A global survey conducted by Coleman Parkes for Dynatrace has found that multicloud deployments are making IT security more complex.
The survey, based on a poll of 1,300 chief information security officers (CISOs) in organisations with more than 1,000 employees, reported that, in spite of having a multi-layered approach to IT security, three-quarters of CISOs (75%) are worried that too many application vulnerabilities leak into production.
When asked about their approach to securing open source software, just a quarter (25%) of respondents said their security teams can access a fully accurate, continuously updated report of every application and code library running in production in real time. A third (33%) admit their security teams do not always know which third-party code libraries they have running in production. Almost all (95%) said their organisations faced risk exposure from Log4Shell, and 35% cited their risk as ‘high’ or ‘severe’.
Over two-thirds (69%) of CISOs said vulnerability management has become more difficult as the need to accelerate digital transformation has increased. The survey found that the speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries are making vulnerability management more difficult. Three quarters of the CISOs surveyed say that despite having a multi-layered security posture, persistent coverage gaps allow vulnerabilities into production. .
According to Dynatrace, the drive for faster transformation is also prompting organisations to adopt agile practices such as DevSecOps, to remove traditional bottlenecks that can tax understaffed security teams. DevSecOps empowers developers to secure their own code, so organisations can release new services faster. However, Dynatrace warned that this practice is still maturing, and many developers lack the resources to take more accountability for security. Shifting responsibility for security ‘left’ to development is not sufficient, according to Dynatrace. It recommended that organisations also need to shift ‘right’ to ensure that applications run securely in production. Without this, vulnerabilities that have leaked into production run the risk of going undetected and so remain open to exploitation.
“Organisations realise that to manage vulnerabilities in the cloud-native era effectively, security must become a shared responsibility,” said Bernd Greifeneder, chief technology officer at Dynatrace. “The convergence of observability and security is critical to providing development, operations and security teams with the context needed to understand how their applications are connected, where the vulnerabilities lie, and which need to be prioritised. This accelerates risk management and incident response.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
