Security & Compliance Blog

4 Key Findings from Forrester Survey on SecOps Maturity

Shawn Jaques
3 minute read
Shawn Jaques

Maturity is typically used in the context of a person’s path to adulthood. Do they behave and act as civilized adults according to social norms? Or do they throw tantrums, speak out of turn or lack the decorum to behave appropriately for the situation? We also use maturity to describe the sophistication and completeness of an organization’s processes or technology. When referring to maturity in the context of security and IT operations (SecOps) teams, we attempt to measure the ability of an organization to effectively and efficiently prevent and respond to security risks. But, let’s face it, security is hard and there is no realistic end state. Instead, it’s a constant challenge to improve your skills, processes and technology.

It’s important because based on a recent report, SecOps organizations can achieve many benefits as they mature— and there’s plenty of room to grow. More mature SecOps enterprises are likely to have better collaboration between SecOps teams and fewer security vulnerabilities than those that are less evolved. Mature organizations are also able to more quickly mitigate risk and experience faster remediation— in production and in the DevOps pipeline.

These are some of the findings of a commissioned Technology Adoption Profile, conducted by Forrester Consulting on behalf of BMC to evaluate SecOps maturity. This study was based on research with 100 security and IT operations managers in US enterprises. Here are some highlights:

  1. 44% of enterprises either don’t have a formalized SecOps program, may only use ad hoc security operations processes, or may have practices that are only deployed occasionally. With 77% of enterprises using cloud services, it’s important to pay more attention to threats. If you don’t have a formal SecOps plan, it’s time to develop one.
  2. 71% report that improving advanced threat intelligence capabilities is their top information/IT security priority. However, 39% report a lack of visibility into unpatched systems and the volume of such systems. Gaining visibility is essential for effectively prioritizing and planning to remediate vulnerabilities.
  3. About half of the enterprises find that coordination between security and IT operations teams is challenging. SecOps maturity helps drive collaboration between these two teams to mitigate risk, address issues faster, and improve compliance.
  4. To achieve better identification and remediation of vulnerabilities, 60% report they are upgrading, expanding, or planning to deploy tools to ensure security and compliance of apps in the DevOps process.

The advantages of becoming a more mature SecOps organization and how tools can help

Organizations with more mature SecOps capabilities have reported a variety of benefits, such as:

  • Fewer security breaches
  • Fewer security distractions
  • Decreased cost of patching and compliance
  • Improved efficiency between operations and development teams

These organizations are either using tools or planning to use tools that can help identify affected systems, prioritize security issues, deploy patches, increase DevOps efficiency and compliance, and provide other capabilities.

BMC SecOps solutions can help organizations move further along the SecOps maturity curve, which can reduce risk and improve efficiency. Plus, developers can embed compliance and security testing in the development lifecycle — when it’s easier and less costly to find and fix issues — to deliver new, secure apps without disrupting innovation.

Download the full study, Overcoming SecOps Hurdles Decreases Risk While Increasing DevOps Efficiency, and discover the advantages of improving SecOps maturity.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

Run and Reinvent Your Business with BMC

BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for six years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe. Learn more about BMC ›

About the author

Shawn Jaques

Shawn Jaques

Shawn Jaques is a Director of Marketing at BMC, driving marketing and content strategy and execution for Security Operations solutions. These solutions span the DevOps, SecOps, Cloud Management and IT Automation markets. Shawn has over 17 years in enterprise software at BMC and other organizations through a variety of roles including marketing, product management and strategy. Shawn has also been a strategy consultant and financial auditor for seven years and has an MBA from The University of Texas at Austin and a BS from the University of Montana. He lives in Colorado and enjoys running, skiing, fly-fishing and other outdoor activities.