Creating a culture of secure software development is a major challenge in Hong Kong, according to recent survey conducted by IT analyst firm Freeform Dynamics. An overwhelming 91% and 90% of local respondents cited existing culture and lack of skills respectively as hurdles to being able to embed security testing and evaluation within software development processes.
“Security is a key principle in any Modern Software Factory. While our survey findings confirmed an overarching recognition in the importance of ensuring that data and systems are built and maintained securely, there is still a lack of cultural adoption within organizations around this pressing issue,” said Nick Lim, vice president, ASEAN and Greater China, CA Technologies.
Conducted on behalf of CA Technologies, the new report entitled “Integrating Security into the DNA of Your Software Lifecycle” highlights the influence of an organization’s culture on its ability to integrate security practices into their software development initiatives, a practice and approach commonly known as DevSecOps.
Released last week, the global survey polled more than 1,200 senior IT and business executives in July 2017. It was augmented by in-depth telephone interviews with key industry executives.
Today’s digital economy is fueled by software. When software is developed with security integrated from the start, the risk of data breaches is greatly diminished, providing users with heightened levels of confidence and trust when engaging with applications and services that are so ubiquitous in our online world.
However, the findings showed that as software becomes more critical to business success in the digital economy, security concerns are exponentially on the rise. In fact, 70% of Hong Kong respondents agreed that security threats due to software and code issues are a growing concern.
Indeed, only 19% of Hong Kong respondents strongly agreed that the organization’s culture and practices supported collaboration across development, operations and security. On top of cultural limitations, only 10% of respondents strongly agreed that senior management understands the importance of note trading off security for time-to-market.
Furthermore, the survey showcased characteristics of “Software Security Masters” (representing 32% of organizations in Asia Pacific and Japan overall and 17% of respondents in Hong Kong), which are organizations that have been able to fully integrate security into their software development lifecycles. This includes conducting early and continuous application testing for security vulnerabilities, as well as embracing the practice of DevSecOps.
In fact, when compared with the mainstream, respondents from the Software Security Masters were nearly three times more likely to strongly agree that they viewed security as an enabler of new business opportunities. Software Security Masters in the Asia Pacific and Japan (APJ) region also exhibited the following attributes:
- 50% higher profit growth
- 50% higher revenue growth
- Are 2.8x more likely to have security testing keep up with frequent app updates
- Are 3.2x more likely to be outpacing their competitors
“Organizations labeled as ‘Software Security Masters’ see a strong correlation between embedding security in the DNA of software development and achieving strong top and bottom line performance. Not only do they exemplify and represent the cultural mindset necessary to adapt and thrive in today’s dynamic market, these organizations are influencing change within the industry while shaping the workplace of the future,” concluded Lim.