Nearly all respondents (99%) failed to identify all places where privileged accounts or secrets exist when offered several options from PCs/laptops to microservices, cloud environments and containers.

The option where the highest levels of unawareness existed was source code repositories such as GitHub, with 84% of survey respondents unaware that privileged accounts or secrets are found here, followed by microservices (80%), cloud environments (78%) and CI/CD tools used by DevOps teams (76%).

‘Secrets are being created’

Elizabeth Lawler, vice president for DevOps security at CyberArk, said: “As organisations employ DevOps, more privileged account credentials and secrets are being created and shared across interconnected business ecosystems.

“Even though the dedicated technology exists, with few organisations managing and securing secrets, they become prime targets for attacks. In the hands of an external attacker or malicious insider, compromised credentials and secrets can allow attackers to take full control of an organisation’s entire IT infrastructure.

”So it’s worrying that the rush to achieve IT and business advantages through DevOps is outpacing awareness of an expanded – and unmanaged – privileged attack surface.”

With just a quarter of security teams reporting that they have a privileged account security strategy for DevOps, and integration between teams lacking for nearly two-thirds of respondents (65%), many DevOps professionals are taking matters into their own hands. Nearly 22% of them have built their own security solution.

‘You must figure out every single tool’

Lawler continued: “Building your own security solutions is arguably OK up to a point, but is not a scalable way forward. From Jenkins to Puppet to Chef, there are no common standards between different tools, which means you must figure out every single tool to know how to secure it.

“DevOps really needs its own security stack, and security teams must bring something to the table here. They can provide a systemised approach that helps the DevOps teams maintain security while accelerating application delivery and boosting productivity.”

Enterprises are increasingly using cloud orchestration and automation tools to drive DevOps initiatives, and nearly half (49%) of respondents reported using the cloud for internal development.

‘Lack of a DevOps security’

However, the study shows that the lack of a DevOps security strategy extends to the cloud. Nearly two thirds (74%) rely on their cloud vendor’s built-in security, meaning privileged account security is not fully integrated into DevOps processes when spinning up new environments.

Lawler concludes: “Taken together, this year’s survey findings indicate that many organisations do not understand the need – or the mechanisms – to secure privileged account credentials and secrets, whether that’s in the cloud or on-premises. DevOps and security tools and practices must fuse in order to effectively protect privileged information.

“Building awareness and enabling collaboration between DevOps and security teams is the first step to help businesses build a scalable security platform that is constantly improved as new iterations of tools are developed, tested and released.”

Written from press release by Leah Alger

The post CyberArk: DevOps and security teams ‘must collaborate’ appeared first on DevOps Online North America.

In an attempt to gain control over the influx of new applications, the report found a 9% y-o-y increase in IT spending budgets directed towards testing and quality assurance. Of this budget, almost half (49%) is dedicated to maintenance work, focused on trying to ensure applications are suitable for business use. Relatedly, budget spent on new transformational work has decreased by 1% as companies begin to reign in their spending to focus on coping with the continuous transformation of applications.

A seamless customer experience is a key driver for QA testing

This year’s World Quality Report found that companies are continuing to invest in securing the integrity of their systems, with more than four out of five (81%) citing security as the main purpose for testing. This heightened awareness of security is driven by digital transformation and security testing has become critical to business assurance for many organisations. However, the role of the customer experience is now almost as important to companies with 79% identifying this as a key consideration for their quality assurance testing. This marks a notable shift for organisations who have come to realise the growing importance of providing customers with a smooth, seamless experience whenever they come into contact with the company’s properties.

Acknowledging the renewed intent on IT investment, Govind Muthukrishnan, Senior Vice President and Testing Global Service Line Leader observes: “This year’s World Quality Report shows that we live in a fast moving world where customer experience and flexibility are as important as keeping pace with digital transformation using agile QA and DevOps. Today, we see that organisations are making significant investments in test environments and test data – test ecosystems – and are focussing on end to end automation of not only testing but also the test ecosystems. however, organisations must move beyond automation of testing and test ecosystems to an integrated and intelligent QA lifecycle that can deliver synergy in business assurance.”

Shorter lifecycles demand greater agility

This year’s report also revealed that with spend on quality testing and assurance increasing, a higher proportion of that budget is now dedicated to DevOps and agile principles, with more than half (59%) of respondents saying at least half of projects within the organisation use DevOps principles and 47% use virtual test environments. While organisations attempt to modernise their testing practices and procedures, they also have to deal with the increasingly shorter life cycles of programs and applications, which is forcing an increase in demand for testing hardware and infrastructure: an increase of 5% from 2014 to 38%. However, despite the decrease in spending on new transformational work (down 1%), almost one in three (29%) are intent on developing Testing Centers of Excellence (TCoE) within the next two years.

New roles being created to meet testing demand

The maturity of the quality assurance market has seen the function become a critical business operation. With an increasing number of organisations now adopting DevOps and agile, there are a number of new roles being created to match the growing importance and size of the market. Roles that never previously existed, such as software development test engineers, are now appearing and the demand for these positions is only likely to increase as quality assurance becomes more central to the operation of organisations.

“Technology disruptions such as the Internet of Things (IoT), Big Data and mobility are leading to faster business transformations than ever before. Companies have to pivot quickly in order to stay ahead of the curve, compete and conform to the new style of business,” said Raffi Margaliot, Senior Vice President & General Manager, Application Delivery Management, HP Software. “This year’s World Quality Report highlights how quickly IT leaders are responding to these mega trends that are rapidly changing our industry and the steps they are taking to keep pace with the demands of their users without compromising application quality and user experience.”

Research methodology

The World Quality Report, which this year interviewed 1560 respondents from 32 countries, is the only global report for application quality. It has been produced annually since 2009. Now in its 7^th edition, the 2015 report adopted a hybrid methodology of data collection using both computer aided telephone interviews and computer aided web interviews. Based on analysis of five respondent groups: CIO, VP Application, IT Director, QA/Testing Manager and CDO/CMO, the report surveyed respondents from across the globe through quantitative interviews followed by qualitative deep-dive discussions.

A full copy of the World Quality Report 2015 can be downloaded here.

The post Speed of technical change posing problems for business, World Quality Report 2015 notes appeared first on DevOps Online North America.