Complexity, skills shortfall stifle DevSecOps success

Three in every four (73%) IT and security decision makers globally admit that more could be done to improve DevSecOps practices, a new report from Progress.

The report is based on a survey conducted by Insight Avenue of 606 IT, security, application development and DevOps decision makers who are based in 11 markets including the United States as well as countries in  Europe, Asia, and Latin America.

Findings show that many companies understand what DevSecOps is and the potential benefits it brings for their organisations, with 97% of respondents saying that they are familiar with DevSecOps processes. 

IT security is also becoming a bigger priority, with 45% rating their current security efforts as above average and 28% saying that they are thriving in their security efforts.

Business and technological factors are driving the adoption of DevOps and DevSecOps solutions. These included better management of cyber threats (61%), increasing the agility of their business applications (59%) and managing distributed/remote work environments (59%).

With the increasing adoption of DevOps and DevSecOps, organisations understand the need to evolve their business landscape to keep up with the technological development. When asked about which areas they are focusing on in the next 12-18 months, 81% of respondents said technology and tools while 74% said standards and security policies.

The organisations succeeding in the implementation of DevOps and DevSecOps policies and practices recognize the importance of security training and upskilling. This helps them reach a higher level of continued long-term collaboration between security and development teams. 

According to the respondents, the top business factors driving the adoption and evolution of DevOps inside their organizations include a focus on agility; reducing the business risk of quality, security, and downtime or performance issues; and the need to implement DevOps to support a cloud-mandate or their move to the cloud. 

Other survey areas highlighted include infrastructure modernization efforts, policy as code, cloud-native adoption, time to ROI, investment and education opportunities, and more. 

“Our research shows that DevSecOps success has been stymied by complexity and constant change,” said John Yang, VP of  Progress. 

“Large enterprises in Asia-Pacific including Japan are under pressure to deliver CIS compliance but at the same time, the complex environments and limited manpower with which they operate stifle that,” said Yang.