SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IT Automation
#
Virtualisation
VMware finds 27% of developers aren't involved at all in security policy decisions
Fri, 24th Sep 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

VMware has announced findings from a study on the relationship between IT, security, and development teams as organisations adopt a Zero Trust security model.

The study, Bridging the Developer and Security Divide, was conducted by Forrester Consulting on behalf of VMware. It found security is still perceived as a barrier in organisations, with 52% of developers believing security policies are stifling innovation.

Forrester Consulting surveyed 1,475 IT and security leaders and discovered that only one in five (22%) developers strongly agree they understand which security policies they're expected to comply with. Alarmingly, more than a quarter (27%) of developers surveyed aren't involved at all in security policy decisions, despite the decisions having a significant impact on their roles.

Organisations, where security and development teams have a positive relationship, can accelerate the software development lifecycle five business days faster than those without - demonstrating how speed to market and competitive advantage are at stake.

Seventy-three percent of respondents agreed their senior leadership focuses more on strengthening the relationship between development and security now than two years ago, but relationships are still strained. One in three (34%) decision-makers reported their teams are not effectively collaborating or taking strides to strengthen relationships between security and development teams.

Lack of role definition for development teams, lack of communication between teams and competing priorities have major impacts on collaboration.

"Our research shows that security needs a perception shift," says VMware principal cybersecurity strategist, Rick McElroy.

"Rather than be seen as the team that only swoops in to fix breaches and leaks that get in the way of innovation, security should be embedded across people, processes, and technologies. Security needs to be a team sport that works alongside IT and developers to ensure protection across clouds, apps, and digital infrastructure.

"We need to develop a culture where all teams have shared interests and common goals or metrics, and where they speak one language. There's overwhelming value to the business when IT, security, and developers are all part of the decision-making, design, and execution," he says.

VMware says shared team priorities and engagement will pave the way forward, and there's already been some progress made on this front. More than half (53%) of respondents expect security and development teams to be unified within three years. And 42% expect security to become more embedded in the development process in that same period.

There's a broader acknowledgement that cross-team alignment empowers businesses to reduce team silos (71%), create more secure applications (70%) and increase agility to adopt new workflows and technologies (66%).

Related stories
Mako boosts defence against cyber attacks with Radware's protection services
Appdome, Atlassian to automate secure mobile app delivery
Cado Security teams up with Wiz to bolster cloud security solutions
Survey finds half of businesses planning to adopt AI
The rising threat of search engine ad abuse
Top stories
Booming AI deepfake detector market set to hit USD $5.7 million by 2034
Biometrics market projected to reach USD $173.7bn by 2032, says report
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security