A survey from ZeroNorth says 84 percent of security and development professionals believe that Security Champions efforts can both bolster application security (AppSec) and improve relationships between Security and DevOps teams.
As organizations embrace DevOps and accelerate software delivery, the notion of centralized control is fading away as DevOps teams are gaining increasing AppSec responsibilities. A recent Ponemon Institute Research report revealed the challenges these shifts are creating, indicating that 71% of AppSec professionals believe security is undermined by developers who don’t include proper security functionality early in the software development life cycle (SDLC).
In an effort to better prepare DevOps teams for their AppSec remit, Security Champions programs are being implemented by organizations looking to create a culture of security across the development process. The report, conducted by ZeroNorth, surveyed security and development professionals to learn about the state of Security Champions programs at their individual organizations.
The survey found that while the notion of a Security Champions program is not a new one, 67% of these programs have existed for less than two years, with almost 40% being in place less than one year. For organizations that have implemented a Security Champions Program, 78% of respondents said the program has strengthened security skills and knowledge of developers, and 77% said it improved the company’s overall AppSec posture.
“The challenge of securing applications against increasingly sophisticated attacks is larger than any single organization,” said ZeroNorth CEO, John Worrall. “The most successful approaches to creating a culture focused on security begin at the top, with CISOs and security leaders working to bridge internal divides and demonstrate that the security of applications is everyone’s responsibility.”
Among the key findings of the survey:
- Security champions have the power to improve AppSec, with 84% of respondents agreeing or strongly agreeing.
- Passion for security gives strength to a Security Champion, with 50% of respondents naming it the characteristic for a successful Security Champion.
- Security Champions are a unifying force with 56% of respondents saying Corporate Security leadership was a top requirement for the success of Security Champion and 47% saying Engineering leadership support.
- Corporate Security teams are vital to the success of security champions programs, with 57% of respondents saying they should play a role in defining security priorities and 47% saying they should be involved in training best practices.
Download a copy of the Security Champions: Empowering Heroes to Unite Security & DevOps report here.