Today we released the ESG Research Insights Report, Security Leadership Study – Trends in Application Security, revealing what CISOs are looking to prioritize in the year to come.
The report highlights challenges with current application security testing methods, crowdsourced security adoption and benefits, security leadership application security priorities, and DevSecOps adoption within the enterprise.
Some of the key findings include:
- Nearly 90 percent of security leaders are either already running a crowdsourced security program or are planning to run one in the next 12 months and beyond.
- Core benefits of crowdsourced cybersecurity include reduced cost and expanded coverage—the proverbial more-for-less value proposition.
- The addition of next-generation penetration testing leads to faster remediation of severe vulnerabilities and lower average testing cost.
- While the majority of applications are protected by an application security tool, roughly 40 percent of enterprise applications—on average—are unprotected.
- During the next 12 months, investments for public cloud-hosted applications and mobile applications are top priorities for all organizations, but more so for large enterprises.
- More than 80 percent of organizations have adopted or are planning to integrate cybersecurity processes and controls in the continuous integration and continuous delivery (CI/CD) processes of a DevOps approach (DevSecOps).
Crowdsourced security adoption is trending upward, signaling a growing acceptance and awareness of non-traditional security testing approaches among cybersecurity leadership. Survey respondents also see it as a complementary approach to existing processes and controls for faster and better results.
Additionally, while security stakeholders have competing viewpoints about DevOps, the majority thinks DevSecOps is valuable. Current and planned DevSecOps implementations are strong use cases for crowdsourced security and solutions that help security analysts do their jobs faster and better.
Security leaders are pushed to keep pace with the fast and disruptive nature of today’s business cycles, with flexible, continuous, contextual and reportable processes, in order to remain competitive. To address this, in 2019, CISOs are looking to invest in application security tools that can effectively scale in the same continuous nature as the development process.
For more on these trends and security leadership priorities for application security, check out the ESG Research Insights Report, Security Leadership Study – Trends in Application Security.
We’re also hosting a webinar featuring CSO David Baker and ESG Senior Analyst and Group Director Doug Cahill on Thursday, April 25 at 10am PT (1 pm ET) for a discussion on the key findings.
To learn more, register for the webinar.