Survey Creation And Methodology
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies. CSA is also tasked with educating various stakeholders within these industries about security concerns in all other forms of computing. CSA’s membership is a broad coalition of industry practitioners, corporations, and professional associations. One of CSA’s primary goals is to conduct surveys that assess information security trends. These surveys help gauge the maturity of information security technology at various points in the industry, as well as the rate of adoption of security best practices.
TrendMicro commissioned CSA to develop a survey to add to the industry’s knowledge about secure DevOps and misconfigurations and to prepare this report of the survey’s findings. TrendMicro financed the project and co-developed the initiative by participating with CSA in the development of survey questions addressing secure DevOps. The survey was conducted online by CSA from July 2021 to September 2021 and received over 900 responses from IT and security professionals from a variety of organization sizes and locations. The data analysis was performed by CSA’s research team.
Goals of the study
The goal of this study was to better understand the current state of DevSecOps in a variety of areas.
Key areas of interest include:
- Public cloud workloads now and in the future
- Cloud security challenges and misconfigurations enterprises face
- Enterprises journey toward implementing DevSecOps approach
- Training and education methods for improving cloud security
Executive Summary
Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cybersecurity professionals and lacking security skillsets, cybersecurity teams are already stretched to their limits. This has given rise to a DevSecOps approach, however, DevSecOps isn’t a silver bullet, organizations still face misconfigurations and other security challenges, struggle with implementing DevSecOps approach, and insufficient security skillsets.
To read
full download the whitepaper:
Secure DevOps and Misconfigurations
