SlideShare uma empresa Scribd logo
1 de 33
Baixar para ler offline
Copyright 2018 Freeform Dynamics Ltd
1Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
466 EMEA Respondents
Sponsored by CA Technologies
www.freeformdynamics.com
Integrating Security into the Software Lifecycle
How the “Masters” move beyond pure risk management to focus on
business growth
EMEA RESEARCH RESULTS
Copyright 2018 Freeform Dynamics Ltd
2Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
About the broader study
▪ Global study across 15 countries, six in EMEA
▪ France, Germany, Italy, Spain, Switzerland, UK
▪ Online data collection based on CA Technologies’ questionnaire (with
subsequent analysis by Freeform Dynamics)
▪ 466 EMEA respondents
▪ Mid-sized to large organisations across 8 industries
▪ Minimum of 1,000 employees or $200m revenue
▪ Equal split across 3 employee size bands: <2500, 2500 to 5000, >5000
▪ Manufacturing, Financial Services, Telco, Retail, Healthcare,
Transportation/Logistics, Energy/Utilities, Public Sector
▪ Senior respondent base
▪ VP, management or senior practitioner level, equal split between IT and LOB
▪ 41% globally say they are significantly involved in software security
▪ Data collection completed July 2017
Copyright 2018 Freeform Dynamics Ltd
3Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Executive Summary
▪ As software development becomes more critical to business success, security concerns
are growing, particularly with mobile and web-based apps
▪ DevSecOps and integrating security into the software development process has
become the new imperative
▪ But there are many obstacles, and most organisations are facing significant challenges
▪ Assessing current capabilities reveals a set of “Security Software Masters” who are
getting it right
▪ These security masters are seeing significant benefits, including improved
competitiveness and time-to-market as well as a 50% higher profit growth and a 40%
higher revenue growth as compared to mainstream organisations
▪
Copyright 2018 Freeform Dynamics Ltd
4Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
1
The growing importance of
security within the software
development cycle
Copyright 2018 Freeform Dynamics Ltd
5Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
93%Say software is
essential or
important
Helping the
business compete
89%Say software is
essential or
important
Digital
transformation
87%Say software is
essential or
important
Effective software development is key to business success
How important is the use of software development for
your organisation to succeed in the following areas?
Copyright 2018 Freeform Dynamics Ltd
6Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
Helping the
business compete
Digital
transformation
Say software is
essential or
important
Effective software development is key to business success (country results)
89%
Say software is
essential or
important
88%
Say software is
essential or
important
93%
Say software is
essential or
important
81%
Say software is
essential or
important
89%
Say software is
essential or
important
90%
Say software is
essential or
important
86%
Say software is
essential or
important
86%
Say software is
essential or
important
86%
Say software is
essential or
important
UK
France
Germany
Copyright 2018 Freeform Dynamics Ltd
7Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Driving growth
and expansion
Helping the
business compete
Digital
transformation
Say software is
essential or
important
Effective software development is key to business success (country results)
92%
Say software is
essential or
important
96%
Say software is
essential or
important
96%
Say software is
essential or
important
95%
Say software is
essential or
important
91%
Say software is
essential or
important
94%
Say software is
essential or
important
91%
Say software is
essential or
important
87%
Say software is
essential or
important
87%
Say software is
essential or
important
Italy
Spain
Switzerland
Copyright 2018 Freeform Dynamics Ltd
8Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing
How much would you agree or disagree?
!
Agree or
strongly agree
56%
Number of breaches due to
Web Applications
is growing rapidly
Number of breaches to
Mobile Applications
is growing rapidly
!
Agree or
strongly agree
60%
Security threats due to
software/code issues is a
growing concern
!
Agree or
strongly agree
71%
Copyright 2018 Freeform Dynamics Ltd
9Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing (country results)
Security threats due to software/code
issues is a growing concern
!
Agree or
strongly agree
65%
!
Agree or
strongly agree
79%
!
Agree or
strongly agree
61%
UK
France
Germany
Copyright 2018 Freeform Dynamics Ltd
10Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Software related security concerns are growing (country results)
Security threats due to software/code
issues is a growing concern
!
Agree or
strongly agree
80%
!
Agree or
strongly agree
65%
!
Agree or
strongly agree
73%
Italy
Spain
Switzerland
Copyright 2018 Freeform Dynamics Ltd
11Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
2
DevSecOps and integrating
security into the software
development lifecycle is the
new imperative
Copyright 2018 Freeform Dynamics Ltd
12Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development
Tactics for dealing with security
more effectively
Key software
security
imperatives
Make security a more
embedded part of the software
development process
Integrate security practices
earlier in the software
development cycle (DevSecOps)
91%
74%
see this as
essential or
important
agree or
strongly agree
this is critical
Copyright 2018 Freeform Dynamics Ltd
13Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development (country results)
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
70%
Agree/strongly
agree this is
critical
1%
91%
UK
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
88%
Agree/strongly
agree this is
critical
92%
France
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
71%
Agree/strongly
agree this is
critical
96%
Germany
Copyright 2018 Freeform Dynamics Ltd
14Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security needs to become embedded into development (country results)
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
64%
Agree/strongly
agree this is
critical
1%
91%
Italy
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
80%
Agree/strongly
agree this is
critical
92%
Spain
Software
security
imperatives
Make security a more embedded part of the
software development process
Integrate security practices earlier in the
software development cycle (DevSecOps)
see this as
essential or
important
70%
Agree/strongly
agree this is
critical
86%
Switzerland
Copyright 2018 Freeform Dynamics Ltd
15Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
But today’s organisations are challenged to meet these new expectations
Only 30% believe IT is very effective at making security a more
embedded part of the software development process
Only 23% believe senior management understands the
importance of not sacrificing security for time-to-market
Only 24% believe the organisation’s culture and practices support
collaboration across development, operations and security
Copyright 2018 Freeform Dynamics Ltd
16Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
“Senior management understands the
importance of not sacrificing security for
time-to-market”
Strongly Agree
“Our organisation’s culture and practices
support collaboration across development,
operations and security”
Strongly Agree
16%
22%
23%
24%
26%
26%
Switzerland
Germany
Spain
Italy
UK
France
16%
21%
22%
24%
30%
31%
UK
Germany
Switzerland
Italy
France
Spain
Country results
Copyright 2018 Freeform Dynamics Ltd
17Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress
How significant are the following hurdles to
embedding end-to-end security in your software
development processes?
66%
Time pressure
Hurdle for
60%
Existing culture
Hurdle for
55%
Lack of political will
Hurdle for
62%
Lack of budget
Hurdle for
55%
Lack of skills
Hurdle for
45%
Lack of proper tools
Hurdle for
!
Agree or
strongly agree
70%
Our software developers
would benefit from more
training in coding securely
Agree/disagree
Percent of respondents who replied ‘significant’ or ‘extremely significant’
Copyright 2018 Freeform Dynamics Ltd
18Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress (country results)
72%
Time pressure
Hurdle for
Percent of respondents who replied ‘significant’ or ‘extremely significant’
Existing culture
Hurdle for
51%UK
62%
Time pressure
Hurdle for
Existing culture
56%
66%
Time pressure
Hurdle for
Existing culture
61%
France
Germany
Copyright 2018 Freeform Dynamics Ltd
19Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
A number of hurdles must be overcome to drive progress (country results)
68%
Time pressure
Hurdle for
Percent of respondents who replied ‘significant’ or ‘extremely significant’
Existing culture
Hurdle for
71%Italy
65%
Time pressure
Hurdle for
Existing culture
69%
62%
Time pressure
Hurdle for
Existing culture
54%
Spain
Switzerland
Copyright 2018 Freeform Dynamics Ltd
20Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Authenticating
controls based on
what a user is doing
and what you know
about them
Providing a
better user
experience while
still protecting
user data
Assessing the
threat of data
breaches based
on patterns of
activity
Taking pre-emptive
action to avoid a
data breach and/or
mitigate the impact
of one
Essential
21%
67%
37%
51%
36%
45%
38%
50%
How important for your company is the use of behavioural analytics and
machine learning to improve security in the following areas?
Advanced technologies are now available to help
Important
Essential
Important
Essential
Important
Essential
Important
88%see as key
88%see as key
81%see as key
88%see as key
Copyright 2018 Freeform Dynamics Ltd
21Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Providing a better user
experience while still
protecting user data
Advanced technologies are available to help (country results)
83%
see as key
see as key
88%see as key
88%
see as keysee as key
82%see as key
85%
see as key
Providing a better user
experience while still
protecting user data
Providing a better user
experience while still
protecting user data
UK
Germany
France
Copyright 2018 Freeform Dynamics Ltd
22Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Providing a better user
experience while still
protecting user data
Advanced technologies are available to help (country results)
93%
see as key
see as key
88%see as key
88%
see as keysee as key
89%see as key
94%
see as key
Providing a better user
experience while still
protecting user data
Providing a better user
experience while still
protecting user data
Italy
Switzerland
Spain
Copyright 2018 Freeform Dynamics Ltd
23Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
3
Are some organisations getting
it right? Introducing the
Software Security Masters
Copyright 2018 Freeform Dynamics Ltd
24Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
35%
46%
12% 6%
Implemented
broadly
In selected
areas only
Currently
exploring
No activity
28%
28%
47%
41%
21%
24%
0% 20% 40% 60% 80% 100%
Early and continuous testing of
apps for security vulnerabilities
Making security an integral
part of DevOps
Already done Doing this now Plan to do this No plans Unsure
Are you implementing measures or initiatives to
address the following?1
How much is security vulnerability testing embedded
into your end-to-end software delivery processes?3
Assessing ability to transform lifecycle security management – 6 criteria
Copyright 2018 Freeform Dynamics Ltd
25Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
24%
21%
30%
56%
53%
50%
15%
20%
15%
0% 20% 40% 60% 80% 100%
We have robust internal processes to
continuously test for security
vulnerabilities
Our DevOps teams understand and
embrace the need to integrate security
earlier into the development lifecycle
(often termed DevSecOps)
Security is now a fully interwoven
component and consideration in the
business, not a last step technology
overlay
Strongly agree Agree Neutral Disagree Strongly disagree Unsure
How would you agree or disagree with the
following statements?2
Assessing ability to transform lifecycle security management – 6 criteria
Copyright 2018 Freeform Dynamics Ltd
26Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Identifying the ‘Software Security Masters’
CURRENT
CAPABILITY
Scored based on
“current state”
indicators
Security
Masters
Mainstream
(representative of
general population)
Copyright 2017 Freeform Dynamics Ltd
27Software Lifecycle Security as a Business Growth Enabler – October 2017
Study sponsor Research by
Global Results
Security Masters by country/region
55%
45%
45%
42%
41%
38%
34%
32%
31%
30%
28%
27%
18%
17%
15%
44%
32%
32%
45%
55%
55%
58%
62%
66%
68%
69%
70%
73%
73%
82%
83%
85%
56%
68%
68%
India
China
US
Italy
Brazil
France
UK
Germany
Spain
Australia
Singapore
Japan
Switzerland
Hong Kong
South Korea
Americas
EMEA
APJ
Security Masters Others
Copyright 2018 Freeform Dynamics Ltd
28Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
4
What benefits do the Software
Security Masters enjoy?
Note – the following data is only
available at an EMEA level
Copyright 2018 Freeform Dynamics Ltd
29Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Security is an enabler of new business opportunities in
addition to helping protect our company’s data and systems
Strongly agree
40%Security
Masters
Mainstream
(general population) Strongly agree
23%
A more positive view of security in the digital economy
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
Master
advantage
1.7x
difference
Copyright 2018 Freeform Dynamics Ltd
30Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Strongly agree
31%Security
Masters
Mainstream
(general population)
AGREE/DISAGREE
Our security testing
can keep up with the
demand to release
frequent app updates1
AGREE/DISAGREE
Our company is
moving fast enough
to outpace our
competitors2
Strongly agree
13%
Strongly agree
31%Security
Masters
Mainstream
(general population) Strongly agree
16%
Better support for innovation and time to market
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
Master
advantage
2.4x
difference
Master
advantage
1.9x
difference
Copyright 2018 Freeform Dynamics Ltd
31Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
7%
1%
14%
8%
23%
22%
24%
31%
23%
22%
More than 50% growth
21%-50%
11%-20%
6-10%
3-5%
1%-2%
0% (flat)
9%
2%
9%
7%
20%
23%
33%
27%
21%
31%
More than 50% growth
21%-50%
11%-20%
6-10%
3-5%
1%-2%
0% (flat)
Approximately how much has your organisation’s
revenue changed over the last year?1
Approximately how much has your organisation’s
profit changed over the last year?2
Security
Masters
Mainstream
(general population)
Security
Masters
Mainstream
(general population)
14%
Approx average
10%
Approx average
15%
Approx average
10%
Approx average
Healthier top and bottom lines
SECURITY MASTER
ADVANTAGE
Analyst Note: Beware the difference between correlation
and causation when discussing these findings
2.0x
More likely to have a
growth rate >20%
40%
Higher revenue growth
2.3x
More likely to have a
growth rate >20%
50%
Higher profit growth
Copyright 2018 Freeform Dynamics Ltd
32Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Next steps: how to integrate security into your development DNA
1. Raise security awareness
2. Build security into every step of application delivery
3. Start from where you are
4. Review training and process change requirements
5. Focus on tooling and best practice, and don’t reinvent the wheel
6. Make a business case for security
Copyright 2018 Freeform Dynamics Ltd
33Software Lifecycle Security as a Business Growth Enabler
Study sponsor Research by
EMEA Results
Integrating Security into the Software Lifecycle
Learn how you can achieve the results of the Software Security Masters by fully
integrating security and continuous security testing into your software development
process.
Download the report entitled “Integrating Security into the DNA of Your Software
Lifecycle” to find out more, or visit https://www.ca.com/modern-software-factory
Research was sponsored by CA Technologies and conducted by Freeform Dynamics
Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their
respective companies

Mais conteúdo relacionado

Mais de CA Technologies

Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.CA Technologies
 

Mais de CA Technologies (20)

Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 

Último

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 

Último (20)

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 

Integrating Security into the DNA of Your Software Lifecycle

  • 1. Copyright 2018 Freeform Dynamics Ltd 1Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 466 EMEA Respondents Sponsored by CA Technologies www.freeformdynamics.com Integrating Security into the Software Lifecycle How the “Masters” move beyond pure risk management to focus on business growth EMEA RESEARCH RESULTS
  • 2. Copyright 2018 Freeform Dynamics Ltd 2Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results About the broader study ▪ Global study across 15 countries, six in EMEA ▪ France, Germany, Italy, Spain, Switzerland, UK ▪ Online data collection based on CA Technologies’ questionnaire (with subsequent analysis by Freeform Dynamics) ▪ 466 EMEA respondents ▪ Mid-sized to large organisations across 8 industries ▪ Minimum of 1,000 employees or $200m revenue ▪ Equal split across 3 employee size bands: <2500, 2500 to 5000, >5000 ▪ Manufacturing, Financial Services, Telco, Retail, Healthcare, Transportation/Logistics, Energy/Utilities, Public Sector ▪ Senior respondent base ▪ VP, management or senior practitioner level, equal split between IT and LOB ▪ 41% globally say they are significantly involved in software security ▪ Data collection completed July 2017
  • 3. Copyright 2018 Freeform Dynamics Ltd 3Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Executive Summary ▪ As software development becomes more critical to business success, security concerns are growing, particularly with mobile and web-based apps ▪ DevSecOps and integrating security into the software development process has become the new imperative ▪ But there are many obstacles, and most organisations are facing significant challenges ▪ Assessing current capabilities reveals a set of “Security Software Masters” who are getting it right ▪ These security masters are seeing significant benefits, including improved competitiveness and time-to-market as well as a 50% higher profit growth and a 40% higher revenue growth as compared to mainstream organisations ▪
  • 4. Copyright 2018 Freeform Dynamics Ltd 4Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 1 The growing importance of security within the software development cycle
  • 5. Copyright 2018 Freeform Dynamics Ltd 5Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion 93%Say software is essential or important Helping the business compete 89%Say software is essential or important Digital transformation 87%Say software is essential or important Effective software development is key to business success How important is the use of software development for your organisation to succeed in the following areas?
  • 6. Copyright 2018 Freeform Dynamics Ltd 6Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion Helping the business compete Digital transformation Say software is essential or important Effective software development is key to business success (country results) 89% Say software is essential or important 88% Say software is essential or important 93% Say software is essential or important 81% Say software is essential or important 89% Say software is essential or important 90% Say software is essential or important 86% Say software is essential or important 86% Say software is essential or important 86% Say software is essential or important UK France Germany
  • 7. Copyright 2018 Freeform Dynamics Ltd 7Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Driving growth and expansion Helping the business compete Digital transformation Say software is essential or important Effective software development is key to business success (country results) 92% Say software is essential or important 96% Say software is essential or important 96% Say software is essential or important 95% Say software is essential or important 91% Say software is essential or important 94% Say software is essential or important 91% Say software is essential or important 87% Say software is essential or important 87% Say software is essential or important Italy Spain Switzerland
  • 8. Copyright 2018 Freeform Dynamics Ltd 8Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing How much would you agree or disagree? ! Agree or strongly agree 56% Number of breaches due to Web Applications is growing rapidly Number of breaches to Mobile Applications is growing rapidly ! Agree or strongly agree 60% Security threats due to software/code issues is a growing concern ! Agree or strongly agree 71%
  • 9. Copyright 2018 Freeform Dynamics Ltd 9Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing (country results) Security threats due to software/code issues is a growing concern ! Agree or strongly agree 65% ! Agree or strongly agree 79% ! Agree or strongly agree 61% UK France Germany
  • 10. Copyright 2018 Freeform Dynamics Ltd 10Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Software related security concerns are growing (country results) Security threats due to software/code issues is a growing concern ! Agree or strongly agree 80% ! Agree or strongly agree 65% ! Agree or strongly agree 73% Italy Spain Switzerland
  • 11. Copyright 2018 Freeform Dynamics Ltd 11Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 2 DevSecOps and integrating security into the software development lifecycle is the new imperative
  • 12. Copyright 2018 Freeform Dynamics Ltd 12Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development Tactics for dealing with security more effectively Key software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) 91% 74% see this as essential or important agree or strongly agree this is critical
  • 13. Copyright 2018 Freeform Dynamics Ltd 13Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development (country results) Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 70% Agree/strongly agree this is critical 1% 91% UK Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 88% Agree/strongly agree this is critical 92% France Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 71% Agree/strongly agree this is critical 96% Germany
  • 14. Copyright 2018 Freeform Dynamics Ltd 14Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security needs to become embedded into development (country results) Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 64% Agree/strongly agree this is critical 1% 91% Italy Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 80% Agree/strongly agree this is critical 92% Spain Software security imperatives Make security a more embedded part of the software development process Integrate security practices earlier in the software development cycle (DevSecOps) see this as essential or important 70% Agree/strongly agree this is critical 86% Switzerland
  • 15. Copyright 2018 Freeform Dynamics Ltd 15Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results But today’s organisations are challenged to meet these new expectations Only 30% believe IT is very effective at making security a more embedded part of the software development process Only 23% believe senior management understands the importance of not sacrificing security for time-to-market Only 24% believe the organisation’s culture and practices support collaboration across development, operations and security
  • 16. Copyright 2018 Freeform Dynamics Ltd 16Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results “Senior management understands the importance of not sacrificing security for time-to-market” Strongly Agree “Our organisation’s culture and practices support collaboration across development, operations and security” Strongly Agree 16% 22% 23% 24% 26% 26% Switzerland Germany Spain Italy UK France 16% 21% 22% 24% 30% 31% UK Germany Switzerland Italy France Spain Country results
  • 17. Copyright 2018 Freeform Dynamics Ltd 17Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress How significant are the following hurdles to embedding end-to-end security in your software development processes? 66% Time pressure Hurdle for 60% Existing culture Hurdle for 55% Lack of political will Hurdle for 62% Lack of budget Hurdle for 55% Lack of skills Hurdle for 45% Lack of proper tools Hurdle for ! Agree or strongly agree 70% Our software developers would benefit from more training in coding securely Agree/disagree Percent of respondents who replied ‘significant’ or ‘extremely significant’
  • 18. Copyright 2018 Freeform Dynamics Ltd 18Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress (country results) 72% Time pressure Hurdle for Percent of respondents who replied ‘significant’ or ‘extremely significant’ Existing culture Hurdle for 51%UK 62% Time pressure Hurdle for Existing culture 56% 66% Time pressure Hurdle for Existing culture 61% France Germany
  • 19. Copyright 2018 Freeform Dynamics Ltd 19Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results A number of hurdles must be overcome to drive progress (country results) 68% Time pressure Hurdle for Percent of respondents who replied ‘significant’ or ‘extremely significant’ Existing culture Hurdle for 71%Italy 65% Time pressure Hurdle for Existing culture 69% 62% Time pressure Hurdle for Existing culture 54% Spain Switzerland
  • 20. Copyright 2018 Freeform Dynamics Ltd 20Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Authenticating controls based on what a user is doing and what you know about them Providing a better user experience while still protecting user data Assessing the threat of data breaches based on patterns of activity Taking pre-emptive action to avoid a data breach and/or mitigate the impact of one Essential 21% 67% 37% 51% 36% 45% 38% 50% How important for your company is the use of behavioural analytics and machine learning to improve security in the following areas? Advanced technologies are now available to help Important Essential Important Essential Important Essential Important 88%see as key 88%see as key 81%see as key 88%see as key
  • 21. Copyright 2018 Freeform Dynamics Ltd 21Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Providing a better user experience while still protecting user data Advanced technologies are available to help (country results) 83% see as key see as key 88%see as key 88% see as keysee as key 82%see as key 85% see as key Providing a better user experience while still protecting user data Providing a better user experience while still protecting user data UK Germany France
  • 22. Copyright 2018 Freeform Dynamics Ltd 22Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Providing a better user experience while still protecting user data Advanced technologies are available to help (country results) 93% see as key see as key 88%see as key 88% see as keysee as key 89%see as key 94% see as key Providing a better user experience while still protecting user data Providing a better user experience while still protecting user data Italy Switzerland Spain
  • 23. Copyright 2018 Freeform Dynamics Ltd 23Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 3 Are some organisations getting it right? Introducing the Software Security Masters
  • 24. Copyright 2018 Freeform Dynamics Ltd 24Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 35% 46% 12% 6% Implemented broadly In selected areas only Currently exploring No activity 28% 28% 47% 41% 21% 24% 0% 20% 40% 60% 80% 100% Early and continuous testing of apps for security vulnerabilities Making security an integral part of DevOps Already done Doing this now Plan to do this No plans Unsure Are you implementing measures or initiatives to address the following?1 How much is security vulnerability testing embedded into your end-to-end software delivery processes?3 Assessing ability to transform lifecycle security management – 6 criteria
  • 25. Copyright 2018 Freeform Dynamics Ltd 25Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 24% 21% 30% 56% 53% 50% 15% 20% 15% 0% 20% 40% 60% 80% 100% We have robust internal processes to continuously test for security vulnerabilities Our DevOps teams understand and embrace the need to integrate security earlier into the development lifecycle (often termed DevSecOps) Security is now a fully interwoven component and consideration in the business, not a last step technology overlay Strongly agree Agree Neutral Disagree Strongly disagree Unsure How would you agree or disagree with the following statements?2 Assessing ability to transform lifecycle security management – 6 criteria
  • 26. Copyright 2018 Freeform Dynamics Ltd 26Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Identifying the ‘Software Security Masters’ CURRENT CAPABILITY Scored based on “current state” indicators Security Masters Mainstream (representative of general population)
  • 27. Copyright 2017 Freeform Dynamics Ltd 27Software Lifecycle Security as a Business Growth Enabler – October 2017 Study sponsor Research by Global Results Security Masters by country/region 55% 45% 45% 42% 41% 38% 34% 32% 31% 30% 28% 27% 18% 17% 15% 44% 32% 32% 45% 55% 55% 58% 62% 66% 68% 69% 70% 73% 73% 82% 83% 85% 56% 68% 68% India China US Italy Brazil France UK Germany Spain Australia Singapore Japan Switzerland Hong Kong South Korea Americas EMEA APJ Security Masters Others
  • 28. Copyright 2018 Freeform Dynamics Ltd 28Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 4 What benefits do the Software Security Masters enjoy? Note – the following data is only available at an EMEA level
  • 29. Copyright 2018 Freeform Dynamics Ltd 29Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Security is an enabler of new business opportunities in addition to helping protect our company’s data and systems Strongly agree 40%Security Masters Mainstream (general population) Strongly agree 23% A more positive view of security in the digital economy SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings Master advantage 1.7x difference
  • 30. Copyright 2018 Freeform Dynamics Ltd 30Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Strongly agree 31%Security Masters Mainstream (general population) AGREE/DISAGREE Our security testing can keep up with the demand to release frequent app updates1 AGREE/DISAGREE Our company is moving fast enough to outpace our competitors2 Strongly agree 13% Strongly agree 31%Security Masters Mainstream (general population) Strongly agree 16% Better support for innovation and time to market SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings Master advantage 2.4x difference Master advantage 1.9x difference
  • 31. Copyright 2018 Freeform Dynamics Ltd 31Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results 7% 1% 14% 8% 23% 22% 24% 31% 23% 22% More than 50% growth 21%-50% 11%-20% 6-10% 3-5% 1%-2% 0% (flat) 9% 2% 9% 7% 20% 23% 33% 27% 21% 31% More than 50% growth 21%-50% 11%-20% 6-10% 3-5% 1%-2% 0% (flat) Approximately how much has your organisation’s revenue changed over the last year?1 Approximately how much has your organisation’s profit changed over the last year?2 Security Masters Mainstream (general population) Security Masters Mainstream (general population) 14% Approx average 10% Approx average 15% Approx average 10% Approx average Healthier top and bottom lines SECURITY MASTER ADVANTAGE Analyst Note: Beware the difference between correlation and causation when discussing these findings 2.0x More likely to have a growth rate >20% 40% Higher revenue growth 2.3x More likely to have a growth rate >20% 50% Higher profit growth
  • 32. Copyright 2018 Freeform Dynamics Ltd 32Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Next steps: how to integrate security into your development DNA 1. Raise security awareness 2. Build security into every step of application delivery 3. Start from where you are 4. Review training and process change requirements 5. Focus on tooling and best practice, and don’t reinvent the wheel 6. Make a business case for security
  • 33. Copyright 2018 Freeform Dynamics Ltd 33Software Lifecycle Security as a Business Growth Enabler Study sponsor Research by EMEA Results Integrating Security into the Software Lifecycle Learn how you can achieve the results of the Software Security Masters by fully integrating security and continuous security testing into your software development process. Download the report entitled “Integrating Security into the DNA of Your Software Lifecycle” to find out more, or visit https://www.ca.com/modern-software-factory Research was sponsored by CA Technologies and conducted by Freeform Dynamics Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies