Security Cannot Keep Up with Application Release Cycles

Print Version
Share to a friend

A recent survey conducted by CloudPassage indicates that a lack of resources may be hindering the

ability for companies to embed security in application release cycles stymieing their efforts to implement



According to the survey:

– When asked the stage at which security is brought into software or product development release cycles,

more than half of respondents (58 percent) said security is introduced during phase one, the concept and

design phase. A quarter of respondents (22 percent) said security is brought in during phase two, the

coding and implementation phase.


– While more than half of respondents (58 percent) said security is brought into the development

lifecycle early, over half of respondents (51 percent) disagreed and or did not know if security is capable

of moving as fast as product or service release cycles.


– Two-thirds (65 percent) of security professionals cited both lack of resources (i.e. talent and budget)

and siloed departments as the biggest barriers to getting security earlier into release cycles. Lack of

resources was reported as the main barrier by 34 percent of the respondents. Fewer respondents, 18

percent, said security would slow down the release cycle. Eight percent said they believe “DevOps derails



– One-third (33 percent) of security professionals said the biggest business benefit for integrating

security into DevOps methods is better security, faster. Twenty-five percent of respondents said they

believe the biggest benefit is new applications without delays caused by security. Twenty-four percent

said the driver is improved relationships between DevOps and security teams.


– Nearly two-thirds (64 percent) of IT security professionals characterized their organization’s cloud

deployment as being “mixed or hybrid.” Alternatively, 16 percent of respondents described their cloud

deployment as private, 13 percent said they operate in the public cloud, and just 8 percent of

respondents said they do not have any cloud infrastructure.