DevOps causes majority of IT companies to live on the edge of cyber-risk

News by Mark Mayne

Research into DevOps reveals siloed thinking, lack of expertise and correct tools contributing to nearly half of firms not having completed developing their DevOps strategies, leaving companies vulnerable.

Organisational silos create unnecessary security risk for global businesses, according to a new survey which found that the lack of security involvement in DevOps projects is creating cyber risk for 74 percent of IT leaders.

Despite of the widening takeup of DevOps strategies - the survey found that 70 percent of IT firms believe DevOps is a bigger priority today than a year ago - 41 percent admitted security teams are not always consulted as a matter of course. Chillingly, this is despite 96 percent of respondents stating that they have encountered security risks when implementing projects.

Communication was highlighted as a particularly challenging issue, with 89 percent of respondents reporting poor communication between IT security and software development teams, while 77 percent said the same for developers, security and operations. A third (34 percent) claimed that these operational silos are making it harder to create a DevOps culture in the organisation.

There was plenty of consensus over the best ways to drive the cultural change required, however, with strategies such as fostering greater integration between teams seeing 61 percent agree; setting common goals was highlighted by 58 percent and sharing learning experiences across teams also had a 50 percent acceptance. Yet over 78 percent of IT decision makers said improvement is needed in these areas.

Bharat Mistry, principal security strategist at Trend Micro said: "Creating a DevOps culture is fundamental to the success of these projects. While organisations are taking a number of steps to create these cultures – including automating processes, fostering cross-team collaboration and setting common goals across teams – in reality, they’re not stacking up. A complete strategy, defined ownership, clearer roles and responsibilities, and stronger communication between IT, development and security teams is crucial to success, otherwise DevOps projects will fall short of the outcomes they’re trying to achieve."  

The survey from Trend Micro also found that 70 percent of IT security leaders want to be more involved in planning DevOps initiatives, but their teams often lack both the correct tools and enough practitioners to do so effectively. In total, 40 percent of those surveyed claim they don’t have the necessary tools for successful implementation of DevOps projects - 57 percent are actively looking for additional talent to help them secure DevOps projects more effectively.

Additionally, almost half the IT firms (46 percent) said that their DevOps strategy was only partially developed, leaving IT and software teams in the dark as to the final goal.

"Failed DevOps projects can also bring major security risks, including opening up the business to additional cyber-attacks, and exposing company and customer data. It’s therefore essential that organisations collaborate and communicate with security teams when implementing DevOps projects to ensure they apply the right security framework to new applications. If they don’t, DevOps initiatives will bring much more damage than reward," summarised Mistry.

Trend Micro commissioned independent research specialist Vanson Bourne to poll 1,310 IT decision makers (710 in Europe) in SMB and enterprise organisations across the globe about their organisational culture.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews