The 2021 State of DevSecOps: Challenges and Drivers

February 8, 2021 Security Compass

Over the last decade, there have been many attempts to adopt DevSecOps across organizations. Unfortunately, because of the differences in priorities, DevOps and security teams have worked in silos. While one group is more focused on releasing applications to market faster, the latter is isolated in their pursuit to ensure security.

There are definite benefits of collaboration between both these groups, but that’s only possible when we understand the challenges they face in working with each other.

So what is bothering DevOps and security teams? And how has the adoption of DevSecOps evolved in the last year considering the changes fuelled by remote work? Let’s find out.

Rising adoption of DevSecOps

In a survey commissioned by Security Compass with participants from the U.S. and U.K. across different roles in technology and risk, we found a rising trend toward the adoption of DevSecOps over the last year.

When asked about the biggest driver of DevSecOps adoption, we found a high degree of unanimity among respondents for improving security, quality, and resilience as their top priority. Bringing technology to market faster was the second most important driver, reducing organizational silos third, with cost reduction the least important.

The report also reveals how perceptions toward security and compliance evolve as organizations reach maturity in their DevSecOps programs.

For companies still in the planning stages of DevSecOps, time to market and cost reduction are the top two drivers of adoption but as the approach takes hold across application builds, security, quality, and resilience becomes the stand-out reason why it flourishes. 

Though adoption has been rising recently, it does come with its fair share of challenges across organizations.

Challenges in DevSecOps adoption

Implementing DevSecOps is challenging, with cost, internal resistance, and access to tools being commonly known difficulties organizations face. Large organizations, from financial institutions to federal government agencies, struggle with these challenges. 

Above all else, though, our research points to technical challenges as their biggest challenge.

With the help of this study, we were able to establish the challenges that leading organizations encounter across varied industries including technology, banking, insurance, pharma, healthcare, manufacturing, and energy/utility. Respondents across different roles, from executives to practitioners, participated in the study to talk about DevSecOps implementation in their organization.

Transition to the cloud

Driven by the benefits offered by cloud services, organizations are also increasingly moving their applications to the cloud. In our survey, almost 96 percent of respondents said that they plan to migrate their applications to an IaaS cloud service provider.

Apart from these major trends, the survey also found that manual security and compliance processes slow down product launches. Insufficient automation, technical challenges, and organizational silos were the main reasons behind the slowdown. As a result, cybersecurity automation is top of mind for executives and practitioners alike.

If you would like to learn more about the findings of the State of DevSecOps 2021 study, please view the full report.

About the survey: The purpose of the report is to provide an overview of the state of DevSecOps and highlight the challenges that enterprises are facing as they roll out these initiatives at their organizations. Security Compass commissioned Golfdale Consulting to conduct two independent online panel surveys in the Fall of 2020. The first survey focused on DevSecOps with 250 respondents from the U.S. and U.K., representing large enterprises (US$1B+ in annual revenue) that develop software in the technology, banking, insurance, pharma, healthcare, manufacturing and energy/utilities sectors. The study surveyed executives and practitioners in risk/compliance as well technology roles. The second survey exclusively interviewed professionals within the C-Suite on their views on time to market of their software products.

 
Previous Article
How to Build Custom Red Team Testing Tools in C++
How to Build Custom Red Team Testing Tools in C++

A conversation with Steven Patterson about his eBook, which teaches red team testing professionals how to s...

Next Article
Survey: The 2021 State of DevSecOps
Survey: The 2021 State of DevSecOps

Last year was challenging, but it also presented a great opportunity for organizations to address cybersecu...

Get the 2021 State of DevSecOps survey results.

Download Report