A recent survey conducted by CloudPassage indicates that a lack of resources may be hindering the
ability for companies to embed security in application release cycles stymieing their efforts to implement
According to the survey:
– When asked the stage at which security is brought into software or product development release cycles,
more than half of respondents (58 percent) said security is introduced during phase one, the concept and
design phase. A quarter of respondents (22 percent) said security is brought in during phase two, the
coding and implementation phase.
– While more than half of respondents (58 percent) said security is brought into the development
lifecycle early, over half of respondents (51 percent) disagreed and or did not know if security is capable
of moving as fast as product or service release cycles.
– Two-thirds (65 percent) of security professionals cited both lack of resources (i.e. talent and budget)
and siloed departments as the biggest barriers to getting security earlier into release cycles. Lack of
resources was reported as the main barrier by 34 percent of the respondents. Fewer respondents, 18
percent, said security would slow down the release cycle. Eight percent said they believe “DevOps derails
– One-third (33 percent) of security professionals said the biggest business benefit for integrating
security into DevOps methods is better security, faster. Twenty-five percent of respondents said they
believe the biggest benefit is new applications without delays caused by security. Twenty-four percent
said the driver is improved relationships between DevOps and security teams.
– Nearly two-thirds (64 percent) of IT security professionals characterized their organization’s cloud
deployment as being “mixed or hybrid.” Alternatively, 16 percent of respondents described their cloud
deployment as private, 13 percent said they operate in the public cloud, and just 8 percent of
respondents said they do not have any cloud infrastructure.