Chief Information Security Officers (CISOs) are finding it increasingly difficult to keep their software secure as their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes, making it easy to leave vulnerabilities in the IT environment. by the integrated security and surveillance company, Dynatrace.

The report entitled “The convergence of observation and security is critical to unlocking the potential of DevSecOps”, also found that continuing to use silo tools for development, delivery, and security tasks hindered DevSecOps adoption maturity.

The findings, said Dynatrace, highlight the growing need to integrate observability and security capabilities to drive data-driven automation, which will enable IT operations, security and development teams to deliver innovations faster and more securely.

Other survey results include:

• More than two thirds (68%) of CISOs say vulnerability management is more difficult as the complexity of their software supply chain and cloud ecosystem has increased.
• Only 50% of CISOs are fully confident that the software delivered by the development team has been fully tested for vulnerabilities before being released into a production environment.
• 77% of CISOs say prioritizing vulnerabilities is a key challenge because they lack information about the risks these vulnerabilities pose to their environment.
• 58% of vulnerability warnings that security scanners only flagged as “critical” weren’t critical in production, wasting valuable development time chasing false positives.
• On average, each member of the application development and security team spends nearly a third (28%) of their time, or 11 hours per week, on automated vulnerability management tasks.

“Organizations struggle to balance the need for faster innovation with the governance and security controls they already have in place to keep their services and data secure,” said Bernd Greifeneder, CTO of Dynatrace.

“The increasing complexity of software supply chains and cloud-native technology sets, which are the basis for digital innovation, is making it increasingly difficult to quickly identify, assess, and prioritize response efforts when new challenges arise. These tasks have grown beyond the human capacity to manage. Development, security, and IT teams are finding that their vulnerability management controls are no longer sufficient in today’s dynamic digital world, exposing their businesses to unacceptable risks.

The survey found that a majority of CISOs (75%) believe team silos and point solutions in DevSecOps make it easier to get vulnerabilities into production, and 81% said they would see more exploits of vulnerabilities if they couldn’t get DevSecOps working. effective, even though only 12% of organizations have a mature DevSecOps culture. For 86% of CIOs, AI and automation are critical to DevSecOps success.

Despite the wide understanding of many benefits DevSecOps, most organizations are still in the early stages of adopting this practice due to data silos that lack context and boundary analysis,” continued Greifeneder. “To overcome this, they must use a solution that combines observation and security data and is supported by trusted AI and intelligent automation,” he emphasized.

The report is based on an independent global survey, conducted by Coleman Parkes on behalf of Dynatrace, of 1,300 CISOs in large organizations with more than 1,000 employees. The sample includes: 200 respondents in the United States; 100 in each of the UK, France, Germany, Spain, Italy, the Nordic countries, the Middle East, Australia and India; and 50 in Singapore, Malaysia, Brazil and Mexico.