Security in The New Normal Requires an Agile Approach



Security in The New Normal Requires an Agile Approach

By Danny Presten, Chief Methodologist at

Phishing attacks are up 600%, ransomware attacks have increased 148%, and the FBI has reported a 300% increase in cybercrimes. Cybercriminals are stepping up their game during the COVID-19 pandemic and, to ensure safety and security, businesses must do the same.

To keep pace with the ever-increasing threat level and achieve results in the new normal of remote-based working, many organizations are taking an Agile approach. Once thought of as the domain of DevOps, Agile is making its way into DevSecOps, cybersecurity, and beyond, and for good reason.

Agile is an iterative way of working that encourages rapidly releasing smaller slices of value as opposed to the long lead-in times of larger, traditional projects. In this way, results can be continuously improved as quickly as circumstances change to meet ever-evolving business needs. Many companies have benefited from an Agile approach to delivering software and now organizations are expanding those ways of working to include more and more security teams.

Agile offers huge benefits in cybersecurity where security teams are faced with threats that are continually evolving and bad actors who will look to adjust their methods almost instantaneously to find the best attack vector.

The 14th Annual State of Agile Report explores this uptake and the reasons for it, along with wider issues concerning Agile.

The importance of Agile

The 14th Annual State of Agile report, based on a survey of more than 1,000 global IT and business professionals, highlights how Agile adoption improves key capabilities needed to respond to current business challenges. Around six in ten respondents said Agile has both helped increase speed to market and improved team productivity.

A follow-up survey conducted in mid-May 2020 to learn more about how the COVID-19 pandemic has affected Agile adoption revealed that 55 percent of respondents said their company plans to increase the use of Agile in the next 12-24 months. This is a rise of 13 percent over the original survey completed just five months previously. Additionally, 43 percent of organizations said their momentum for Agile adoption has increased over the past 90 days, with 15 percent saying the increase is significant.

The main catalyst for organizations to adopt Agile comes from wanting to accelerate the delivery of value to customers as well as being able to quickly respond to changing circumstances. Indeed, our survey found that the second largest reason for adopting Agile is to enhance the ability to manage changing priorities, with two-thirds (63 percent) of respondents citing this as a key motivator.

This key advantage has led to Agile being adopted in many areas of the business. Software development and IT are understandably the most popular at 37 percent and 26 percent. However, increasingly it is being utilized in operations, marketing, HR, and sales. Cybersecurity is no exception as Agile can help security teams combat continually evolving threats.

The diffusion of Agile principles

The concept of Agile has been around for many years now. It began in the late 2000s with the Scrum framework, which focuses on teamwork, accountability, and iterative releases for the development of hardware and software. This was expanded throughout the early 2000s through a variety of scaling frameworks allowing multiple small teams to collaborate effectively on various parts of the product. Today teams collaborate in a variety of ways beyond the traditional face to face interactions with 71 percent of companies reporting teams collaborating across multiple geographies.

As companies began to benefit from increased development productivity, they realized their next bottleneck was actually getting the new product to production. This led to the rise in the prominence of DevOps in the middle of the 2010s ushering in an expansion in Agile practices and culture. To that end, more than 90 percent of respondents are now placing a high value on DevOps and 75 percent of organizations are actively planning and/or implementing transformation in this area. Organizations going through their DevOps transformation look to achieve accelerated delivery speed (70 percent), improved quality (62 percent), and reduced risk (48 percent). In an increasingly digital world, it’s critical to get high quality, valuable software to consumers as rapidly as possible. It’s clear that organizations are realizing focus in this area is critical for their survival.

As DevOps began to address operational bottlenecks, organizations started to see issues in other areas and have realized they need to look at the entire end-to-end value stream. Value Stream Management (VSM) helps to decrease time to value by providing a systematic approach for measuring and improving workflow across the organization through a combination of people, processes, and technologies.

Currently, eight out of 10 respondents said they have an interest in, are planning to implement, or are implementing VSM. Having an end-to-end view of how value flows in an organization will enable firms to tie actual outcomes to deliveries enabling a much-improved view of value planned and delivered.

The rise of VSM has led to the incorporation of security into the DevOps process, rather than as an afterthought, to create DevSecOps. This approach enables organizations to address security issues during development, reducing cycle time, and rework while improving quality and streamlining the workflow. Additionally, this also means the security team now has a seat at the DevOps table and can make sure that the appropriate security is in place as an app is being built, reducing vulnerabilities.

Challenges implementing Agile

With all the advantages an Agile framework offers, why aren’t more businesses fully adopting it? Organizational obstacles can often be considerable. More than 40 percent of respondents report an overall organizational resistance to change, not enough leadership participation, inconsistent practices across teams, and an organizational culture that is at odds with Agile values. Even more challenging to note is that these have been top barriers for Agile adoption consistently for more than five years.

It’s critical that leadership understands the principles that make an Agile ecosystem work and take an effort to bring about the necessary organizational change to harness their benefit.

Making Agile a success relies on implementing proven practices and principles that are executed through a culture immersed in this way of working. Increasingly we’re seeing management learn and own those core Agile values. While it’s obvious there is more work to do it’s encouraging to see the movement as an organization’s success depends on it.

Coping with increasingly sophisticated bad actors while simultaneously working through the new realities brought on by the pandemic requires an organization that can pivot at a moment’s notice. Those organizations leveraging an Agile approach are better able to respond to changing conditions, maintain quality and security, and provide solutions that bring value to their customers.

About the Author

Danny AuthorDanny is Chief Methodologist at  He has several transformation tours of duty behind him in which he’s worked in agile organizations, consulted with senior leaders, and led training initiatives. He is an entrepreneurial self-starter with over 20 years’ experience successfully addressing complex delivery challenges in a variety of industries including web development, e-commerce, healthcare, nonprofit, supply chain, and legal.

Danny can be reached online at can be reached online at and at our company website


Source link