The pandemic has driven the demand for secure software development initiatives, according to 74% of IT leaders surveyed in the Asia Pacific region, findings of the IDC Asia Pacific 2020 DevOps survey sponsored by Micro Focus.
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyberthreat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.
However, a majority of APAC organisations are not equipped to tackle the issue at hand, with 55% of the respondents ranking modest to low in terms of their DevSecOps maturity levels.
The study covered about 1,200 enterprise leaders across 14 APAC regions, the study looked at the state of organisational DevSecOps maturity, as well as DevSecOps activities, plans, challenges and processes.
Businesses recognise that efficient software development, security threats, and business agility as the top drivers of DevSecOps initiatives in APAC. But on a regional scale, only four in 10 APAC leaders say they have united their DevOps and security teams to improve software development, with India (53%) and China (51%) leading integration efforts. DevSecOps adoption is still in the early stages for Korea (29%) and Japan (30%).
“Moving new digital initiatives forward quickly, especially to optimise the online experience for consumers and employees who are increasingly interacting with organisations virtually today, calls for secure and efficient software development processes,” said Stephen McNulty, president of Micro Focus Asia Pacific and Japan.
“This is a defining period for relationship and digital trust building, which means organisations will need to quickly speed up DevSecOps adoption through continuous and automated security testing to effectively respond to their stakeholders’ digital needs,” said McNulty.
Findings from the study reveal that the top obstacles to DevSecOps adoption are spread across the following three pillars — budget issues (15%), dearth of talent or skills (13%), and difficulty automating across hybrid infrastructures (13%).
Overcoming these obstacles is a priority for APAC organisations as the need for software-powered innovation rises, which translates to a greater scrutiny on application digital risks.
The notion of late-stage security testing in software development is proving to be outdated in the context of today’s digital economy, where secure applications, services and platforms are the cornerstone of digital innovation.
Among APAC firms, DevOps teams are still primarily responsible for application security testing, followed by security teams. The most common security tools currently in use are software composition analysis (24%), followed by interactive application security testing (19%), and static application security testing (18%).