Hindered by complexity and frequent change, effective DevSecOps remains a challenge for many organizations. How can companies ensure they’re on the right track?
In a survey conducted by Insight Avenue and sponsored by Progress, more than 600 interviews with IT/Security/App Dev and DevOps decision makers showed that a holistic approach and collaborative culture are key to DevSecOps (Development, Security and Operations) success.
DevSecOps is an approach to culture, automation and platform design that incorporates security as a shared responsibility throughout the IT lifecycle. While it’s not new, DevSecOps success has remained elusive for many businesses.
“The benefits of integrating security into DevOps are plentiful—from reduced risk and lower costs to faster delivery and more effective compliance. Unfortunately, it’s not as easy as snapping your fingers,” said Sundar Subramanian, EVP & GM DevOps, Progress.
“Our research confirms what we see and hear from customers every day—that each has their own unique culture and trajectory, with their own inflection points and challenges, which present more than one roadblock to DevSecOps adoption,” Subramanian continued.
The results revealed that 17% of organizations still consider themselves at an exploratory and proof-of-concept stage when it comes to DevSecOps. Additionally, 71% of respondents agreed that culture is the biggest barrier to DevSecOps progress, and 86% said they experience challenges in current approaches to security. Seventy-six percent said they realize they could be more strategic in how they manage DevSecOps.
Read more highlights from the survey below or download a copy of the whitepaper to get a complete picture of the state of DevSecOps in tech.
DevSecOps: Where Organizations Are Struggling
Survey participants noted that several obstacles stand in the way of DevSecOps success, including collaboration and culture. While 71% of respondents agreed that culture was the biggest barrier, just 16% said culture is an area they plan to optimize in the next 12 to 18 months.
Many businesses are overlooking the importance of collaboration, too: Just 40% of participants believed implementing security training and upskilling efforts across multiple stakeholders was paramount when implementing DevSecOps.
Entities also noted that they’re having difficulty showing ROI: Fifty-nine percent of teams said they had a hard time attaining buy-in/funding for re-factoring efforts that didn’t provide new user capabilities.
Security was a primary concern as well, with 86% of study participants saying they had experienced challenges in current approaches to security. These challenges included prioritizing external capabilities over internal apps (47%), problems in meeting delivery deadlines (45%) and difficulty meeting audit requirements specified by the security team (39%).
…And What Businesses Are Getting Right
The survey showed that organizations with top-tier DevSecOps approaches prioritize collaboration, culture, processes and technology, while also identifying areas of improvement for the present and future.
Forty percent of these entities recognized that it was critical to implement security training and upskilling among developers, business owners and other teams. Additionally, 60% had acknowledged the need for further improving communication between developers, security and operations to ensure DevSecOps success.
Leading organizations were also more likely to have automated security and reliance tasks (43%), reduced time and effort to complete security audits (41%) and implemented security practices early in the development process (47%).
How Entities Can Achieve DevSecOps Success
Although DevSecOps isn’t a brand-new way of doing things, its capacity to enhance productivity and security has only grown since its inception. If teams can recognize and overcome barriers to success, they can design an effective DevSecOps strategy.
As organizations continue to accelerate the development cycle, the need to develop a comprehensive, effective DevSecOps culture will become even more critical. Companies will need to have plans and processes in place to improve security, as well as encourage collaboration among different teams within the business.
To learn more about the state of DevSecOps in tech today, and to gain insight into how to implement a successful DevSecOps strategy in your own organization, download the full whitepaper.
Jessica Kent
Jessica Kent was a content specialist at Progress.