Teams at higher levels of DevOps evolution have automated their security policies, and they involve security experts in their organisations very early in the software development process – from the planning and design phases, according to the 2019 State of DevOps Report.
This year’s report — written by Puppet, CircleCI and Splunk — finds that in Asia, only 30% of firms have reached a significant or full security integration, compared to 38% in Australia and New Zealand, 43% in Europe and 38% in the Americas.
These organisations had achieved not only the ability to ensure customer data stays safe but also faster product delivery to market.
Findings show that security doesn’t have to take a back seat to feature delivery. In Asia, it was found that respondents were less likely to involve their security function when there is an ad hoc reported issue in production, during the requirements phase of the delivery cycle and the design phase of the delivery cycle.
Cross-team collaboration builds confidence in an organisation’s security posture. More than half of respondents from Asia said that they are limited by their business needs (58%) and technology and processes (57%).
Time to remediate vulnerabilities did not dramatically decrease at higher levels of security integration but it did decrease slightly. In Asia, 41% of respondents are able to remediate in one day to less than one week compared to 33% of global respondents and 30% in Europe. In Singapore, there is still a relatively low degree of automation as compared to other regions.
The more security is integrated into the software delivery lifecycle, the more delivery teams see security as a shared responsibility.
There is huge potential for Asia to fine tune its security practices and/or processes around containers. Asia has a relatively high instance of containerised images with Singapore leading the pack at 73%, the highest globally compared to only 33% in the Americas.