Enterprise software delivery platform CloudBees has released its annual report CloudBees Global C-Suite Security Survey. The report found that security and compliance challenges are major barriers to most organizations’ innovation strategies.
The survey also revealed a consensus among executives that shifting security strategy left would cost development teams.
Three-quarters of executives say compliance challenges (76%) and security challenges (75%) limit their company’s ability to innovate. This is partly due to the significant time spent on compliance audits, risks and defects.
At the same time, executives overwhelmingly support a shift left approach. This is a strategy that moves software testing and evaluation earlier in the development lifecycle and places the burden of compliance on the development team.
In fact, 83% of executives say this approach is important to their organization, and 77% say they are currently implementing a shift-left approach to security and compliance. This is despite 58% of executives reporting that shifting left is a burden on developers.
CloudBees Chief Information Security Officer Prakash Sethuraman said:
“Shifting left is often talked about, but it doesn’t deliver the desired results. Instead, it puts more strain on development teams and distracts them from value-adding work. What we need is new thinking and freshness. This approach to security and compliance is continuous and actually drives innovation.”
The survey also revealed a decline in trust in software supply chain security and compliance, and an increase in interest in the area. In 2022, his 88% of executives say their company’s software supply chain is secure or very secure, down from his 95% in 2021.
Additionally, 33% say their software supply chain is fully compliant, down 19% from the previous year. Additionally, 86% of his executives are more focused on compliance than he was two years ago, and 82% express concerns about attacks.
The survey also reveals:
- When choosing between speed and security, security takes precedence. More than three-quarters of his executives say safe and compliance are more important than speed and compliance.
- Executives have confidence in their teams. 9 out of 10 of his executives say their company’s risk management team has the tools, knowledge and expertise to build and/or maintain secure software his supply chain increase.
- Automation can help, but it’s not for everyone. Software Delivery Supply He said only 22% of C-suite executives said their chain was fully automated, while 37% said it was mostly automated. Similarly, 22% say their compliance processes are fully automated, and 35% say they are almost fully automated.
- It’s a mixed bag when it comes to tools. Three of his five executives (59%) say they have all or nearly all external tools to address security and compliance issues, and 29% say they have internal tools. and external tools. Only 11% primarily use internal tools.