    Next

    Security or Agility? An Unnecessary Choice

    As they digitally transform, enterprises can become vulnerable to security risks, but some are building apps faster and increasing security simultaneously.
  • Previous
    Top Enterprise Goals
    Next

    Top Enterprise Goals

    Increasing information security: 90%. Increasing IT agility: 88%. Increasing development agility: 87%.
  • Previous
    The Challenge
    Next

    The Challenge

    "Going faster often means introducing security risks, while maximizing security often means slowing things down. To increase agility and security would require changing how security works within the organization."
  • Previous
    Shift Toward Integration
    Next

    Shift Toward Integration

    88% of the managers and professionals surveyed said that integrating security into DevOps is somewhat or extremely important because they want to speed app development and enhance security.
  • Previous
    Top Three Dangers
    Next

    Top Three Dangers

    The top three dangers of operating security outside of DevOps are increased costs, longer delivery cycles and increased security risk.
  • Previous
    Tipping Point
    Next

    Tipping Point

    49% of respondents have already integrated security into DevOps, and another 49% are completing that integration, while only 2% have no interest in doing that.
  • Previous
    Anticipated Pre-Transition Challenges
    Next

    Anticipated Pre-Transition Challenges

    The organization's structure prohibits integration. The team lacks a champion for the transition. The security pros don't work well in a team environment.
  • Previous
    Post-Transition Challenges
    Next

    Post-Transition Challenges

    It took too much time. Security team resisted change. Lacked relationship skills to integrate the teams.
  • Previous
    Comparing Transition Times
    Next

    Comparing Transition Times

    The top challenge—that the transition took too long—was explored. Respondents who had not completed the challenge estimated that integration would take 7 to 11 months, but those who had completed it said it took 1 to 2 years.
  • Previous
    Integration Pays off
    Next

    Integration Pays off

    Doing well at information security: 22%. Doing well at meeting app delivery deadlines: 21%. Doing well at lowering application risk: 21%.
  • Previous
    Recommendations
    Next

    Recommendations

    Appoint a social leader to drive cultural change. Appoint a security lead on all DevOps teams at the beginning. Limit access, sign and encrypt everything in network using automated PKI. Invest in automation, including certificate management, patching, vulnerability scanning, stack code analysis. Integrate and standardize.
  • Previous
    Agility and Security
    Next

    Agility and Security

    Enterprises need both agility and security. Go too slow, and you lose out to the competition. Neglect security, and you open the enterprise to unacceptable risk.
 

In an effort to digitally transform their companies, the majority of enterprises are integrating their security teams into DevOps methodologies—or are trying to do so—a new survey finds. Faster app development can open a company to security risks, however. So how can enterprises increase both simultaneously? A new survey, "Making Security Agile" from scalable identity and encryption solutions provider DigiCert, addresses these questions. "Agility and security are not mutually exclusive, and integration requires a combination of technology improvements, and a cultural shift in how technical staff is aligned," said DigiCert CSO Jason Sabin. "The DevOps methodology is not just a method for increasing speed, but [also] about improving efficiency, quality control and predictability in development outcomes." The survey polled 300 U.S. enterprise executives (100 of whom are in IT management, 100 in DevOps and 100 in security) to see "whether their organizations are breaking down silos and inviting security to join the DevOps movement."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register