Latest news with #DevSecOps
Forbes
05-08-2025
- Business
- Forbes
From Chaos To Concert: Curating Your DevOps Tool Orchestra
Leah Dodson, Founder of Piqued Solutions. Advising leaders on secure, scalable, and strategic tech growth. What begins as a well-intentioned effort to streamline development often ends in noise: overlapping tools, disconnected workflows, ballooning costs and growing security gaps. In fact, nearly 75% of DevSecOps professionals already leveraging AI admit they need to consolidate their sprawling toolsets to cut complexity and risk. Across industries, teams are burdened with too many tools solving the same problems in slightly different ways. The result is a fragmented environment where efficiency drops, teams become frustrated and complexity obscures risk. The Hidden Cost Of Too Many Tools When each team selects tools in isolation, whether it's CI pipelines here, code scanning platforms there or multiple dashboards with no central integration, it quickly becomes difficult to manage, much less optimize. This isn't an isolated issue. In GitLab's 2024 Global DevSecOps Survey, more than 78% of professionals said they spend at least a quarter of their day just maintaining or integrating tools. This time lost could have been spent building value instead. In one organization, we discovered seven separate tools that touched code quality or security. Many of these tools had overlapping functions, few were fully utilized and none were centrally governed. The cost wasn't just financial. Engineers were wasting hours reconciling data, navigating different UIs and adapting workflows across tools that didn't talk to each other. Meanwhile, leadership had no reliable view of their overall performance or risk exposure. Start With An Audit, Not An Assumption Visibility is often worse than assumed. Only 5% of IT leaders report having full insight into what software licenses are even being used, let alone how effectively. Before changing your toolset, start with a tech stack audit. Identify each tool, its primary function, the teams using it and any associated costs or contract obligations. Go beyond the budget line item and assess how much time each tool demands from your team and whether it meaningfully contributes to your delivery, security or reliability goals. Ask questions like: • Which tools are actively used in production workflows? • Do multiple tools cover the same function? • Are any tools required for compliance or client obligations? • What level of expertise is needed to use each tool well? This process often reveals shelfware, redundant tools or ones with unclear ownership. Any of these is a sign your stack needs attention. Define Harmony: Align Tools To Teams The next step is to evaluate each tool based on how well it fits your team's skills and workflows. A powerful tool with a steep learning curve might sound good in theory. But if your team isn't equipped to use it, it creates more friction than value. Focus on tools that: • Integrate smoothly into the way your team already works. • Offer automation and extensibility. • Provide visibility across development, security and operations. • Scale without requiring constant reinvention. The right combination of tools should feel cohesive and purposeful. Each one should serve a distinct function while contributing to a system that runs more efficiently as a whole. Curate With Intent, Not Convenience It's easy to add tools reactively. A new requirement appears, and a new solution is introduced. Over time, these one-off decisions lead to sprawl and inefficiency. Instead, ask: • Can an existing tool solve this new problem with configuration or add-ons? • Does this new tool integrate with the existing stack? • Will it reduce complexity or simply layer on more? Consider consolidating where possible. Standardize workflows across teams. Use automation to reduce human error and improve consistency. Centralization pays off. In fact, 79 % of teams that centralized their observability tooling reported savings in either cost or time. Treat The Stack As A Living System The tools that serve you well today may not be the right fit six months from now. New business goals, changes in team structure or updated compliance requirements all shift the landscape. Set a regular review cycle. Quarterly or biannual check-ins often work well. Use these moments to ask: • What's still delivering value? • Where is friction increasing? • Are we paying for features we no longer need? In one organization, moving from multiple monitoring tools to a single observability platform saved over $100,000 per year. It also gave the team real-time insight they never had before. Tune The Orchestra, Don't Add Noise Curating your DevOps toolchain isn't just about cutting costs—it's about improving clarity, efficiency and resilience. A strong DevOps environment doesn't need more instruments. It needs better coordination, clearer signals and tools that work together with purpose. With a focused audit, thoughtful alignment and regular tuning, even a noisy stack can become a cohesive system that helps your team deliver with confidence. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Web Release
30-07-2025
- Business
- Web Release
IBM Report: Data Breach Costs Drop 18% in the Middle East, Reaching SAR 27 Million in 2025
IBM (NYSE:IBM) released its 2025 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East reached SAR 27.00 million. This represents a decrease of approximately 18% from SAR 32.80 million the year prior. According to the report, the top three factors that reduced breach costs for local businesses were AI/ML-driven insights, encryption and a DevSecOps approach. In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment. Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million. 'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, General Manager of IBM Middle East and Africa. Other key findings in the 2025 IBM report for the Middle East include: Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million. The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Additional Sources
Globe and Mail
30-07-2025
- Business
- Globe and Mail
JFrog Gathers Tech Industry Giants at swampUP 2025 to Unveil Major Advances in Secure Software Supply Chain and AI Development
JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today announced the official speaker roster for its award-winning swampUP user conference. The event will take place September 8-10, 2025, at the Meritage Resort & Spa in Napa, California. This press release features multimedia. View the full release here: JFrog's annual swampUP event is the premier conference for DevOps, DevSecOps, MLOps and AI-driven software delivery. It brings together software developers, security professionals, IT and DevOps leaders, MLOps engineers, and community innovators to explore the 'quantum shift' in real-world practices for managing modern software supply chains. This year's event promises an energizing mix of illuminating keynotes and product announcements, hands-on technical training, and immersive sessions given by industry experts from the community focused on sharing best practices for building secure, scalable, AI-empowered software. 'Software is evolving at lightning speed. Code assistants are boosting developers' productivity, securing ML models is a must, and having proper compliance in the era of AI will determine which companies thrive and which won't,' said Shlomi Ben Haim, Co-Founder and CEO, JFrog. 'swampUP is where industry experts, ecosystem partners, and our community come together to share knowledge, best practices and shape what's next. This will be remembered as the EveryOps event of the year.' An All-Star Lineup of Industry Leaders and Tech Visionaries This year's swampUP Napa speaker lineup includes top executives and technologists from leading companies, including: NVIDIA's VP of Enterprise AI Products, Justin Boitano, ServiceNow's General Manager of ITSM, Rahul Tripathi, and Tariq Shaukat, CEO of Sonar, a code quality and security solutions provider, will join JFrog's Co-Founder and CEO, Shlomi Ben Haim, to discuss what's next in the world of secured software delivery in the AI driven era. GitHub's senior product manager for supply chain security, Kristina Heidinger, and ServiceNow's Head of Product Management for ITSM and DevOps, Anand Ahire, will join JFrog's SVP of DevOps, Yossi Shaul, and VP of JFrog Security, Eyal Dyment, for a discussion on best practices for increasing trust and compliance in every software release. NVIDIA's senior director of AI, Adel el Hallak, will join JFrog's VP & CTO of MLOps, Yuval Fernbach, to discuss how to secure and govern AI/ML models as first-class software artifacts within DevSecOps, enabling trust, visibility, and compliance throughout the model lifecycle in modern development environments. Dell Technologies' AI Field CTO, Maciej Mazur, will share lessons learned from building distributed, highly-scalable, efficient enterprise architectures for delivering billions of recommendations daily, focusing on best practices for system design, GPU optimization, and security. Founder & Chief Vibe Manager, MLOps Community, Demetrios Brinkmann, will discuss how MLOps engineers and developers can build and continuously update evaluation systems that create a strong competitive advantage. Attendees will also hear from distinguished speakers representing CVS Health, Ford Motor Company, Google, JPMorgan Chase, and more. Other event highlights at swampUP 2025 include: Hands-on Training - Day Zero (Sept. 8): swampUP will kick off with a full day of immersive training designed to equip attendees with practical skills across the JFrog Platform and the broader DevOps toolchain. Industry experts will lead these sessions, emphasizing real-world, hands-on experience. Keynotes & Breakout Sessions - Days 1 & 2 (Sept. 9–10): Morning keynotes will showcase JFrog's newest product innovations and partnerships, featuring thought leaders and executives from industry-leading companies, while afternoon breakouts will cover critical topics including secure software delivery, AI/ML model management, platform engineering and observability in the GenAI era. Community Gala & Concert (Evening of Sept. 9): This unforgettable evening under the Napa Valley sky will feature a performance by world-renowned cellist Tina Guo, offering a unique opportunity to unwind and network with fellow attendees. Registration is now open and interested parties can view the full agenda at For more information on reasons to attend swampUP 2025, check out this blog and follow JFrog on X @jfrog. Like this Story? Share this on X: Just announced! Star-studded #swampUP2025 speaker lineup. Join us Sept 8–10 in #Napa for visionary keynotes, hands-on training, plus a gala concert with world-renowned cellist @Tinaguo. Speakers from @Dell, @GitHub, @NVIDIA, @ServiceNow, @SonarSource & more! Register: #DevOps #DevSecOps #AI #SoftwareSupplyChain #EveryOps About JFrog JFrog Ltd. (Nasdaq: FROG) is on a mission to power the world with liquid software. We are replacing endless software updates with a single system of record that seamlessly delivers secure applications from developer to device. The JFrog Software Supply Chain Platform helps organizations build, manage, and distribute software quickly and securely, making applications available, traceable, and tamper-proof. Its integrated security features also help identify, protect, and remediate against threats and vulnerabilities. The Platform also brings ML models in line with all other software development processes, providing a single source of truth for all software components across Engineering, MLOps, DevOps, and DevSecOps teams so they can build and release AI applications faster, with minimal risk and less cost. JFrog's hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won't go back! Learn more at and follow us on X: @jfrog.
TECHx
30-07-2025
- Business
- TECHx
IBM Reveals Drop in Data Breach Costs for Middle East
Home » Top stories » IBM Reveals Drop in Data Breach Costs for Middle East IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decrease in average breach costs for businesses in the Middle East. According to the report, the average cost fell to SAR 27.00 million, down 18% from SAR 32.80 million the year before. The report highlighted that AI/ML-driven insights, encryption, and a DevSecOps approach were the top three factors that helped reduce costs for organizations in the region. Despite the drop, lost business remained the largest cost category, averaging SAR 11.63 million. Post-breach response costs followed at SAR 7.50 million, with detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. IBM reported that the financial sector experienced the highest breach costs at SAR 34.00 million. The energy and industrial sectors followed closely with SAR 32.00 million. Saad Toma, General Manager of IBM Middle East and Africa, noted the region's proactive use of AI. He stated that AI-driven tools are enhancing detection and response, but emphasized the need for continued investment in security talent and governance. The report also revealed: 41% of Middle East organizations use access controls to protect AI systems, compared to only 3% globally. 38% have formal AI governance policies, with another 24% developing them. Complex security systems, IoT/OT environments, and staff shortages significantly raise breach costs. Top initial attack vectors in 2025 included: Third-party vendor and supply chain compromise (17%, SAR 29.60 million) Denial of service attacks (14%, SAR 27.20 million) Phishing (14%, SAR 28.00 million) Malicious insider threats (11%, SAR 33.00 million) IBM conducted the report in partnership with the Ponemon Institute, analyzing over 600 global breaches, including those in Saudi Arabia and the UAE, from March 2024 through February 2025. The report draws on two decades of research, covering nearly 6,500 breaches.
Zawya
30-07-2025
- Business
- Zawya
IBM report: Data breach costs drop 18% in the Middle East, reaching SAR 27mln in 2025
Dubai, UAE – IBM (NYSE:IBM) released its 2025 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East reached SAR 27.00 million. This represents a decrease of approximately 18% from SAR 32.80 million the year prior. According to the report, the top three factors that reduced breach costs for local businesses were AI/ML-driven insights, encryption and a DevSecOps approach. In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment. Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million. 'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, General Manager of IBM Middle East and Africa. Other key findings in the 2025 IBM report for the Middle East include: Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million. The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years.
