The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, according to new research.

A global study from software company Dynatrace, which surveyed 700 CISOs, found that 89 per cent of respondents say microservices, containers, and Kubernetes have created application security blind spots.

97 per cent of organisations do not have real-time visibility into runtime vulnerabilities in containerised production environments.

63 per cent of CISOs say DevOps and Agile development have made it more difficult to detect and manage software vulnerabilities, while 74 per cent believe traditional security controls such as vulnerability scanners no longer fit today’s cloud-native world.

A further 71 per cent of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

“The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security,” said Bernd Greifeneder, founder and chief technology officer, Dynatrace. “This research confirms what we’ve long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today’s dynamic cloud environments and rapid innovation cycles.

Greifeneder added: “Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organisations to unnecessary risk.”

Share Story: