A Progress survey has found that 60 per cent of Australian IT and security experts don’t fully understand how security fits into DevSecOps and that upskilling is lacking.
The Progress study discovered glaring gaps in terms of how DevSecOps is being perceived and implemented, the DevOps/DevSecOps collaboration culture, plus the need for more training and upskilling for devs, software engineers and security experts.
According to Progress, the benefits of integrating security into DevOps are plentiful and include reduced risk, lower costs, faster delivery and more-effective compliance. But, also that it’s not simple to implement.
More than 600 IT, security, application development and DevOps decision makers (across mid-sized to large organisations (with over 500 employees) were surveyed.
Key insights for Australia:
- Many Australian companies are behind in achieving their DevOps and DevSecOps goals. 88 per cent acknowledge they need to be more strategic about how they manage DevSecOps and 14 per cent still consider themselves at an exploratory and proof-of-concept stage.
- Security is the number one driver behind most DevOps and DevSecOps implementations. Yet only 32 per cent feel confident in the level of collaboration between security and development (68 per cent are either not particularly confident or not confident at all).
- 84 per cent experience challenges in their current approaches to security and 60 per cent admit that they don’t fully understand how security fits into DevSecOps. In addition, 62 per cent said they were not particularly confident or not confident at all in the accuracy of their security and compliance data.
- But, 48 per cent were familiar and interested in Infrastructure and Policy-As-Code.
- 58 per cent of respondents agreed that culture is the biggest barrier to DevSecOps progress, yet only 24 per cent are prioritising culture as an area to optimise in the next 12-18 months.
- In addition, at a people level, respondents said that they felt the following should happen to support a shift to a more strategic DevOps approach vs. tactical approach involving only Dev/IT Ops:
- Upskilling of developers and engineers to move into SRE roles (72%)
- Creation and hiring of new roles such as certified SRE (Site Reliability Engineer) (60%)
- More investment in continuous learning for developers and engineers (48%)
- Upskilling of developers and engineers to move into SRE roles (72%)
John Yang, Progress’ VP for APJ, said, “Our research shows that DevSecOps success has been stymied by complexity and constant change. Large enterprises in Australia are under pressure to deliver CIS compliance but at the same time, the complex environments and limited manpower with which they operate stifle that. That’s why businesses choose Progress to help them make DevSecOps an automated reality.
“It’s no surprise that that the key technology factor driving the adoption of DevSecOps is managing cyber security threats and issues better. With the increasing complexity coming from numerous new end points and government regulations, organisations need to prioritse security early in the development process. They need a holistic, more strategic approach, resting on better collaboration between security and development.”
The full report and findings can be found here.