DigiCert Survey Shows Enterprises Integrating Security Teams into DevOps

July 19th, 2017

LEHI, UT (July 19, 2017) — DigiCert, a global leader in scalable identity and encryption solutions for enterprise and Internet of Things (IoT) security, today announced the results of its 2017 “Inviting Security into DevOps Survey,” which reveals that 98 percent of enterprises are integrating their security teams into their existing DevOps methodologies. Or, at least they’re trying to.

Their goal is to increase information security, IT agility and development agility. However, they face several challenges, including the amount of time required, and cultural differences among the security, IT and DevOps roles.

“Going faster introduces security risks, while maximizing security often slows things down,” said Dan Timpson, Chief Technology Officer at DigiCert. “The market is at a tipping point and enterprises are looking for solutions to minimize the time that it takes to integrate and to help security better fit within DevOps workflows.”

49 percent are in the process of doing so, and 49 percent have completed their efforts. Those who have integrated security into DevOps report improvements to both development agility and information security, contrary to the common belief that security and agility cannot coexist. Additionally, they are:

  • 22 percent more likely to report they are doing well with information security
  • 21 percent more likely to report doing well meeting app delivery deadlines
  • 21 percent more likely to report doing well at lowering app risk

Repercussions of the Status Quo

Agile security is on the minds of enterprises with 88 percent of respondents saying it is somewhat to extremely important to integrate security into DevOps. They worry that failure to do so will lead to problems including:

  • Increased costs (78 percent)
  • Slower app delivery (73 percent)
  • Increased security risks (71 percent)

Respondents also admit the process is not easy, although the obstacles vary depending on where an organization is in the process.

Before making the transition, enterprises predict the top challenges will be that:

  • The organization structure prohibits integration
  • They lack a champion for the transition
  • The security team doesn’t really work well in a team environment

For those organizations looking back after integrating security, the biggest roadblocks turned out to be:

  • Takes too much time
  • Security team resists the change
  • Lack of relationship skills required to bring the two teams together

Note the top challenge cited after integrating was that the transition took too long. Technical teams underestimate the challenge of integrating security into DevOps, thinking the integration will take less than a year (seven to 11 months). Those who claim to have completed the process say it took roughly twice as long—on average one to two years.

Recommendations

The DigiCert 2017 Inviting Security into DevOps survey points to four best practices to balance development agility and information security to help create a predictable and reliable process:

  • Appoint a Social Leader
    • Identify a champion to drive cultural change including defining IT, security, DevOps roles and integrating teams.
  • Bring Security to the Table
    • Place a security lead on all DevOps initiatives and involve them from the beginning. Limit access, sign and encrypt everything within the network using automated PKI.
  • Invest in Automation
    • Automate baseline security practices within DevOps workflow, including: certificate management, patching, vulnerability scanning, static code analysis.
  • Integrate and Standardize
    • Implement controls on certificate management processes and integrate with server configuration and orchestration platforms to enable automated security behind the scenes.

“Agility and security are not mutually exclusive, and integration requires a combination of technology improvements, and a cultural shift in how technical staff is aligned,” said DigiCert Cheif Security Officer Jason Sabin. “The DevOps methodology is not just a method for increasing speed, but about improving efficiency, quality control and predictability in development outcomes. The right integration of security staff and technology, including digital certificates, can improve organizational metrics, avoid costly delays and improve the end-user experience.”

Read the full survey report.

About the Research

DigiCert commissioned ReRez Research of Dallas, Texas to survey large organizations in the U.S. during May 2017. The survey included 300 senior managers in total, split evenly between IT, DevOps and Security management roles.

About DigiCert, Inc.

DigiCert is a leading provider of scalable security solutions for a connected world. The most innovative companies, including the Global 2000, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports SSL/TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management platform, CertCentral®. The company has been recognized with dozens of awards for its enterprise-grade management platform, fast and knowledgeable customer support, and market-leading growth. For the latest DigiCert news and updates, visit digicert.com  or follow @digicert.

Get Email Updates

  • Subscribe to get the latest UTC news.

Follow Us

Blog Favorites

From Utah’s Classrooms to Utah’s Workforce: Talent Development and Retention

      We all know how important a talented workforce is to the health of Utah’s businesses and overall economy. With the growth of Silicon Slopes, Utah industries are going to require more and more highly-skilled and highly educated workers in the coming years. Fortunately for us, Utah has a strong and vibrant system […]

Computer Science: Every Classroom, Every Age

  It was last October that I sat across from Aaron Skonnard, CEO of Pluralsight and former UTC board member, as he shared his vision for Utah’s educational future. The goal: computer science offered in every classroom at every age. As our economy changes, our education must change as well. Utah needs to invest in […]

Why I will be at Silicon Slopes 2018 Tech Summit

We’ve all gone to those conferences where, by the end of the first morning, we are questioning why we haven’t already made our way to the hotel pool to avoid one more droning conversation, one more irrelevant presentation or less than dynamic speaker. The lighting is mediocre, the chairs are uncomfortable, and you’ve been staring […]