Organizational culture: A key hurdle that keep companies away from DevSecOps

MUMBAI, INDIA: Today’s digital economy is fueled by software. But as software becomes more critical to business success in the digital economy, security concerns are exponentially on the rise, say the recent survey findings by CA Technologies.

Though the majority confirmed that software development supports growth and expansion, helps businesses compete and drives digital transformation, 74% of respondents agreed that security threats due to software and code issues are a growing concern.

CA Veracode’s State of Software Security Report 2017 also found that vulnerabilities continue to crop up in previously untested software at alarming rates, with 77% of apps having at least one vulnerability on the initial scan.

Conducted by IT industry analyst firm Freeform Dynamics, the new report highlights the influence of an organization’s culture on its ability to integrate security practices into their software development initiatives, a practice, and approach commonly known as DevSecOps.

When software is developed with security integrated from the start, the risk of data breaches is greatly diminished, providing users with heightened levels of confidence and trust when engaging with applications and services that are so ubiquitous in our online world.

But creating a culture of secure software development is a major challenge, according to the survey findings. An overwhelming 58% of respondents cited existing culture and lack of skills as hurdles to being able to embed security testing and evaluation within software development processes. Only 24% strongly agreed that the organization’s culture and practices supported collaboration across development, operations, and security. On top of cultural limitations, less than a quarter of respondents strongly agreed that senior management would sacrifice time to market in order to have sufficient time to assess and repair software security vulnerabilities.

“Security is a key principle in any Modern Software Factory. While our survey findings confirm an overarching recognition in the importance of ensuring that data and systems are built and maintained securely, there is still a lack of cultural adoption within organizations around this pressing issue,” said Ayman Sayed, president and chief product officer, CA Technologies. “When coupled with security, Intelligent IT – the use of AI, machine learning, and analytics to make better, more informed decisions – can dramatically change the way that business is done.”

The report showcases characteristics of “Software Security Masters” (the top 34% of respondents), which are organizations that have been able to fully integrate security into their software development lifecycles. This includes conducting early and continuous application testing for security vulnerabilities, as well as embracing the practice of DevSecOps.

In fact, when compared with the mainstream, respondents from the Software Security Masters were over two times more likely to strongly agree that they viewed security as an enabler of new business opportunities. These organizations also exhibited 50% higher profit growth, 40% higher revenue growth, are 2.6x more likely to have security testing keep up with frequent app updates, and are 2.5x more likely to be outpacing their competitors.

“The organizations labeled as Software Security Masters are the beacons of hope in today’s digital economy. Not only do they exemplify and represent the cultural mindset necessary to adapt and thrive in today’s dynamic market, they are influencing change within the industry while shaping the workplace of the future,” concluded Sayed.