Security Professionals Believe Their Corporate Culture Supports Fusion of Security and DevOps
June 21, 2018

Dror Davidoff
Aqua Security

DevSecOps is quickly gaining support and traction, within and beyond information security teams. In fact, 70% of respondents believe their culture can embrace the change needed to fuse Security and DevOps, according to a new survey of 80 security professionals by Aqua Security.

“DevSecOps provides the opportunity to re-work application security processes to align with the rise of cloud-native application development and a much more security-minded business culture,” said Alan Shimel, CEO of Media Ops, DevOps focused events and online publisher. “Given how new and transformative the discipline of DevSecOps is, I was pleased to learn that survey participants are confident they have the funds, talent and culture in place needed to successfully implement it.”

DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right

The main difference between cybersecurity ten years ago and today is that now, it’s becoming everyone’s job to help minimize threats, not just members of the information security team. DevSecOps in particular is an emerging discipline that, despite the cybersecurity skills shortage and its inherent complexity, is poised to thrive because it relies on shift-left security automation to enable much of the execution as part of the build process.

It's still early days, but right now, DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right.

Key findings from the survey include:

■ 57% believe they have the human and financial resources in place to implement DevSecOps

■ 62% reported they currently had either a formal or informal DevSecOps team in-house

■ 47% reported they are fairly or very mature in their implementation of DevSecOps for application security; another 39% ranked themselves as maturing

When asked to rank the three most important elements of DevSecOps, respondents ranked:

■ Applying security across the app lifecycle (61%)

■ Automating application security controls (52%)

■ Involving DevOps in security processes (43%)

Additionally, respondents were asked about budget trends, with 76% of the sample reporting their application security budget has increased over the past five years, 25% reporting it went up between 10-30%, and 14% sharing that it went up by more than 40%.

While this survey differs from our 2017 Container Security in the Enterprise Survey, when viewed chronologically, the data sets suggest that there is a rapid progression of DevSecOps. Last year, only 13% of a similar pool of respondents reported they had a DevSecOps team in place; less than a year later, that number has skyrocketed to 62%.

Dror Davidoff is Co-Founder and CEO of Aqua Security
Share this

Industry News

June 20, 2024

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

June 20, 2024

SUSE® announced new capabilities across its Linux, cloud native, and edge portfolio of enterprise infrastructure solutions to help unlock the infinite potential of open source in enterprises.

June 20, 2024

Redgate Software announced the acquisition of DB-Engines, an independent source of objective data in the database management systems market.

June 18, 2024

Parasoft has achieved "Awardable" status through the Chief Digital and Artificial Intelligence Office's (CDAO) Tradewinds Solutions Marketplace.

June 18, 2024

SmartBear launched two innovations that fundamentally change how both API and functional tests are performed, integrating SmartBear HaloAI, trusted AI-driven technology, and marking a significant step forward in the company's AI strategy.

June 18, 2024

Datadog announced the general availability of Datadog App Builder, a low-code development tool that helps teams rapidly create self-service applications and integrate them securely into their monitoring stacks.

June 17, 2024

Netlify announced a new Adobe Experience Manager integration to ease the transition from legacy web architecture to composable architecture.

June 17, 2024

Gearset announced a suite of new features to expand the capabilities of its comprehensive Salesforce DevOps platform.

June 17, 2024

Cequence announced a new partnership with Singularity Tech, an Australia-based professional services company with expertise in APIs and DevOps.

June 13, 2024

Elastic announced a partner integration package with LangChain that will simplify the import of vector database and retrieval capabilities of Elasticsearch into LangChain applications.

June 13, 2024

Fastly announced the launch of Fastly AI Accelerator, the company’s first AI solution designed to create a better experience for developers by helping improve performance and reduce costs across the use of similar prompts for large language models (LLM) apps.

June 13, 2024

Shreds.AI, ant AI capable of generating complex, business-grade software from simple descriptions in record time, announced its formal beta launch.

June 12, 2024

GitLab announced the public beta of expanded integrations with Google Cloud that will help developers work more effectively, quickly, and productively.

June 12, 2024

Pulumi announced Pulumi Copilot, AI for general cloud infrastructure management.

June 12, 2024

Harness completed the acquisition of Split Software, a feature management and experimentation provider, effective June 11, 2024.