IT security has become a major issue for organizations. But for all! And all trades do not apply the essential rules for lack of budget and skills internally. This is the finding of the First Observatory of Directors and IT Managers on the adoption of security in their DevOps initiatives launched by Micro Focus. Application design, poorly secured code, infrastructure configuration or lack of encryption of information allowing the user to authenticate: security breaches can be at different stages.
For IT organizations engaged in the adoption of DevOps practices, the schema is now modified: we now evoke an evolution towards “DevSecOps” practices: the challenge now is to integrate security on a continuous basis across the entire organization of the application lifecycle. This proactive policy therefore involves multiplying intrusion tests and code scans in order to identify potential vulnerabilities and correct them as soon as possible. Because security incidents are not uncommon. This is the main lesson of this study conducted in the first quarter of 2019, in France, mainly from IT decision makers of large companies. 18 key questions were asked to measure the adoption status of the DevSecOps initiative to more than 2000 professionals. With the rise of agile methods, IT security is now a shared responsibility, especially with IT teams managing the product lifecycle.
“In concrete terms, this translates into change management initiatives, which take the form of awareness-raising, coaching and internal communications with the staff of the ISD. The focus is on the need to push the automation of these tasks to the maximum, “insists Micro Focus. But we need to strengthen the security of data, especially those hosted in the cloud. Many organizations mistakenly believe that the cloud offers more security. It is an error of appreciation. Suppliers in the cloud have the “beautiful role” by only securing certain aspects. But it is to their customers that the main work of data protection comes back. But they do not do it! According to the Redlock Cloud Threat Defense (RedLock) report, May 2018, more than half of the companies failed to secure their cloud storage services effectively in 2017, and as a result experienced a leak or theft of stored data. The entry into force of various regulations as well as the GDPR is encouraging companies to revise their culture of data governance. Like cybersecurity, the confidentiality of information requires a holistic approach and prevention.