A survey of 506 cybersecurity leaders and practitioners working for organizations with more than 500 employees, published today, finds that while 80% report security and DevOps teams are using shared observability tools, less than half (45%) say the two teams are very aligned on tooling and workflows compared to 43% that said these teams are somewhat aligned

Conducted by the research firm UserEvidence on behalf of Sumo Logic, the survey also finds 93% of respondents work for organizations using at least three security operations tools, with 45% using six or more. More than half (55%) said they have too many point solutions in their security stack and all (100%) agreed that a unified platform for logs, metrics, and traces would be valuable for their security and DevOps teams.

Chas Clawson, vice president of security strategy at Sumo Logic, said the survey makes it clear that there is still significant room for improvement when it comes to collaboration between DevOps and cybersecurity teams even though many of them are now finally using the same observability tools and platforms.

For example, only 37% strongly agree that their security tooling is designed for modern application environments and a full 87% agree that unified security and monitoring tooling would improve team efficiency. A full 89% also agree that real-time threat detection is a top priority for their team.

As development velocity increases and applications require more sophisticated features and integrations, respondents noted that factors such as application complexity (56%) and DevOps acceleration (51%) prompt their organizations to update tooling, the survey finds.

Additionally, the survey finds that many cybersecurity teams lack confidence in their tools. Even though 92% say their current security information event management (SIEM) platform is effective at reducing mean time to detect and respond to threats, only slightly more than half (51%) said their current SIEM platform is very effective at reducing mean time to detect and respond to threats.

Similarly, even though 92% said their current SIEM platform scales to meet their needs, only 52% are very confident their current SIEM can scale to meet future security and cloud operations needs, a capability that 90% of respondents described as being important. On average, respondents ingest 4.14 data sources into their SIEM, with 36% using five or more data sources.

However, the number of data sources is likely to exponentially increase in the age of artificial intelligence (AI) which suggests that many legacy SIEM platforms will not be able to keep pace as the number of data sources continues to increase, noted Clawson.

In total, nearly half (48%) have adopted a cloud and on-premises mix of platforms, while 37% have a multi-cloud strategy. Three quarters (75%) said cloud adoption drives modernization for security and cloud operations tooling, with 88% reporting that cloud-native platforms simplify their security operations

Overall, the survey finds 70% of respondents say they’ve fully or mostly automated their threat detection and response process, with 25% reporting that those processes are fully automated.

A total of 63%, however, also said high operational cost is their biggest pain point, while 55% report struggling with too many point solutions in their security stack.

A full 90% also said artificial intelligence (AI) and machine learning tools are extremely or very valuable in reducing alert fatigue and improving detection accuracy, with nearly all (96%) reporting their organization has adopted AI to some extent.

It’s not clear to what degree AI might one day drive organizations to restructure their IT teams, but it is apparent fundamental change is coming. The issue now is determining what tools and platforms might be required to reduce the current level of friction that makes change more difficult than anyone wants to experience.