Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join us for Cybersecurity Awareness Month! Strengthen your cyber resilience with essential security tips and resources for everyone.

Aligning Security Testing with IT Infrastructure Changes

Published 10/03/2024

Home
Industry Insights
Aligning Security Testing with IT Infrastructure Changes

Originally published by Pentera.


With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This frequency gap leaves organizations vulnerable to prolonged risk and highlights a critical area for improvement. Ensuring security measures evolve in tandem with IT changes isn’t just advisable—it’s essential for safeguarding digital assets.

This insight is part of Pentera’s State of Pentesting Report, which delves into the current state of security validation practices, focusing on the pivotal roles of pentesting and red-teaming.

The analysis, conducted by Global Surveyz Research, involved 450 security professionals from the US, UK, Western Europe, and APAC, across enterprises with over 1,000 employees.

graphs for adding-subtracting resources & pentest frequency


Key Findings from the Pentesting Report

Evolving Motivations for Pentesting

Securing the IT environment and assessing the impact of a successful attack have become the primary reasons for penetration testing, moving beyond compliance requirements. This shift signifies a stronger focus on continuous security validation and proactive cybersecurity.


Increased Involvement from Boards

Over 50% of CISOs are sharing pentest results with their executive teams and Boards, reflecting greater involvement of upper management in cybersecurity. This transparency highlights the critical nature of aligning security practices with business needs.
need for testing


Rising Concerns about Internal Remediation

In 2024, 36% of respondents cited internal remediation capabilities as a barrier, a significant increase from 21% in 2023. This reflects the growing challenge of ensuring vulnerabilities are fixed efficiently without disrupting operations.


Barriers to Effective Pentesting

One major barrier to effective pentesting remains the availability of skilled pentesters. Additionally, concerns about business continuity persist, with some organizations hesitant to undertake pentests due to potential downtime.
in-house testing


Pentesting as a Strategic Tool in M&A

Pentesting is increasingly being used in M&A activities to assess cybersecurity risks. By understanding potential vulnerabilities, businesses can avoid inheriting cyber risks from acquired companies.


Why Aligning Security Testing with IT Infrastructure Changes Matters

The survey data provides a roadmap for CISOs to align their security testing frequency with IT infrastructure changes. Implementing regular and frequent security testing can dramatically reduce exposure and safeguard organizational assets from evolving threats.

Enhancing cloud security strategyPenetration TestingRisk ManagementVulnerabilitiesSurveys

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Access the Cybersecurity Awareness Month Bundle
Register for the Zero Trust Summit 2024
Download: AI in Medical Research
Trending This Week
#1 5 Tips for Managing Shadow IT
#2 Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs
#3 Generative AI Proposed Shared Responsibility Model
#4 How is CSA STAR different from ISO 27001 and SOC 2?
#5 The Top Cloud Computing Risk Treatment Options
Enhance your cloud security skills with CSA's online training options.
Related Articles:
How to Maximize Alignment Between Security and Compliance Teams

Published: 10/04/2024

Embracing AI in Cybersecurity: 6 Key Insights from CSA’s 2024 State of AI and Security Survey Report

Published: 10/04/2024

Secure by Design: Implementing Zero Trust Principles in Cloud-Native Architectures

Published: 10/03/2024

Elevating Application Security Beyond “AppSec in a Box”

Published: 10/02/2024