Security or Agility? An Unnecessary Choice

Security or Agility? An Unnecessary Choice

Security or Agility? An Unnecessary ChoiceSecurity or Agility? An Unnecessary Choice

As they digitally transform, enterprises can become vulnerable to security risks, but some are building apps faster and increasing security simultaneously.

Top Enterprise GoalsTop Enterprise Goals

Increasing information security: 90%.
Increasing IT agility: 88%.
Increasing development agility: 87%.

The ChallengeThe Challenge

“Going faster often means introducing security risks, while maximizing security often means slowing things down. To increase agility and security would require changing how security works within the organization.”

Shift Toward IntegrationShift Toward Integration

88% of the managers and professionals surveyed said that integrating security into DevOps is somewhat or extremely important because they want to speed app development and enhance security.

Top Three DangersTop Three Dangers

The top three dangers of operating security outside of DevOps are increased costs, longer delivery cycles and increased security risk.

Tipping PointTipping Point

49% of respondents have already integrated security into DevOps, and another 49% are completing that integration, while only 2% have no interest in doing that.

Anticipated Pre-Transition ChallengesAnticipated Pre-Transition Challenges

The organization’s structure prohibits integration.
The team lacks a champion for the transition.
The security pros don’t work well in a team environment.

Post-Transition ChallengesPost-Transition Challenges

It took too much time.
Security team resisted change.
Lacked relationship skills to integrate the teams.

Comparing Transition TimesComparing Transition Times

The top challenge—that the transition took too long—was explored. Respondents who had not completed the challenge estimated that integration would take 7 to 11 months, but those who had completed it said it took 1 to 2 years.

Integration Pays offIntegration Pays off

Doing well at information security: 22%.
Doing well at meeting app delivery deadlines: 21%.
Doing well at lowering application risk: 21%.

RecommendationsRecommendations

Appoint a social leader to drive cultural change.
Appoint a security lead on all DevOps teams at the beginning.
Limit access, sign and encrypt everything in network using automated PKI.
Invest in automation, including certificate management, patching, vulnerability scanning, stack code analysis. Integrate and standardize.

Agility and SecurityAgility and Security

Enterprises need both agility and security. Go too slow, and you lose out to the competition. Neglect security, and you open the enterprise to unacceptable risk.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles