Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    France’s OVH expands into India amid growing cloud adoption

    March 21, 2023

    Governments request for user data from Apple, Google rises; India ranks no. 1 in Southern Asia: Report

    March 20, 2023

    Govt plans incentive scheme for cloud startups to thwart Microsoft, Amazon, and Google domination

    March 17, 2023
    Facebook Twitter Instagram
    Your Infotech
    • Data

      Governments request for user data from Apple, Google rises; India ranks no. 1 in Southern Asia: Report

      March 20, 2023

      How to back up all your Google account data

      March 15, 2023

      Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

      March 8, 2023

      Google Search Console Bulk Data Export Is Here

      February 24, 2023

      AWS, Azure, and Google Cloud report single-digit YoY growth by annual contract value in Q4CY22

      February 13, 2023
    • Cloud

      France’s OVH expands into India amid growing cloud adoption

      March 21, 2023

      Govt plans incentive scheme for cloud startups to thwart Microsoft, Amazon, and Google domination

      March 17, 2023

      Intellect launches eMACH.ai for banks to use cloud services with embedded AI

      March 14, 2023

      Chinese AI groups use cloud services to evade US chip export controls

      March 9, 2023

      Tech-sponsored study criticizes plan to exclude non-EU cloud vendors

      March 6, 2023
    • Networking

      Amazon’s AWS cozies up to carriers to launch 2 services to build and operate networks in the cloud

      February 22, 2023

      META PLATFORMS SPENT OVER $1 BILLION ON ARISTA NETWORKING IN 2022

      February 17, 2023

      Microsoft Teams and Outlook are down due to a ‘networking issue’

      January 25, 2023

      Warning to those with older phones 3G networks are to be scrapped starting this year

      January 23, 2023

      Will the Broadband Ecosystem Save Telecom in 2023?

      January 19, 2023
    • Virtualization

      Imagination and Telechips drive automotive display diversity with hardware virtualization

      March 16, 2023

      Device virtualization is key to IoT adoption

      March 3, 2023

      Discover how virtualization can transform your business with this online training

      February 7, 2023

      Server Virtualization Software Market Next Big Thing | Major Giants IBM, Oracle, Microsoft

      February 2, 2023

      Global Data Virtualization Market Report 2022: Featuring Oracle, IBM, Cisco, Salesforce, Workday, Alteryx, Domo, Ceros, Cluvio & Qliktech International

      January 26, 2023
    • IT Infrastructure

      TCS+ | The need for speed: Braintree’s Heath Huxtable on modern IT infrastructure

      March 13, 2023

      The race to net zero: Six ways to slash IT infrastructure emissions

      March 10, 2023

      Vertiv and TechAccess partner to boost African IT infrastructure solutions

      February 28, 2023

      It Infrastructure Market Size 2023 Research Report with Technological Factors and Forecast till 2025

      February 21, 2023

      Geojit to build 1.25 lakh sq ft IT infrastructure in Infopark

      February 14, 2023
    Your Infotech
    Home»Information Technology»15 Years in, DevSecOps Lags, with Organizational ‘Culture’ to Blame
    Information Technology

    15 Years in, DevSecOps Lags, with Organizational ‘Culture’ to Blame

    yourinfotechBy yourinfotechNovember 20, 2022Updated:November 21, 2022No Comments6 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Some 15 years after becoming a thing, DevSecOps is lagging in the enterprise, primarily held back by organizational culture.

    That’s a main takeaway from a new survey-based research study from Progress, a company known for its developer tooling which became a major DevSecOps player with the 2020 acquisition of Chef.

    Titled “DevSecOps: Simplifying Complexity in a Changing World,” the report explains that while security is the No. 1 driver behind most DevOps and DevSecOps implementations, only 30 percent of respondents feel confident in the level of collaboration between security and development, the very idea behind DevSecOps. Specifically, DevSecOps is associated with development and security teams working together to bake in security functionality early in the software development process, described with the term “shift left.”

    Progress identified the following as three overarching findings emerging from the study:

    DevSecOps success has been stymied by complexity and constant change
    Effective DevSecOps requires collaboration and investment in culture
    Desire to succeed didn’t equal mastery of DevOps and DevSecOps practices
    Along with a lack of confidence in dev/sec team collaboration, the report finds that many organizations are lagging in achieving their DevOps and DevSecOps goals. Specifically, 73 percent of organizations said they could be doing more, 76 percent acknowledge they need to be more strategic about how they manage DevSecOps, and 17 percent still consider themselves at an exploratory and proof-of-concept stage.

    And what’s to blame for all of the above? Organizational culture. The report discusses “culture” as a mix of management priorities for how security was approached when it came to DevSecOps, along with collaboration/training and communication with and investment in people.

    Surprisingly, while culture was identified as a major barrier to DevSecOps implementations, respondents reported it’s receiving little corporate attention.

    Specifically, 71 percent of respondents agreed that culture was the biggest barrier to DevSecOps progress, but only 16 percent prioritized culture as an area they were looking to optimize in the next 12-18 months. While only about 30 percent felt of respondents were confident in the level of collaboration between security and development, 46 percent of respondents were not particularly confident and 24 percent were not at all confident.

    “This lack of recognition about the importance of culture flowed directly from executive levels of leadership. Board-level directives set priorities for how security was approached when it came to DevSecOps for 19 percent of respondents. Yet those were the very organizations rated with average or below average scores for security integration,” the report said.

    “Additionally, only 40 percent believed implementing security training and upskilling efforts across multiple stakeholders was very important when implementing DevSecOps. This reinforced the notion that many practitioners siloed DevSecOps work within narrow teams at the very time those succeeding with it took a holistic approach to improving communication and skills cross-functionally across the organization.”

    Regarding training, the report said more is needed to involve stakeholders, listing the top three people-related actions needed to support a shift to more strategic DevSecOps as:

    More investment in continuous learning for developers and engineers (61 percent)
    Upskilling of developers and engineers to move into SRE roles (60 percent)
    Improved communication between developers, security and operations (60 percent)
    The report also found that while security was clearly a concern for every team, priority areas of concern varied, with key focus areas for security (ranked first or second) depicted in this graphic:

    Key Focus Areas for Security
    [Click on image for larger view.]
    Key Focus Areas for Security (source: Progress).
    “The priority of digital marketing efforts was worth noting, as it showed the increasing importance and opinion of teams, such as marketing, in the DevSecOps workflow,” Progress said. “From a collaborative point of view, the desire to improve security could be a rallying cry for improved practices and cross-team coordination at organizations seeking to advance in DevSecOps.”

    Other data point highlights of the report include:

    The top business factor driving the adoption of DevSecOps was a focus on business agility via fast and frequent delivery of application capabilities (59 percent)
    The most common timeframe to derive quantifiable benefits from DevSecOps efforts was 6-12 months (45 percent), although 31 percent said it had taken longer than a year
    Despite security threats being the No. 1 technology factor driving the evolution of DevOps (57 percent), over half (51 percent) were only somewhat familiar with how security fit into DevSecOps
    39 percent of respondents had a comprehensive modernization approach based on cloud-native architecture principles, while another 22 percent felt they lacked one entirely
    24 percent considered their modernization approach to be largely rip-and-replace
    36 percent saw themselves as having a very good balance of investment across maintenance, modernization and new development efforts
    89 percent of new initiatives were cloud-native
    88 percent stated cloud-native and DevSecOps efforts were closely associated
    73 percent saw DevSecOps roles evolving to become CloudOps to align better with cloud-native efforts
    65 percent thought using artificial intelligence (AI) as part of their strategic DevSecOps approach (AIOps) held great promise in the future
    50 percent were familiar and interested in both infrastructure and policy-as-code
    59 percent said they struggled to attain buy-in/funding for re-factoring efforts that didn’t provide new user capabilities
    27 percent were not at all confident in the accuracy of their security and compliance data
    18 percent were not at all confident they were protected against the OWASP top 10
    47 percent were not particularly confident there was an effective integration of security/compliance feedback
    “Although DevSecOps is no longer the fresh-faced kid on the block, its potential to make a significant impact on the productivity and security posture of organizations has only expanded,” Progress said in conclusion. It said the challenge has been to successfully navigate success blockers, including:

    Overcoming obstacles to collaboration: There was still a lack of confidence in the ability for different teams, such as security and app development, to successfully communicate and collaborate with each other. Leadership prioritizing the importance of cross-functional communication can go a long way to address this.
    Incorporating new technologies and processes: Cloud-native development, AI and policy-as-a-code have begun to influence DevSecOps strategy. But organizations must be careful to balance modernizing technology, processes and culture, as focusing on just one area will not be enough.
    Conflicting areas of interest: Prioritization must start from leadership, yet many executive teams were not placing enough importance or investment into the key areas that will drive DevSecOps success. This included adopting a holistic approach to DevSecOps that engaged teams from across the organization.
    Building confidence in securing cloud-native adoption: While organizations are making strides into appropriately securing workloads based on containers/Kubernetes, there is still work to be done. In addition to fully implementing and leveraging the benefits of cloud-first technologies, it’s essential for organizations to think about cloud security.
    For the report, Progress commissioned U.K. firm Insight Avenue to conduct 606 interviews with IT/security/app dev and DevOps decision-makers in organizations with more than 500 employees in 11 countries in Europe, Asia, Latin America and the United States. The purpose was to understand what was causing DevSecOps success to stall and what practices could be uncovered from those with thriving DevSecOps programs.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleTop Clouds Use Strong-Arm Tactics ‘In a Race to Colonize Enterprises’
    Next Article Data Protection Bill | Will this privacy-lite version meet needs of a digital India?
    yourinfotech
    • Website

    Related Posts

    China leads the US in the global competition for key emerging technology, 

    March 2, 2023

    Digital Infrastructure to drive 49% of business revenue in India by 2027

    February 23, 2023

    It Infrastructure Market Size 2023 Research Report with Technological Factors and Forecast till 2025

    February 21, 2023

    Information Technology Specialists from Ukraine and Belarus Under Business Harbor Visas Can Apply for New Visa in Poland

    January 18, 2023

    Leave A Reply Cancel Reply

    Our Picks

    Subscribe to Updates

    Get the latest creative news from Your Infotech about Information Technology.

    About Us
    About Us

    We provide a wide range of customized, integrated B2B and B2C digital marketing services solutions that are ideal for your business.

    We're accepting new partnerships right now.

    Email Us: info@yourmartech.com
    Contact: +1-530-518-1420

    Our Brands
    • Your Martech
    • Your HR Tech
    • Your Fin Tech
    • Your Revenue
    • Your Bio Tech
    • Your POS Tech
    • Your Health Tech
    SUBSCRIBE NOW
    Loading
    LinkedIn
    • Privacy Policy
    © 2023 Vigarbiz Inc. Designed by Vigarbiz Media.

    Type above and press Enter to search. Press Esc to cancel.