Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Cybercriminals combine voice phishing and OTP grabbers to steal more data: Report

    September 25, 2023

    UK bolts US ‘data bridge’ deal onto EU-US Data Privacy Framework

    September 22, 2023

    Microsoft Employee Accidentally Exposes 38 Terabytes of Private Data: Report

    September 21, 2023
    Facebook Twitter Instagram
    Your Infotech
    • Data

      Cybercriminals combine voice phishing and OTP grabbers to steal more data: Report

      September 25, 2023

      UK bolts US ‘data bridge’ deal onto EU-US Data Privacy Framework

      September 22, 2023

      Microsoft Employee Accidentally Exposes 38 Terabytes of Private Data: Report

      September 21, 2023

      Sea of data or data you can see?

      September 15, 2023

      Chandrayaan missions providing unmatched data for global scientific community: Scientist Debiprosad Duari

      September 13, 2023
    • Cloud

      The risks of low-code and no-code development in cloud architecture

      September 20, 2023

      37 Signals says cloud repatriation plan has already saved it $1 million

      September 19, 2023

      Can multi-cloud lead to ‘multi’ loopholes in business enterprises?

      September 11, 2023

      Cloud first is dead—cloud smart is what’s happening now

      September 8, 2023

      How Do Health Tech and FinTech Benefit from Cloud Computing?

      September 5, 2023
    • Networking

      Enterprise DPU advances are spurred by AI, security, networking apps

      September 12, 2023

      Juniper Networks And Its Beyond Labs Vision

      September 1, 2023

      HPE Aruba Networking Product Vulnerabilities Allow File Overwrite

      August 18, 2023

      Extreme Networks is coming for Cisco, HPE market share

      August 9, 2023

      Flight to cloud drives IaaS networking adoption

      August 2, 2023
    • Virtualization

      Virtual Machines: An Introduction to the Different Types of Virtualization

      June 26, 2023

      Imagination and Telechips drive automotive display diversity with hardware virtualization

      March 16, 2023

      Device virtualization is key to IoT adoption

      March 3, 2023

      Discover how virtualization can transform your business with this online training

      February 7, 2023

      Server Virtualization Software Market Next Big Thing | Major Giants IBM, Oracle, Microsoft

      February 2, 2023
    • IT Infrastructure

      Unravelling the insecurity in our IT infrastructure

      July 26, 2023

      Networking for Practical
      Quantum Applications

      June 5, 2023

      TCS+ | The need for speed: Braintree’s Heath Huxtable on modern IT infrastructure

      March 13, 2023

      The race to net zero: Six ways to slash IT infrastructure emissions

      March 10, 2023

      Vertiv and TechAccess partner to boost African IT infrastructure solutions

      February 28, 2023
    Your Infotech
    Home»Information Technology»15 Years in, DevSecOps Lags, with Organizational ‘Culture’ to Blame
    Information Technology

    15 Years in, DevSecOps Lags, with Organizational ‘Culture’ to Blame

    yourinfotechBy yourinfotechNovember 20, 2022Updated:November 21, 2022No Comments6 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Some 15 years after becoming a thing, DevSecOps is lagging in the enterprise, primarily held back by organizational culture.

    That’s a main takeaway from a new survey-based research study from Progress, a company known for its developer tooling which became a major DevSecOps player with the 2020 acquisition of Chef.

    Titled “DevSecOps: Simplifying Complexity in a Changing World,” the report explains that while security is the No. 1 driver behind most DevOps and DevSecOps implementations, only 30 percent of respondents feel confident in the level of collaboration between security and development, the very idea behind DevSecOps. Specifically, DevSecOps is associated with development and security teams working together to bake in security functionality early in the software development process, described with the term “shift left.”

    Progress identified the following as three overarching findings emerging from the study:

    DevSecOps success has been stymied by complexity and constant change
    Effective DevSecOps requires collaboration and investment in culture
    Desire to succeed didn’t equal mastery of DevOps and DevSecOps practices
    Along with a lack of confidence in dev/sec team collaboration, the report finds that many organizations are lagging in achieving their DevOps and DevSecOps goals. Specifically, 73 percent of organizations said they could be doing more, 76 percent acknowledge they need to be more strategic about how they manage DevSecOps, and 17 percent still consider themselves at an exploratory and proof-of-concept stage.

    And what’s to blame for all of the above? Organizational culture. The report discusses “culture” as a mix of management priorities for how security was approached when it came to DevSecOps, along with collaboration/training and communication with and investment in people.

    Surprisingly, while culture was identified as a major barrier to DevSecOps implementations, respondents reported it’s receiving little corporate attention.

    Specifically, 71 percent of respondents agreed that culture was the biggest barrier to DevSecOps progress, but only 16 percent prioritized culture as an area they were looking to optimize in the next 12-18 months. While only about 30 percent felt of respondents were confident in the level of collaboration between security and development, 46 percent of respondents were not particularly confident and 24 percent were not at all confident.

    “This lack of recognition about the importance of culture flowed directly from executive levels of leadership. Board-level directives set priorities for how security was approached when it came to DevSecOps for 19 percent of respondents. Yet those were the very organizations rated with average or below average scores for security integration,” the report said.

    “Additionally, only 40 percent believed implementing security training and upskilling efforts across multiple stakeholders was very important when implementing DevSecOps. This reinforced the notion that many practitioners siloed DevSecOps work within narrow teams at the very time those succeeding with it took a holistic approach to improving communication and skills cross-functionally across the organization.”

    Regarding training, the report said more is needed to involve stakeholders, listing the top three people-related actions needed to support a shift to more strategic DevSecOps as:

    More investment in continuous learning for developers and engineers (61 percent)
    Upskilling of developers and engineers to move into SRE roles (60 percent)
    Improved communication between developers, security and operations (60 percent)
    The report also found that while security was clearly a concern for every team, priority areas of concern varied, with key focus areas for security (ranked first or second) depicted in this graphic:

    Key Focus Areas for Security
    [Click on image for larger view.]
    Key Focus Areas for Security (source: Progress).
    “The priority of digital marketing efforts was worth noting, as it showed the increasing importance and opinion of teams, such as marketing, in the DevSecOps workflow,” Progress said. “From a collaborative point of view, the desire to improve security could be a rallying cry for improved practices and cross-team coordination at organizations seeking to advance in DevSecOps.”

    Other data point highlights of the report include:

    The top business factor driving the adoption of DevSecOps was a focus on business agility via fast and frequent delivery of application capabilities (59 percent)
    The most common timeframe to derive quantifiable benefits from DevSecOps efforts was 6-12 months (45 percent), although 31 percent said it had taken longer than a year
    Despite security threats being the No. 1 technology factor driving the evolution of DevOps (57 percent), over half (51 percent) were only somewhat familiar with how security fit into DevSecOps
    39 percent of respondents had a comprehensive modernization approach based on cloud-native architecture principles, while another 22 percent felt they lacked one entirely
    24 percent considered their modernization approach to be largely rip-and-replace
    36 percent saw themselves as having a very good balance of investment across maintenance, modernization and new development efforts
    89 percent of new initiatives were cloud-native
    88 percent stated cloud-native and DevSecOps efforts were closely associated
    73 percent saw DevSecOps roles evolving to become CloudOps to align better with cloud-native efforts
    65 percent thought using artificial intelligence (AI) as part of their strategic DevSecOps approach (AIOps) held great promise in the future
    50 percent were familiar and interested in both infrastructure and policy-as-code
    59 percent said they struggled to attain buy-in/funding for re-factoring efforts that didn’t provide new user capabilities
    27 percent were not at all confident in the accuracy of their security and compliance data
    18 percent were not at all confident they were protected against the OWASP top 10
    47 percent were not particularly confident there was an effective integration of security/compliance feedback
    “Although DevSecOps is no longer the fresh-faced kid on the block, its potential to make a significant impact on the productivity and security posture of organizations has only expanded,” Progress said in conclusion. It said the challenge has been to successfully navigate success blockers, including:

    Overcoming obstacles to collaboration: There was still a lack of confidence in the ability for different teams, such as security and app development, to successfully communicate and collaborate with each other. Leadership prioritizing the importance of cross-functional communication can go a long way to address this.
    Incorporating new technologies and processes: Cloud-native development, AI and policy-as-a-code have begun to influence DevSecOps strategy. But organizations must be careful to balance modernizing technology, processes and culture, as focusing on just one area will not be enough.
    Conflicting areas of interest: Prioritization must start from leadership, yet many executive teams were not placing enough importance or investment into the key areas that will drive DevSecOps success. This included adopting a holistic approach to DevSecOps that engaged teams from across the organization.
    Building confidence in securing cloud-native adoption: While organizations are making strides into appropriately securing workloads based on containers/Kubernetes, there is still work to be done. In addition to fully implementing and leveraging the benefits of cloud-first technologies, it’s essential for organizations to think about cloud security.
    For the report, Progress commissioned U.K. firm Insight Avenue to conduct 606 interviews with IT/security/app dev and DevOps decision-makers in organizations with more than 500 employees in 11 countries in Europe, Asia, Latin America and the United States. The purpose was to understand what was causing DevSecOps success to stall and what practices could be uncovered from those with thriving DevSecOps programs.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleTop Clouds Use Strong-Arm Tactics ‘In a Race to Colonize Enterprises’
    Next Article Data Protection Bill | Will this privacy-lite version meet needs of a digital India?
    yourinfotech
    • Website

    Related Posts

    Information Technology (IT) Market | New Insight Report Hit Highest Growth Rate by 2030

    September 14, 2023

    O2 Telefonica Germany, Ericsson Implement Europe’s First Cloud RAN for 5G

    July 21, 2023

    IT mid-caps maintain consistent growth in the face of uncertain macroeconomic conditions

    May 9, 2023

    The need for real, viable data in AI

    April 18, 2023

    Leave A Reply Cancel Reply

    Our Picks

    Subscribe to Updates

    Get the latest creative news from Your Infotech about Information Technology.

    About Us
    About Us

    We provide a wide range of customized, integrated B2B and B2C digital marketing services solutions that are ideal for your business.

    We're accepting new partnerships right now.

    Email Us: info@yourmartech.com
    Contact: +1-530-518-1420

    Our Brands
    • Your Martech
    • Your HR Tech
    • Your Fin Tech
    • Your Revenue
    • Your Bio Tech
    • Your POS Tech
    • Your Health Tech
    SUBSCRIBE NOW
    Loading
    LinkedIn
    • Privacy Policy
    © 2023 Vigarbiz Inc. Designed by Vigarbiz Media.

    Type above and press Enter to search. Press Esc to cancel.