IT security sucks

IT security sucks

jack marsal / 12.29.16

It’s rare to find a bunch of people who agree on anything. It’s even rarer when you find a bunch of people who agree that they all suck.

Welcome to a rare situation.

A few weeks ago, I spoke at the AWS re:Invent conference in Las Vegas. In my audience were hundreds of IT professionals. Some were responsible for security, others were responsible for cloud operations or application development. I asked my audience whether they thought that their existing IT security products and policies were slowing down the business, and I saw about 80% of the hands were raised.

This is similar to the finding that Gartner published in a report titled “DevSecOps: How to Seamlessly Integrate Security Into DevOps”. In this report, the analysts stated:

“Surveys at Gartner’s data center and information security summits in 2015 indicate that information security is viewed as an inhibitor to the agility and speed required by digital business and DevOps initiatives. Both information security professionals (Figure 1) and IT operations professionals (Figure 2) were surveyed. As shown in Figures 1 and 2, both information security and IT operations professionals, in nearly identical ratios (approximately 4 to 1), believe information security is slowing down IT’s ability to respond to the needs of the business.”*

IT security sucks

 

IT security sucks

Did you catch that?  77% of IT security professionals said that their information security policies and teams are slowing IT down!

What is happening? Why are we seeing these widespread admissions that security is slowing down the business?  I’ll cover that in my next blog post.

*Gartner “DevSecOps: How to Seamlessly Integrate Security Into DevOps”, Neil MacDonald and Ian Head, 30 September 2016