Are you making strides towards reducing hygiene concerns, specifically when working with developers?
Head of Security and Compliance in Software, 51 - 200 employees
Regarding risk and hygiene, one of the fundamental things that we think about is training. We make sure that they get enough knowledge about how to take care of the assets and access all sorts of details. And it's not a one time thing, it's ongoing. If you say, "My product security is secondary," you can't survive in the current generation.VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
We're trying to take the organization ahead left of release—really deep left. Two years ago we sent out this intentional strategy around hygiene. From 2018-2019, there were pulses coming in from the industry through regulators and audits, and the CISOs that were really paying attention—especially to third party risk assessment concepts—weren't accepting just a SOC 2 Type 2. They were like, "I want that but I want to see how many exceptions you have, how do you deal with defects?" They were asking very specific questions. From 2019 into 2020, you started to see this heavy shift to try to take your identification remediation left of release.IT Manager in Services (non-Government), 10,001+ employees
The way we see it at Acxiom, it's a culture shift: Shift that to left of release. We've seen smart threat actors who want to get into your CI/CD, because once they're in at the beginning, they're almost undetectable throughout the lifecycle of that application. We work to make sure security becomes business as usual (BAU): not an afterthought, but part of the culture. It’s part of the agile sprints and the strategy; we're getting people to self-report, and security comes in at the tail end to just make sure we're validating. The strategy has to be a cultural shift so that the developers and product owners who are working at the code level, are on the same page. We've seen our product owners really grow in that space to the point where once we've equipped them and interpreted policy, they're able to run with it as requirements.Expert Information Assurance Manager, 1,001 - 5,000 employees
I think the culture shift is that there's a better understanding now, and security is not a burden to them. It's not about ripping up their work and throwing it out, it's about real value.
IT Manager in Services (non-Government), 10,001+ employees
Exactly, it's part of their revenue-generating projects and they see it as a value add as opposed to huge projects at the end when they're getting to production.
Content you might like
100%13%
Greater than 50%54%
50%14%
Less than 50%14%
0%3%
682 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Director of IT in Healthcare and Biotech, 501 - 1,000 employees
Overall fit of the provider's services is key in any recommendation when selecting one of the big 3 clouds for any organization. Multi-cloud is significantly more difficult than most companies realize, and selecting a ...read moreAlmost immediately0%
One month or less42%
Two to three months33%
Up to six months13%
Around a year8%
More than a year0%
Varies too much to say4%
24 PARTICIPANTS