Many Companies Compromise Security to Release Apps Faster: Study

Although IT leaders claim security is critical to their business, many are also willing to sacrifice it to turn out products faster, according to a recent study from CA Technologies.

The CA study, entitled “The Security Imperative: Driving Business Growth in the App Economy,” showed that 68 percent of IT leaders surveyed they “sometimes compromise security to get applications to market faster.”

Yet, 83 percent of respondents said they view security as critical to protecting their brand and is a competitive differentiator. And more than 60 percent of respondents said they are using metrics such as customer experience, satisfaction and retention; business growth; and digital reach to measure the impact of security on the business.

The study, conducted for CA by Coleman Parkes Research, surveyed 1,770 senior business and IT executives, including more than 100 chief security officers (CSOs) and chief information security officers (CISOs), about their attitudes toward IT security practices and the impact they see it having on their business.

“This data shows that identity-centric security is the killer app for digital transformation,” said Mordecai Rosen, senior vice president and general manager of the security business at CA Technologies, in a statement. “Enterprises and government agencies are rethinking their approach to security to protect and enable their businesses. Any successful digital transformation requires an organization to build trusted digital relationships with their customers, employees and partners, and identity-centric security is the foundation of that effort.”

The study showed that 82 percent of respondents said identity-centric security is critical to the business, and 81 percent said security needs to be frictionless and not over burden the user.

CA used the information from the study to create a maturity model for identity-centric security. The model categorized respondents as advanced, basic or limited.

Meanwhile, the study also found that sacrificing security is not necessary. By bringing security into the development process sooner, a practice known as “DevSecOps,” security is not an afterthought or something that is sacrificed, Rosen said.

In fact, the CA study found that a majority 54 percent of advanced users of identity-centric security practice DevSecOps. And advanced users also saw a 47 percent improvement in business growth and new revenue compared to 40 percent for basic users, the survey showed.

Moreover, 87 percent of advanced users said they saw an improvement in customer experience versus 76 percent of basic users. Advanced users also reported a 50 percent improvement in employee productivity, compared to 40 percent for basic users. And twice as many advanced identity-centric security users (41 percent) said they have seen a reduction in data breaches compared to basic users (21 percent).

The CA study coincides with National Cybersecurity Awareness Month (NCSAM), which is taking place during October 2016. NCSAM is designed to raise awareness about cyber-security.

CA sells a wide range of software products to help businesses develop, manage and secure infrastructure and application software.

Last month, CA announced its intent CA Technologies announced its intent to acquire BlazeMeter, a provider of continuous application performance testing software for DevOps.