Skip to main content
close search
site logo
Dive Brief

Organizations tempt risk as they deploy code more frequently

Published March 7, 2023
Matt Kapko's headshot
Senior Reporter
Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard. Screens Show Coding Language User Interface.
gorodenkoff via Getty Images

Dive Brief:

  • Organizations are deploying cloud-native code more frequently than a year ago, sometimes neglecting security requirements in critical stages of the development process.
  • Two-thirds of enterprises are deploying code more often and nearly 2 in 5 deploy code to production daily, according to “The State of Cloud-Native Security” report released Tuesday by Palo Alto Networks. Nearly 1 in 5 organizations are deploying code multiple times a day.
  • This escalation in new code released comes as organizations operate with an average of 10 developers for every security professional on staff, highlighting inefficiencies and pressure in the DevOps process.

Dive Insight:

The report’s findings underscore how priorities and development operations are misaligned, a tension that is at odds with the Biden administration’s “secure by design” national cyber strategy.

The pace of code deployments is “an incredible rate for security teams to keep up with,” Charles Goldberg, senior director of product marketing at Palo Alto Networks, said via email.

“Like the adage says, seat belts in cars allow drivers to go faster safely. It’s the same in organizations —they can only build and deploy new applications quickly if they are safe,” Goldberg said. “If not, they will be exploited in production and it will take developers a lot more time to fix —reducing their speed in writing new code.”

The imbalance between developers and security professionals on staff spotlights a disconnect between these business functions and objectives. More than 3 in 4 respondents said developers are held accountable for writing insecure code, though security is not their primary responsibility.

“Ultimately, security teams are caught between responding to app teams and securing an increasingly complex cloud environment comprising multiple layers in the cloud stack,” the report said.

New risks are emerging as vulnerabilities and misconfigurations reach live products and end-user systems, according to the report.

Risks introduced early in the application development process was the top concern shared by respondents pertaining to cloud-native security incidents.

The survey included responses from 2,500 executives, IT leaders, developers and security practitioners in the U.S., Japan, Germany, the U.K., France, Singapore and Australia between Nov. 21 and Dec. 14, 2022. Palo Alto Networks commissioned The Fossicker Group to help with the survey and report.

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell