Building security into digital transformation plans is a priority, yet the path there is confusing and inconsistent, IT organisations admit as part of a survey.
The importance of digital transformation and security
All of those asked agreed that digital transformation is top of the list in when it comes to developing a company, with a further 79% of respondence having already begun initiatives to ensure this is happening.
Along with this, over half (58%) of professional admitted that finding bugs, flaws and vulnerabilities an “extremely” important part of the software development lifecycle (SDLC).
A clear destination, yet an unclear path
It also seems that software testers are struggling to set out a well-defined path to achieve security and digital transformation, despite having a desire to integrate new practices. The results show that people rely on scanning and testing tool to manage software risk but despite the effort, deployments remain inconsistent.
For example, 63% use six or more scanning tools, with almost one tenth (9%) reporting to use over 30 tools. Adding to this, Network and vulnerability scanning are the most broadly employed but just barely surpass usage across 50% of all organisations. Vulnerability scanning is used by 51% of enterprises, while network scanning comes in at 53%.
Furthermore, it seems that professionals aren’t fully aware as to what tools are being used in their organisations. A quarter of respondents disclosed that they are not aware if its organisation is using interactive application security testing (IAST), while 19% don’t know if they are using software composition analysis (SCA) or cloud middleware.
Businesses must keep up with change
“Businesses choose to see their evolution through the lens of digital transformation; it’s their way of describing acceleration of value stream delivery to customers through translating more of the business to software. To remain relevant, security must keep up with the pace and scope of this change,” said John Steven, CTO at ZeroNorth.
The CTO added: “This shift doesn’t occur overnight, and it’s good to know that everyone is headed towards the same destination – we just have to agree on who’s going to navigate or drive each journey segment. Organizations that figure out how to prioritize and orchestrate the many pieces of their vulnerability management are in the best position to eliminate one of security’s most costly causes of delay along the journey.”