Security Professionals Believe Their Corporate Culture Supports Fusion of Security and DevOps
June 21, 2018

Dror Davidoff
Aqua Security

DevSecOps is quickly gaining support and traction, within and beyond information security teams. In fact, 70% of respondents believe their culture can embrace the change needed to fuse Security and DevOps, according to a new survey of 80 security professionals by Aqua Security.

“DevSecOps provides the opportunity to re-work application security processes to align with the rise of cloud-native application development and a much more security-minded business culture,” said Alan Shimel, CEO of Media Ops, DevOps focused events and online publisher. “Given how new and transformative the discipline of DevSecOps is, I was pleased to learn that survey participants are confident they have the funds, talent and culture in place needed to successfully implement it.”

DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right

The main difference between cybersecurity ten years ago and today is that now, it’s becoming everyone’s job to help minimize threats, not just members of the information security team. DevSecOps in particular is an emerging discipline that, despite the cybersecurity skills shortage and its inherent complexity, is poised to thrive because it relies on shift-left security automation to enable much of the execution as part of the build process.

It's still early days, but right now, DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right.

Key findings from the survey include:

■ 57% believe they have the human and financial resources in place to implement DevSecOps

■ 62% reported they currently had either a formal or informal DevSecOps team in-house

■ 47% reported they are fairly or very mature in their implementation of DevSecOps for application security; another 39% ranked themselves as maturing

When asked to rank the three most important elements of DevSecOps, respondents ranked:

■ Applying security across the app lifecycle (61%)

■ Automating application security controls (52%)

■ Involving DevOps in security processes (43%)

Additionally, respondents were asked about budget trends, with 76% of the sample reporting their application security budget has increased over the past five years, 25% reporting it went up between 10-30%, and 14% sharing that it went up by more than 40%.

While this survey differs from our 2017 Container Security in the Enterprise Survey, when viewed chronologically, the data sets suggest that there is a rapid progression of DevSecOps. Last year, only 13% of a similar pool of respondents reported they had a DevSecOps team in place; less than a year later, that number has skyrocketed to 62%.

Dror Davidoff is Co-Founder and CEO of Aqua Security

The Latest

September 18, 2018

To celebrate IT Professionals Day 2018 (this year on September 18), the SolarWinds IT Pro Day 2018: A World Powered by Tech Pros survey explores a "Tech PROactive" world where technology professionals have the time, resources, and ability to use their technology prowess to do absolutely anything ...

September 17, 2018

The role of DevOps in capitalizing on the benefits of hybrid cloud has become increasingly important, with developers and IT operations now working together closer than ever to continuously plan, develop, deliver, integrate, test, and deploy new applications and services in the hybrid cloud ...

September 13, 2018

"Our research provides compelling evidence that smart investments in technology, process, and culture drive profit, quality, and customer outcomes that are important for organizations to stay competitive and relevant -- both today and as we look to the future," said Dr. Nicole Forsgren, co-founder and CEO of DevOps Research and Assessment (DORA), referring to the organization's latest report Accelerate: State of DevOps 2018: Strategies for a New Economy ...

September 12, 2018

This next blog examines the security component of step four of the Twelve-Factor methodology — backing services. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...

September 10, 2018

When thinking about security automation, a common concern from security teams is that they don't have the coding capabilities needed to create, implement, and maintain it. So, what are teams to do when internal resources are tight and there isn't budget to hire an outside consultant or "unicorn?" ...

Share this