Businesses can be exposed to vulnerabilities when professionals prioritize a deadline over security, according to research from Threat Stack.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 52% of companies admit to cutting corners on security to meet a project deadline. — Threat Stack, 2018
- 68% of executives said their CEO doesn't want the security or DevOps teams to do anything that could slow a project down. — Threat Stack, 2018
More than half of companies admit to loosening security measures to expedite projects or meet deadlines, a new Threat Stack report found.
In a survey of over 200 executives, 52% said their company had prioritized a deadline or objective over the firm's security. The emphasis on speed over security could leave holes in a project, leaving a company vulnerable.
The focus on speed comes from pushback on both sides of a project, the report found. Over two-thirds—68%—of respondents said their CEO asks the DevOps and security teams to not do anything that would slow a project, while 62% said their operations team sometimes fights new security efforts.
SEE: Guidelines for building security policies (Tech Pro Research)
The majority of respondents said SecOps is important for their organization, but only 35% said it was a complete or mostly complete project at their company. At 18% of companies, SecOps isn't established at all, the report found.
"The vast majority of companies are bought-in, but, unfortunately, a major gap exists between intent of practicing SecOps and the reality of their fast-growing businesses. It's important that stakeholders across every enterprise prioritize the alignment of DevOps and security," Brian Ahern, Threat Stack CEO, said in the press release.
Most of the challenges come from organizational alignment, the report found, as DevOps and security teams might be operating in different silos.
The discrepancy suggests companies should agree and focus on security to ensure their company remains safe, even under pressure from a deadline or the competition.
- Security awareness and training policy (Tech Pro Research)
- Singapore CIOs believe machine learning can improve speed, security ops (ZDNet)
- 5 critical IT security questions enterprises need to answer now (TechRepublic)
- Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)
- The top 10 security challenges of serverless architectures (ZDNet)