Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Integrating Security into the DNA of Your Software Lifecycle

611 views

Published on

CA Technologies reveals results of a global study of more than 1,200 IT leaders, including 466 across six countries in Europe, on the topic of secure software development. Conducted by IT industry analyst firm Freeform Dynamics, the study entitled, “Integrating Security into the DNA of Your Software Lifecycle” highlights the influence of an organisation’s culture on its ability to integrate security practices as part of the software development lifecycle – a practice critical to business success in the digital economy.

93% of European respondents agree software development is key to growth and expansion.

Download our presentation to find out more

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Integrating Security into the DNA of Your Software Lifecycle

  1. 1. Copyright 2018 Freeform Dynamics Ltd 1Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 466 EMEA Respondents Sponsored by CA Technologies www.freeformdynamics.com Integrating Security into the Software Lifecycle How the “Masters” move beyond pure risk management to focus on business growth EMEA RESEARCH RESULTS
  2. 2. Copyright 2018 Freeform Dynamics Ltd 2Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results About the broader study ▪ Global study across 15 countries, six in EMEA ▪ France, Germany, Italy, Spain, Switzerland, UK ▪ Online data collection based on CA Technologies’ questionnaire (with subsequent analysis by Freeform Dynamics) ▪ 466 EMEA respondents ▪ Mid-sized to large organisations across 8 industries ▪ Minimum of 1,000 employees or $200m revenue ▪ Equal split across 3 employee size bands: <2500, 2500 to 5000, >5000 ▪ Manufacturing, Financial Services, Telco, Retail, Healthcare, Transportation/Logistics, Energy/Utilities, Public Sector ▪ Senior respondent base ▪ VP, management or senior practitioner level, equal split between IT and LOB ▪ 41% globally say they are significantly involved in software security ▪ Data collection completed July 2017
  3. 3. Copyright 2018 Freeform Dynamics Ltd 3Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Executive Summary ▪ As software development becomes more critical to business success, security concerns are growing, particularly with mobile and web-based apps ▪ DevSecOps and integrating security into the software development process has become the new imperative ▪ But there are many obstacles, and most organisations are facing significant challenges ▪ Assessing current capabilities reveals a set of “Security Software Masters” who are getting it right ▪ These security masters are seeing significant benefits, including improved competitiveness and time-to-market as well as a 50% higher profit growth and a 40% higher revenue growth as compared to mainstream organisations ▪
  4. 4. Copyright 2018 Freeform Dynamics Ltd 4Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 1 The growing importance of security within the software development cycle
  5. 5. Copyright 2018 Freeform Dynamics Ltd 5Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion 93%Say software is essential or important Helping the business compete 89%Say software is essential or important Digital transformation 87%Say software is essential or important Effective software development is key to business success How important is the use of software development for your organisation to succeed in the following areas?
  6. 6. Copyright 2018 Freeform Dynamics Ltd 6Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion Helping the business compete Digital transformation Say software is essential or important Effective software development is key to business success (country results) 89% Say software is essential or important 88% Say software is essential or important 93% Say software is essential or important 81% Say software is essential or important 89% Say software is essential or important 90% Say software is essential or important 86% Say software is essential or important 86% Say software is essential or important 86% Say software is essential or important UK France Germany
  7. 7. Copyright 2018 Freeform Dynamics Ltd 7Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion Helping the business compete Digital transformation Say software is essential or important Effective software development is key to business success (country results) 92% Say software is essential or important 96% Say software is essential or important 96% Say software is essential or important 95% Say software is essential or important 91% Say software is essential or important 94% Say software is essential or important 91% Say software is essential or important 87% Say software is essential or important 87% Say software is essential or important Italy Spain Switzerland
  8. 8. Copyright 2018 Freeform Dynamics Ltd 8Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing How much would you agree or disagree? ! Agree or strongly agree 56% Number of breaches due to Web Applications is growing rapidly Number of breaches to Mobile Applications is growing rapidly ! Agree or strongly agree 60% Security threats due to software/code issues is a growing concern ! Agree or strongly agree 71%
  9. 9. Copyright 2018 Freeform Dynamics Ltd 9Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing (country results) Security threats due to software/code issues is a growing concern ! Agree or strongly agree 65% ! Agree or strongly agree 79% ! Agree or strongly agree 61% UK France Germany
  10. 10. Copyright 2018 Freeform Dynamics Ltd 10Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing (country results) Security threats due to software/code issues is a growing concern ! Agree or strongly agree 80% ! Agree or strongly agree 65% ! Agree or strongly agree 73% Italy Spain Switzerland
  11. 11. Copyright 2018 Freeform Dynamics Ltd 11Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 2 DevSecOps and integrating security into the software development lifecycle is the new imperative
  12. 12. Copyright 2018 Freeform Dynamics Ltd 12Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development Tactics for dealing with security more effectively Key software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) 91% 74% see this as essential or important agree or strongly agree this is critical
  13. 13. Copyright 2018 Freeform Dynamics Ltd 13Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development (country results) Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 70% Agree/strongly agree this is critical 1% 91% UK Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 88% Agree/strongly agree this is critical 92% France Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 71% Agree/strongly agree this is critical 96% Germany
  14. 14. Copyright 2018 Freeform Dynamics Ltd 14Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development (country results) Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 64% Agree/strongly agree this is critical 1% 91% Italy Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 80% Agree/strongly agree this is critical 92% Spain Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 70% Agree/strongly agree this is critical 86% Switzerland
  15. 15. Copyright 2018 Freeform Dynamics Ltd 15Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results But today’s organisations are challenged to meet these new expectations Only 30% believe IT is very effective at making security a more embedded part of the software development process Only 23% believe senior management understands the importance of not sacrificing security for time-to-market Only 24% believe the organisation’s culture and practices support collaboration across development, operations and security
  16. 16. Copyright 2018 Freeform Dynamics Ltd 16Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results “Senior management understands the importance of not sacrificing security for time-to-market” Strongly Agree “Our organisation’s culture and practices support collaboration across development, operations and security” Strongly Agree 16% 22% 23% 24% 26% 26% Switzerland Germany Spain Italy UK France 16% 21% 22% 24% 30% 31% UK Germany Switzerland Italy France Spain Country results
  17. 17. Copyright 2018 Freeform Dynamics Ltd 17Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress How significant are the following hurdles to embedding end-to-end security in your software development processes? 66% Time pressure Hurdle for 60% Existing culture Hurdle for 55% Lack of political will Hurdle for 62% Lack of budget Hurdle for 55% Lack of skills Hurdle for 45% Lack of proper tools Hurdle for ! Agree or strongly agree 70% Our software developers would benefit from more training in coding securely Agree/disagree Percent of respondents who replied ‘significant’ or ‘extremely significant’
  18. 18. Copyright 2018 Freeform Dynamics Ltd 18Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress (country results) 72% Time pressure Hurdle for Percent of respondents who replied ‘significant’ or ‘extremely significant’ Existing culture Hurdle for 51%UK 62% Time pressure Hurdle for Existing culture 56% 66% Time pressure Hurdle for Existing culture 61% France Germany
  19. 19. Copyright 2018 Freeform Dynamics Ltd 19Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress (country results) 68% Time pressure Hurdle for Percent of respondents who replied ‘significant’ or ‘extremely significant’ Existing culture Hurdle for 71%Italy 65% Time pressure Hurdle for Existing culture 69% 62% Time pressure Hurdle for Existing culture 54% Spain Switzerland
  20. 20. Copyright 2018 Freeform Dynamics Ltd 20Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Authenticating controls based on what a user is doing and what you know about them Providing a better user experience while still protecting user data Assessing the threat of data breaches based on patterns of activity Taking pre-emptive action to avoid a data breach and/or mitigate the impact of one Essential 21% 67% 37% 51% 36% 45% 38% 50% How important for your company is the use of behavioural analytics and machine learning to improve security in the following areas? Advanced technologies are now available to help Important Essential Important Essential Important Essential Important 88%see as key 88%see as key 81%see as key 88%see as key
  21. 21. Copyright 2018 Freeform Dynamics Ltd 21Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Providing a better user experience while still protecting user data Advanced technologies are available to help (country results) 83% see as key see as key 88%see as key 88% see as keysee as key 82%see as key 85% see as key Providing a better user experience while still protecting user data Providing a better user experience while still protecting user data UK Germany France
  22. 22. Copyright 2018 Freeform Dynamics Ltd 22Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Providing a better user experience while still protecting user data Advanced technologies are available to help (country results) 93% see as key see as key 88%see as key 88% see as keysee as key 89%see as key 94% see as key Providing a better user experience while still protecting user data Providing a better user experience while still protecting user data Italy Switzerland Spain
  23. 23. Copyright 2018 Freeform Dynamics Ltd 23Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 3 Are some organisations getting it right? Introducing the Software Security Masters
  24. 24. Copyright 2018 Freeform Dynamics Ltd 24Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 35% 46% 12% 6% Implemented broadly In selected areas only Currently exploring No activity 28% 28% 47% 41% 21% 24% 0% 20% 40% 60% 80% 100% Early and continuous testing of apps for security vulnerabilities Making security an integral part of DevOps Already done Doing this now Plan to do this No plans Unsure Are you implementing measures or initiatives to address the following?1 How much is security vulnerability testing embedded into your end-to-end software delivery processes?3 Assessing ability to transform lifecycle security management – 6 criteria
  25. 25. Copyright 2018 Freeform Dynamics Ltd 25Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 24% 21% 30% 56% 53% 50% 15% 20% 15% 0% 20% 40% 60% 80% 100% We have robust internal processes to continuously test for security vulnerabilities Our DevOps teams understand and embrace the need to integrate security earlier into the development lifecycle (often termed DevSecOps) Security is now a fully interwoven component and consideration in the business, not a last step technology overlay Strongly agree Agree Neutral Disagree Strongly disagree Unsure How would you agree or disagree with the following statements?2 Assessing ability to transform lifecycle security management – 6 criteria
  26. 26. Copyright 2018 Freeform Dynamics Ltd 26Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Identifying the ‘Software Security Masters’ CURRENT CAPABILITY Scored based on “current state” indicators Security Masters Mainstream (representative of general population)
  27. 27. Copyright 2017 Freeform Dynamics Ltd 27Software Lifecycle Security as a Business Growth Enabler – October 2017 Study sponsor Research by Global Results Security Masters by country/region 55% 45% 45% 42% 41% 38% 34% 32% 31% 30% 28% 27% 18% 17% 15% 44% 32% 32% 45% 55% 55% 58% 62% 66% 68% 69% 70% 73% 73% 82% 83% 85% 56% 68% 68% India China US Italy Brazil France UK Germany Spain Australia Singapore Japan Switzerland Hong Kong South Korea Americas EMEA APJ Security Masters Others
  28. 28. Copyright 2018 Freeform Dynamics Ltd 28Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 4 What benefits do the Software Security Masters enjoy? Note – the following data is only available at an EMEA level
  29. 29. Copyright 2018 Freeform Dynamics Ltd 29Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security is an enabler of new business opportunities in addition to helping protect our company’s data and systems Strongly agree 40%Security Masters Mainstream (general population) Strongly agree 23% A more positive view of security in the digital economy SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings Master advantage 1.7x difference
  30. 30. Copyright 2018 Freeform Dynamics Ltd 30Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Strongly agree 31%Security Masters Mainstream (general population) AGREE/DISAGREE Our security testing can keep up with the demand to release frequent app updates1 AGREE/DISAGREE Our company is moving fast enough to outpace our competitors2 Strongly agree 13% Strongly agree 31%Security Masters Mainstream (general population) Strongly agree 16% Better support for innovation and time to market SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings Master advantage 2.4x difference Master advantage 1.9x difference
  31. 31. Copyright 2018 Freeform Dynamics Ltd 31Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 7% 1% 14% 8% 23% 22% 24% 31% 23% 22% More than 50% growth 21%-50% 11%-20% 6-10% 3-5% 1%-2% 0% (flat) 9% 2% 9% 7% 20% 23% 33% 27% 21% 31% More than 50% growth 21%-50% 11%-20% 6-10% 3-5% 1%-2% 0% (flat) Approximately how much has your organisation’s revenue changed over the last year?1 Approximately how much has your organisation’s profit changed over the last year?2 Security Masters Mainstream (general population) Security Masters Mainstream (general population) 14% Approx average 10% Approx average 15% Approx average 10% Approx average Healthier top and bottom lines SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings 2.0x More likely to have a growth rate >20% 40% Higher revenue growth 2.3x More likely to have a growth rate >20% 50% Higher profit growth
  32. 32. Copyright 2018 Freeform Dynamics Ltd 32Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Next steps: how to integrate security into your development DNA 1. Raise security awareness 2. Build security into every step of application delivery 3. Start from where you are 4. Review training and process change requirements 5. Focus on tooling and best practice, and don’t reinvent the wheel 6. Make a business case for security
  33. 33. Copyright 2018 Freeform Dynamics Ltd 33Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Integrating Security into the Software Lifecycle Learn how you can achieve the results of the Software Security Masters by fully integrating security and continuous security testing into your software development process. Download the report entitled “Integrating Security into the DNA of Your Software Lifecycle” to find out more, or visit https://www.ca.com/modern-software-factory Research was sponsored by CA Technologies and conducted by Freeform Dynamics Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies

×