While speed and agility are a few of the big drivers for service providers and enterprises embracing DevOps, there needs to be tighter integration between the security and DevOps teams, according to a report by HPE.
HPE's "Application Security and DevOps" report, which included both quantitative and qualitative responses from IT operations professionals, security leaders and developers, found that 99% of all respondents agreed that adopting a DevOps culture has the opportunity to improve application security. But just 20% were doing application security testing during development while 17% weren't using any technologies to protect their applications. According to the report, those issues highlight a large disconnect "between the perception and reality of secure DevOps."
"Our research shows that both security leaders and developers believe that the DevOps movement has the potential to significantly improve application security, but organizations are struggling to realize that potential so far," said Jason Schmitt, vice president and general manager of HPE Security Fortify at Hewlett Packard Enterprise , in a prepared statement. "By understanding the current state of DevOps and best practices for integrating security into the development culture, organizations can successfully secure software in this new DevOps world without impeding the speed and agility that it brings."
The report focused on the key barriers and gaps that were preventing organizations from integrating security into DevOps, including a significant lack of cooperation between developers and security teams. According to the report, 90% of the security professionals responded that integrating application security had actually become more difficult after their organizations started employing DevOps.
There was also a marked lack of security awareness and training for developers. Out of more than 100 job postings for software developers at Fortune 1000 companies, none specified security or secure coding experience and knowledge as part of the skill sets required, according to the report.
In order to overcome these obstacles, the report said that the responsibility for security should be shared across entire organizations, and that organizations should integrate security tools more heavily into the development ecosystem.
In this Telco Transformation radio show, James Crawshaw, Senior Analyst – OSS/BSS Transformation, Heavy Reading, will discuss the challenges and opportunities around re-creating OSS in a virtualized world.
The promise of 5G connectivity is a truly Networked Society. 5G is not just about making the throughput larger, it is also about offering use case optimized user experiences and inclusion of new vertical sectors. Use cases predicted for 2020 will need new types of connectivity services that are highly scalable and programmable in terms of speed, capacity, security, reliability, availability, latency and impact on battery type. 5G will need to be an agile, dynamically programmable network that can meet diverse needs with new, as-a-service models on a single infrastructure. In this Webinar, you will learn how the Open Networking Foundation is combining open source and software defined standards through its Open innovation Pipeline to advance innovative architectures such as mobile CORD (M-CORD). M-CORD is being developed by the CORD Project community under ONF's leadership and hosted by The Linux Foundation. Built on the pillars of SDN, NFV and cloud technologies, the end-to-end M-CORD open reference solution is arming operators with the capabilities needed to start planning for the upcoming 5G transition.