All types of organizations are embracing DevOps as a way to deliver work quickly and reliably. However, security sometimes falls by the wayside in favor of the desire to move fast. In fact, a recent Threat Stack survey shows that 52% of companies admit to sacrificing security for speed.
As a result, Security, Development, and Operations teams often remain deeply siloed, causing security to be treated as an afterthought and placing teams in constant “reactive mode” — which exposes the organization to unnecessary risk. Our recent survey of Development, Operations, and Security professionals spells out a few of the key issues:
- Security is siloed. At 38% of organizations, security is a completely separate team that is only brought in when needed.
- Developers can’t code securely. 44% of developers aren’t trained to code securely. Without this basic ability, code is often written without security in mind, and this causes security to become a disruptive bottleneck when it must inevitably step in and intervene.
- Operations doesn’t have security training. 42% of operations staff admit that they are not trained in basic security practices — meaning they can’t configure servers securely, and they do not see deploying securely as part of the configuration management process.
Ultimately, people and processes make up the foundation of every business transformation. SecOps is no different. Change can be difficult, but operationalizing cloud infrastructure security can help you reduce security incidents, ensure compliance, and innovate without sacrificing security or speed.
Below, we’ll walk through three of the cultural changes that need to take place at your organization to encourage people to embrace SecOps as they pursue innovation, speed, and scale. Read more “3 SecOps Culture Hacks You Should Embrace Today”