CA Technologies reveals results of a global study of more than 1,200 IT leaders, including 466 across six countries in Europe, on the topic of secure software development. Conducted by IT industry analyst firm Freeform Dynamics, the study entitled, “Integrating Security into the DNA of Your Software Lifecycle” highlights the influence of an organisation’s culture on its ability to integrate security practices as part of the software development lifecycle – a practice critical to business success in the digital economy.
93% of European respondents agree software development is key to growth and expansion.
Download our presentation to find out more
Integrating Security into the DNA of Your Software Lifecycle
1. Copyright 2018 Freeform Dynamics Ltd
1Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
466 EMEA Respondents
Sponsored by CA Technologies
www.freeformdynamics.com
Integrating Security into the Software Lifecycle
How the “Masters” move beyond pure risk management to focus on
business growth
EMEA RESEARCH RESULTS
2. Copyright 2018 Freeform Dynamics Ltd
2Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
About the broader study
▪ Global study across 15 countries, six in EMEA
▪ France, Germany, Italy, Spain, Switzerland, UK
▪ Online data collection based on CA Technologies’ questionnaire (with
subsequent analysis by Freeform Dynamics)
▪ 466 EMEA respondents
▪ Mid-sized to large organisations across 8 industries
▪ Minimum of 1,000 employees or $200m revenue
▪ Equal split across 3 employee size bands: <2500, 2500 to 5000, >5000
▪ Manufacturing, Financial Services, Telco, Retail, Healthcare,
Transportation/Logistics, Energy/Utilities, Public Sector
▪ Senior respondent base
▪ VP, management or senior practitioner level, equal split between IT and LOB
▪ 41% globally say they are significantly involved in software security
▪ Data collection completed July 2017
3. Copyright 2018 Freeform Dynamics Ltd
3Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Executive Summary
▪ As software development becomes more critical to business success, security concerns
are growing, particularly with mobile and web-based apps
▪ DevSecOps and integrating security into the software development process has
become the new imperative
▪ But there are many obstacles, and most organisations are facing significant challenges
▪ Assessing current capabilities reveals a set of “Security Software Masters” who are
getting it right
▪ These security masters are seeing significant benefits, including improved
competitiveness and time-to-market as well as a 50% higher profit growth and a 40%
higher revenue growth as compared to mainstream organisations
▪
4. Copyright 2018 Freeform Dynamics Ltd
4Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
1
The growing importance of
security within the software
development cycle
5. Copyright 2018 Freeform Dynamics Ltd
5Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
93%Say software is
essential or
important
Helping the
business compete
89%Say software is
essential or
important
Digital
transformation
87%Say software is
essential or
important
Effective software development is key to business success
How important is the use of software development for
your organisation to succeed in the following areas?
6. Copyright 2018 Freeform Dynamics Ltd
6Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
Helping the
business compete
Digital
transformation
Say software is
essential or
important
Effective software development is key to business success (country results)
89%
Say software is
essential or
important
88%
Say software is
essential or
important
93%
Say software is
essential or
important
81%
Say software is
essential or
important
89%
Say software is
essential or
important
90%
Say software is
essential or
important
86%
Say software is
essential or
important
86%
Say software is
essential or
important
86%
Say software is
essential or
important
UK
France
Germany
7. Copyright 2018 Freeform Dynamics Ltd
7Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
Helping the
business compete
Digital
transformation
Say software is
essential or
important
Effective software development is key to business success (country results)
92%
Say software is
essential or
important
96%
Say software is
essential or
important
96%
Say software is
essential or
important
95%
Say software is
essential or
important
91%
Say software is
essential or
important
94%
Say software is
essential or
important
91%
Say software is
essential or
important
87%
Say software is
essential or
important
87%
Say software is
essential or
important
Italy
Spain
Switzerland
8. Copyright 2018 Freeform Dynamics Ltd
8Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing
How much would you agree or disagree?
!
Agree or
strongly agree
56%
Number of breaches due to
Web Applications
is growing rapidly
Number of breaches to
Mobile Applications
is growing rapidly
!
Agree or
strongly agree
60%
Security threats due to
software/code issues is a
growing concern
!
Agree or
strongly agree
71%
9. Copyright 2018 Freeform Dynamics Ltd
9Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing (country results)
Security threats due to software/code
issues is a growing concern
!
Agree or
strongly agree
65%
!
Agree or
strongly agree
79%
!
Agree or
strongly agree
61%
UK
France
Germany
10. Copyright 2018 Freeform Dynamics Ltd
10Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing (country results)
Security threats due to software/code
issues is a growing concern
!
Agree or
strongly agree
80%
!
Agree or
strongly agree
65%
!
Agree or
strongly agree
73%
Italy
Spain
Switzerland
11. Copyright 2018 Freeform Dynamics Ltd
11Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
2
DevSecOps and integrating
security into the software
development lifecycle is the
new imperative
12. Copyright 2018 Freeform Dynamics Ltd
12Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development
Tactics for dealing with security
more effectively
Key software
security
imperatives
Make security a more
embedded part of the software
development process
Integrate security practices
earlier in the software
development cycle (DevSecOps)
91%
74%
see this as
essential or
important
agree or
strongly agree
this is critical
13. Copyright 2018 Freeform Dynamics Ltd
13Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development (country results)
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
70%
Agree/strongly
agree this is
critical
1%
91%
UK
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
88%
Agree/strongly
agree this is
critical
92%
France
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
71%
Agree/strongly
agree this is
critical
96%
Germany
14. Copyright 2018 Freeform Dynamics Ltd
14Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development (country results)
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
64%
Agree/strongly
agree this is
critical
1%
91%
Italy
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
80%
Agree/strongly
agree this is
critical
92%
Spain
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
70%
Agree/strongly
agree this is
critical
86%
Switzerland
15. Copyright 2018 Freeform Dynamics Ltd
15Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
But today’s organisations are challenged to meet these new expectations
Only 30% believe IT is very effective at making security a more
embedded part of the software development process
Only 23% believe senior management understands the
importance of not sacrificing security for time-to-market
Only 24% believe the organisation’s culture and practices support
collaboration across development, operations and security
16. Copyright 2018 Freeform Dynamics Ltd
16Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
“Senior management understands the
importance of not sacrificing security for
time-to-market”
Strongly Agree
“Our organisation’s culture and practices
support collaboration across development,
operations and security”
Strongly Agree
16%
22%
23%
24%
26%
26%
Switzerland
Germany
Spain
Italy
UK
France
16%
21%
22%
24%
30%
31%
UK
Germany
Switzerland
Italy
France
Spain
Country results
17. Copyright 2018 Freeform Dynamics Ltd
17Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress
How significant are the following hurdles to
embedding end-to-end security in your software
development processes?
66%
Time pressure
Hurdle for
60%
Existing culture
Hurdle for
55%
Lack of political will
Hurdle for
62%
Lack of budget
Hurdle for
55%
Lack of skills
Hurdle for
45%
Lack of proper tools
Hurdle for
!
Agree or
strongly agree
70%
Our software developers
would benefit from more
training in coding securely
Agree/disagree
Percent of respondents who replied ‘significant’ or ‘extremely significant’
18. Copyright 2018 Freeform Dynamics Ltd
18Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress (country results)
72%
Time pressure
Hurdle for
Percent of respondents who replied ‘significant’ or ‘extremely significant’
Existing culture
Hurdle for
51%UK
62%
Time pressure
Hurdle for
Existing culture
56%
66%
Time pressure
Hurdle for
Existing culture
61%
France
Germany
19. Copyright 2018 Freeform Dynamics Ltd
19Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress (country results)
68%
Time pressure
Hurdle for
Percent of respondents who replied ‘significant’ or ‘extremely significant’
Existing culture
Hurdle for
71%Italy
65%
Time pressure
Hurdle for
Existing culture
69%
62%
Time pressure
Hurdle for
Existing culture
54%
Spain
Switzerland
20. Copyright 2018 Freeform Dynamics Ltd
20Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Authenticating
controls based on
what a user is doing
and what you know
about them
Providing a
better user
experience while
still protecting
user data
Assessing the
threat of data
breaches based
on patterns of
activity
Taking pre-emptive
action to avoid a
data breach and/or
mitigate the impact
of one
Essential
21%
67%
37%
51%
36%
45%
38%
50%
How important for your company is the use of behavioural analytics and
machine learning to improve security in the following areas?
Advanced technologies are now available to help
Important
Essential
Important
Essential
Important
Essential
Important
88%see as key
88%see as key
81%see as key
88%see as key
21. Copyright 2018 Freeform Dynamics Ltd
21Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Providing a better user
experience while still
protecting user data
Advanced technologies are available to help (country results)
83%
see as key
see as key
88%see as key
88%
see as keysee as key
82%see as key
85%
see as key
Providing a better user
experience while still
protecting user data
Providing a better user
experience while still
protecting user data
UK
Germany
France
22. Copyright 2018 Freeform Dynamics Ltd
22Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Providing a better user
experience while still
protecting user data
Advanced technologies are available to help (country results)
93%
see as key
see as key
88%see as key
88%
see as keysee as key
89%see as key
94%
see as key
Providing a better user
experience while still
protecting user data
Providing a better user
experience while still
protecting user data
Italy
Switzerland
Spain
23. Copyright 2018 Freeform Dynamics Ltd
23Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
3
Are some organisations getting
it right? Introducing the
Software Security Masters
24. Copyright 2018 Freeform Dynamics Ltd
24Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
35%
46%
12% 6%
Implemented
broadly
In selected
areas only
Currently
exploring
No activity
28%
28%
47%
41%
21%
24%
0% 20% 40% 60% 80% 100%
Early and continuous testing of
apps for security vulnerabilities
Making security an integral
part of DevOps
Already done Doing this now Plan to do this No plans Unsure
Are you implementing measures or initiatives to
address the following?1
How much is security vulnerability testing embedded
into your end-to-end software delivery processes?3
Assessing ability to transform lifecycle security management – 6 criteria
25. Copyright 2018 Freeform Dynamics Ltd
25Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
24%
21%
30%
56%
53%
50%
15%
20%
15%
0% 20% 40% 60% 80% 100%
We have robust internal processes to
continuously test for security
vulnerabilities
Our DevOps teams understand and
embrace the need to integrate security
earlier into the development lifecycle
(often termed DevSecOps)
Security is now a fully interwoven
component and consideration in the
business, not a last step technology
overlay
Strongly agree Agree Neutral Disagree Strongly disagree Unsure
How would you agree or disagree with the
following statements?2
Assessing ability to transform lifecycle security management – 6 criteria
26. Copyright 2018 Freeform Dynamics Ltd
26Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Identifying the ‘Software Security Masters’
CURRENT
CAPABILITY
Scored based on
“current state”
indicators
Security
Masters
Mainstream
(representative of
general population)
27. Copyright 2017 Freeform Dynamics Ltd
27Software Lifecycle Security as a Business Growth Enabler – October 2017
Study sponsor Research by
Global Results
Security Masters by country/region
55%
45%
45%
42%
41%
38%
34%
32%
31%
30%
28%
27%
18%
17%
15%
44%
32%
32%
45%
55%
55%
58%
62%
66%
68%
69%
70%
73%
73%
82%
83%
85%
56%
68%
68%
India
China
US
Italy
Brazil
France
UK
Germany
Spain
Australia
Singapore
Japan
Switzerland
Hong Kong
South Korea
Americas
EMEA
APJ
Security Masters Others
28. Copyright 2018 Freeform Dynamics Ltd
28Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
4
What benefits do the Software
Security Masters enjoy?
Note – the following data is only
available at an EMEA level
29. Copyright 2018 Freeform Dynamics Ltd
29Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security is an enabler of new business opportunities in
addition to helping protect our company’s data and systems
Strongly agree
40%Security
Masters
Mainstream
(general population) Strongly agree
23%
A more positive view of security in the digital economy
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
Master
advantage
1.7x
difference
30. Copyright 2018 Freeform Dynamics Ltd
30Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Strongly agree
31%Security
Masters
Mainstream
(general population)
AGREE/DISAGREE
Our security testing
can keep up with the
demand to release
frequent app updates1
AGREE/DISAGREE
Our company is
moving fast enough
to outpace our
competitors2
Strongly agree
13%
Strongly agree
31%Security
Masters
Mainstream
(general population) Strongly agree
16%
Better support for innovation and time to market
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
Master
advantage
2.4x
difference
Master
advantage
1.9x
difference
31. Copyright 2018 Freeform Dynamics Ltd
31Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
7%
1%
14%
8%
23%
22%
24%
31%
23%
22%
More than 50% growth
21%-50%
11%-20%
6-10%
3-5%
1%-2%
0% (flat)
9%
2%
9%
7%
20%
23%
33%
27%
21%
31%
More than 50% growth
21%-50%
11%-20%
6-10%
3-5%
1%-2%
0% (flat)
Approximately how much has your organisation’s
revenue changed over the last year?1
Approximately how much has your organisation’s
profit changed over the last year?2
Security
Masters
Mainstream
(general population)
Security
Masters
Mainstream
(general population)
14%
Approx average
10%
Approx average
15%
Approx average
10%
Approx average
Healthier top and bottom lines
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
2.0x
More likely to have a
growth rate >20%
40%
Higher revenue growth
2.3x
More likely to have a
growth rate >20%
50%
Higher profit growth
32. Copyright 2018 Freeform Dynamics Ltd
32Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Next steps: how to integrate security into your development DNA
1. Raise security awareness
2. Build security into every step of application delivery
3. Start from where you are
4. Review training and process change requirements
5. Focus on tooling and best practice, and don’t reinvent the wheel
6. Make a business case for security