Innovating at pace to create exceptional customer experiences is increasingly setting companies apart, but the technology teams responsible for this – security, IT and developers – must be aligned to these goals to deliver this. However, security is still perceived as a barrier in organisations, with 61 per cent of IT teams and 52 per cent of developers believing that security policies are stifling their innovation. These are the latest findings from VMware study on the relationship between IT, security, and development teams.
The study, titled Bridging the Developer and Security Divide and conducted by Forrester Consulting surveyed 1,475 IT and security leaders and discovered that only one in five (22 per cent) developers strongly agree that they understand which security policies they are expected to comply with. Alarmingly, more than a quarter (27 per cent) of those surveyed are not involved at all in security policy decisions, despite many of these greatly impacting their roles. Organisation’s where security and development teams have a positive relationship can accelerate the software development lifecycle five business days faster than those without – demonstrating how speed to market and competitive advantage are at stake here.
The findings reflect that team priorities are not always aligned to customers, with IT and security teams rating their number one priority as operational efficiency (52 per cent) versus developers whose priority is improving the user experience (50 per cent). Meanwhile, improving the user experience ranks fourth for IT (43 per cent) and security (40 per cent). More than half (51 per cent) of security teams cite preventing security breaches as their second priority. These teams that are struggling to align have found themselves with increased silos and decreased collaboration across teams (60%), an increased risk of security breaches (57 per cent) and a slower release of new applications (40 per cent).
Also Read: An Open Narrative on B2B Data Privacy
“Our research shows that security needs a perception shift,” said Rick McElroy, principal cybersecurity strategist, VMware. “Rather than be seen as the team that only swoops in to fix breaches and leaks, or who ‘gets in the way’ of innovation, security should be embedded across people, processes, and technologies. Security needs to be a team sport that works alongside IT and developers to ensure protection across clouds, apps and all digital infrastructure. We have to develop a culture where all teams have shared interests and common goals or metrics, and where they speak one language. There’s overwhelming value to the business when IT, security, and developers are all part of the decision making, design, and execution.”
The good news is there is recognition that shared team priorities and engagement is the way forward. More than half (53 per cent) of respondents expect security and development teams to be unified two-three years from now. Over 40 per cent expect security to become more embedded in the development process in two-three years’ time, and there’s a broader acknowledgment that cross-team alignment empowers businesses to reduce team silos (71 per cent), create more secure applications (70 per cent) and increase agility to adopt new workflows & technologies (66 per cent).
“The findings of the research fit closely with what we see in the Middle East and North Africa,” said Ahmed Saadi, Regional Director of Sales, Middle East, Turkey, Africa, VMware. “For many organizations, a lack of collaboration between IT, security and development teams leads to challenges that slow development and hinder security. It’s imperative that teams adopt a collaborative approach from the outset, pull in the same direction, and ensure that security is embraced as an intrinsic part of their IT and development procedures.”
