less˜s le˚ned - synopsys...the increase in cloud initiatives was especially sharp among...
TRANSCRIPT
The increase in cloud initiatives was especially sharp among organizations that had been attacked.
Less�s le�ned
from 59% in 2018 to 81% in 2019
Clearly, getting burned led these organizations to make security more of a priority.
Cl�d sec�ity is be��!Those with a “distinct,
specialized approach” to securing their cloud
deployments jumped from
58% in 2018 to
72% in 2019.
Greetings Fr�
Survey at RSA finds more than 90% making security a priority
At RSA Conference this year, we surveyed security professionals from a wide range of industries about application security.
More training:
The percentage of organizations that realize cyber security training can be an
effective way to create a culture of security is growing. Those with AppSec
programs for developers, awareness programs for all employees, or both are
86%. Just 14% have no cyber security training program.
M�e g�d news!
21% 19% 46% 14%Training for developers
Training for all
employeesTraining for both groups
No training program
That’s really g�d news!Security still a priority: 92% have a dedicated internal or third-party application security team initiative, or a combination of the two. That’s the same as last year. Only 8% reported no formal application security program in place.
Cust�� sec�ity c�es f�stSecuring customer data continues to be a high priority, with the percentage considering it critical increasing from 68% in 2018 to 72% in 2019.
Risky businessRespondents said the highest security risks to
their organizations came from customer-facing web applications at 49% and internal
business applications at 22%. They were much less concerned about mobile applications (15%) and embedded systems/IoT devices (14%).
Vuln�ability managementWhat vulnerabilities were survey respondents most concerned about?
31%
Proprietary code developed
in-house
Open source components31%
22%Proprietary code
developed by a third party
15%Misconfiguration
vulnerabilities in cloud or containerized
apps
1%
Chip-level flaws or vulnerabilities
Organizati�s still und� a�ack!It should be no surprise that more than a third of respondents said their organizations had been targeted by a cyber attack within the past two years:
Yes: 37% No: 40% Don’t know: 23%
A common belief among development organizations is that security testing is too slow–leading them to take on increasing risk in their quest to decrease time to market. But modern AppSec platforms integrate multiple tools and services to build security in throughout the SDLC, from developer to deployment, without slowing you down. With the right tools, you can manage risk across your application portfolio with minimal impact to your release dates.
Ready to get started?
Read The CISO’s Ultimate Guide to Securing Applications
40% Impact on agility and speed of application development/deployment
32% Lack of skilled security professionals
20% Budget constraints
8% Lack of executive sponsorship
Roadblocksto implementing application security programs
The Synopsys differenceSynopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to www.synopsys.com/software.
©2019 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is available at www.synopsys.com/copyright.html . All other names mentioned herein are trademarks or registered trademarks of their respective owners.