Despite heavy investment in software and modern architectures to drive results, the business side of the house isn’t security savvy.
A new survey from Frost & Sullivan (sponsored by CA Technologies) shows that business leaders are taking the reins of software development and realizing the benefits to their KPIs. The problem: They don’t seem to be paying close enough attention to potential security issues.
The study—which polled both business and IT executives—shows that lines of business such as marketing and finance have a major influence on software spending and development. In fact, respondents in business functions report that 28 percent of their application development is done within their own teams, with another 39 percent sourced from their company’s IT function.
What’s worrisome is not a single business function recognized cybersecurity as a key challenge. Worse, 69 percent of all respondents say pressure to deliver apps and services faster is negatively impacting quality and security. In fact, the top reason given for why applications have negatively impacted KPIs is security flaws and vulnerabilities with 54 percent of respondents saying so.
The main finding of the paper shows organizations that are modernizing their application architectures through the use of API, microservices, and containers are seeing impressive results when it comes to the ability of software to support business outcomes. But, even the vast majority (90 percent) that do well to leverage these technologies are still worried about new risks they may cause to the organization. According to the paper, security and regulatory compliance is a major concern because data is exposed through new microservices front-ended by APIs.
Will the constant drumbeat of high-profile data breach headlines ever change organizational behavior when it comes to security practices? That remains to be seen.
There are significant reasons for optimism in the Frost & Sullivan survey:
- While business functions are spending more on application development, they realize the value of collaborating with the IT department on shared services and infrastructure issues. Hopefully, that includes security.
- The apparent lack of competition between large organizations’ IT departments and the functional groups they support suggests that shadow IT is a thing of the past, which should be a plus on the cybersecurity front.
- Four out of five respondents see continuous app security testing and DevSecOps as critical to the implementation of a modern application architecture.
A key takeaway for CIO, CISOs and other security pros is that they must continue to educate their peers in other groups on the importance of proper security in both development and production. On the flip side, lines of business executives must partner with their peers in IT to make sure the software they develop and services they purchase are properly secured and monitored for potential breaches.
The stakes are too high not to be collaborative. Another recent study shows the long-term negative impact of a high-profile breach on a company’s stock price. A breach is not a small black mark for a short period of time, it can have a lasting negative impact on the organization.