DevSecOps Report 2023
A medida que los entornos de nube se vuelven cada vez más complejos, las organizaciones adoptan DevSecOps para innovar más rápido sin comprometer la seguridad.
Preguntamos a 1300 CISOs sobre los desafíos que enfrentan en su viaje hacia la madurez de DevSecOps. Esto es lo que nos dijeron:
-
Los silos, los conjuntos de herramientas fragmentados y los procesos manuales impiden una visión unificada de los problemas de seguridad y la pérdida de tiempo. -
Sin contexto sobre el riesgo de los ambientes, es difícil priorizar las vulnerabilidades. -
DevSecOps sería más efectivo si todos los equipos trabajaran desde una plataforma.
Global data summary: U.S. and Latin America
Sample includes 200 respondents from the U.S. and 50 respondents from each of Brazil and Mexico.
Chapter 1: Increased complexity makes cloud environments more difficult to secure
| U.S. | Brazil | Mexico | |
|---|---|---|---|
| CISOs say vulnerability management has become more difficult as the complexity of their software supply chain and cloud ecosystem has increased. | 62% | 64% | 62% |
| CISOs face a significant challenge in minimizing risk, given the difficulty of working with vendors to identify and resolve vulnerabilities in the software supply chain. | 72% | 66% | 76% |
| Security teams don’t have access to a fully accurate software bill of materials (SBOM) in real time. | 77% | 68% | 82% |
| CISOs say it would be impossible to create a fully accurate SBOM because their environment changes constantly. | 22% | 26% | 30% |
| CISOs say it’s a significant challenge to prioritize vulnerabilities because of a lack of context information about the risk they pose to their environment. | 76% | 76% | 90% |
| CISOs say vulnerability management would be easier if solutions combined application runtime context with vulnerability analysis and risk impact assessment. | 92% | 92% | 92% |
fuente: Dynatrace CISO report 2023