Dynatrace, the leader in unified observability and security, announced the findings of an independent global survey of 1,300 chief information security officers (CISOs) in large organizations. The research reveals that CISOs find it increasingly difficult to keep their software secure as their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments. It also finds that the continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption. These insights highlight the growing need for the convergence of observability and security to fuel data-driven automation that enables development, security, and IT operations teams to deliver faster, more secure innovation.
UAE-focused findings from the research include:
- 80% of CISOs in the UAE say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. This point of view is heavily shared by CISOs in Qatar (96%) and Egypt (92%).
- 88% of CISOs say the time it takes between the discovery of zero-day attacks and their ability to patch every instance is a significant challenge to minimizing risk.
- 76% of CISOs say it’s a significant challenge to prioritize vulnerabilities because they lack information about the risk these vulnerabilities pose to their environment.
- 57% of the vulnerability alerts that security scanners alone flag as “critical” are not important in production, wasting valuable development time chasing down false positives.
- On average, each member of development and application security teams spends nearly a third (30%) of their time – or approximately 11 hours each week – on vulnerability management tasks that could be automated.
“Organizations are struggling to balance the need for faster innovation with the governance and security controls they established to keep their services and data safe,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “The growing complexity of software supply chains and the cloud-native technology stacks that provide the foundation for digital innovation make it increasingly difficult to quickly identify, assess, and prioritize response efforts when new vulnerabilities emerge. These tasks have grown beyond human ability to manage. Development, security, and IT teams are finding that the vulnerability management controls they have in place are no longer adequate in today’s dynamic digital world, which exposes their businesses to unacceptable risk.”
Additional findings include:
- 64% of CISOs say the prevalence of team silos and point solutions throughout the DevSecOps lifecycle makes it easier for vulnerabilities to slip into production.
- 88% of CISOs say they will see more vulnerability exploits if they can’t make DevSecOps work more effectively; however, just 20% of organizations have a mature DevSecOps culture.
- More than half (60%) of CISOs in the UAE say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.
- Only 48% of CISOs are fully confident that the software delivered by development teams has been completely tested for vulnerabilities before going live in production environments.
“Despite a widespread understanding of the many benefits of DevSecOps, most organizations remain in the early stages of adopting these practices due to siloed data that lacks context and limits analytics,” continued Greifeneder. “To overcome this, they should use solutions that converge observability and security data and are powered by trusted AI and intelligent automation. This is precisely what we architected the Dynatrace platform to do. As a result, our customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95 percent, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.”
The report is based on a global survey of 1,300 CISOs in large organizations with more than 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in March 2023. The sample included respondents in the U.S., UK, France, Germany, Spain, Italy, the Nordics, UAE, Saudi Arabia, Qatar, Egypt, Australia, India, Singapore, Malaysia, Brazil, and Mexico.