Cloud-native architectures break traditional approaches to application security

New research shows that just 3% of organisations have real-time visibility into runtime vulnerabilities, as multi-cloud environments, Kubernetes, and DevSecOps drive digital transformation.

Software intelligence company Dynatrace announced the findings of an independent global survey of 700 CISOs, which reveals the rising adoption of cloud-native architectures, DevOps, and agile methodologies have broken traditional approaches to application security. As organisations shift more responsibility “left” to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in production. Organisations are calling for a new approach that is optimised for multi-cloud environments, Kubernetes, and DevSecOps. The complimentary report, “Precise, automatic risk and impact assessment is key for DevSecOps”, is available for download here.

This research reveals:

  • 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.
  • 97% of organisations do not have real-time visibility into runtime vulnerabilities in containerised production environments.
  • Nearly two-thirds (63%) of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities.
  • 74% of CISOs say traditional security controls such as vulnerability scanners no longer fit today’s cloud-native world.
  • 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

“The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security,” said Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace. “This research confirms what we’ve long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today’s dynamic cloud environments and rapid innovation cycles. Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organisations to unnecessary risk.”

Additional findings include:

  • On average, organisations need to react to 2,169 new alerts of potential application security vulnerabilities each month.
  • 77% of CISOs say most security alerts and vulnerabilities are false positives that do not require actioning as they are not actual exposures.
  • 68% of CISOs say the volume of alerts makes it very difficult to prioritise vulnerabilities based on risk and impact.
  • 64% of CISOs say developers do not always have time to resolve vulnerabilities before code moves into production.
  • 77% of CISOs say the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.
  • 28% of CISOs say application teams sometimes bypass vulnerability scans to speed up software delivery.

“As organisations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time ‘snapshots’,” continued Greifeneder. “With the Application Security Module on the Dynatrace Software Intelligence Platform, organisations can leverage the automation, AI, scalability, and enterprise-grade robustness of Dynatrace, and extend this to deliver more secure release cycles with confidence their cloud-native applications are free from exposures.”

The report is based on a global survey of 700 CISOs in large enterprises with over 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in 2021.

The sample included 200 respondents in the U.S., 100 in the UK, France, Germany, and Spain, and 50 in Brazil and Mexico, respectively.

READ MORE:

About Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organisations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort. That’s why many of the world’s largest enterprises trust Dynatrace® to modernise and automate cloud operations, release better software faster, and deliver unrivalled digital experiences.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Luke Conrad

Technology & Marketing Enthusiast

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...