DevOps teams find security both a challenge and a priority
For DevOps teams, security is now the most important consideration when it comes to investing in tech. While the cloud is still a priority, most DevOps teams feel that with the increase in cybersecurity incidents, having sufficient security protection should be a prerogative.
According to GitLab’s 2022 Global DevSecOps Survey, more than half of security team members surveyed stated their organizations have either shifted security left or plan to this year. The report also showed that toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.
Despite this though, only 10% of respondents reported receiving an additional budget for security. At the same time, developer
As such, in order to align performance metrics with reality, developers must be incentivized to practice security protocols and be provided with full visibility into the toolchain and potential risks.
When security collaboration is achieved, only then organisations can produce great results.
Development, security, and operations teams also broadly noted better security as a key advantage of a DevOps platform. Survey data demonstrated that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform or other tools. Additionally, investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business, and government leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab.
Hunt added that streamlined toolchains and standardized, transparent processes help organizations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.
The survey consisted of 5,001 respondents, including developers, operations and security practitioners, and organizational leaders. It found that, following two years of explosive technological adoption, nearly three-quarters of respondents have adopted–or plan to adopt within the year– a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.
Toolchain tax continues to challenge DevOps teams
Another problem that is impacting speed and productivity is toolchain sprawl which ends up taking valuable time away from developers. Nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021.
Such time usage only demonstrates the weaknesses in the system. This is why 69% of those surveyed stated that they would like to consolidate their toolchains. Primary concerns surrounding toolchain management include challenges around consistently monitoring a myriad of tools, difficulty context switching, as well as slowed development velocity, increased costs, and retention.
For David DeSanto, VP of Product at GitLab, the last year marked a significant turning point in the adoption of DevOps tools, platforms, and processes with the fruits of those efforts seen in 2022.
“Despite hurdles presented by the ongoing pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organizations continue to consolidate their DevOps toolchains and processes,” commented DeSanto.
Interestingly, this trend is mainly restricted to the private sector, as the survey found that the speed of software delivery within the public sector stalled from the previous year, with 59% of government respondents reporting the same rate of delivery or slower than 2021.
Bob Stevens, VP of Public Sector at GitLab felt that while it is encouraging to see government organizations adopting a DevSecOps platform, there’s still a ways to go for the public sector to catch up with its private sector counterpart in terms of software release speed and innovation.
“Government agencies must invest in tools that enable rapid software delivery to meet the needs of service members and citizens or risk stagnation and even attacks,” mentioned Stevens.
Overall, the data shows that releases are faster than ever and developers point to investment in a DevOps platform as the reason why.