Roadblocks hindering DevSecOps success in Australia
Many Australian companies are behind in achieving their DevOps and DevSecOps goals, according to a new report.
Progress has announced the results of its 2022 survey, DevSecOps: Simplifying Complexity in a Changing World. More than 600 IT, security, application development and DevOps decision makers, working for 500+-employee organisations globally, including in Australia, shared insights into the level of DevSecOps maturity and challenges faced across their organisations.
Conducted by Insight Avenue, the DevSecOps survey aimed to uncover the true state of DevOps and DevSecOps adoption from business priorities to technology adoption, lack of cultural alignment and investment and the common pitfalls and successes shared by businesses worldwide.
The report found many Australian companies are behind in achieving their DevOps and DevSecOps goals, with 88% acknowledging they need to be more strategic about how they manage DevSecOps and 14% still considering themselves at an exploratory and proof-of-concept stage.
Security is the number one driver behind most DevOps and DevSecOps implementations, the report says. Yet only 32% feel confident in the level of collaboration between security and development - 68% are either not particularly confident or not confident at all.
Some 84% experience challenges in their current approaches to security and 60% admit that they don't fully understand how security fits into DevSecOps. In addition, 62% said they were not particularly confident or not confident at all in the accuracy of their security and compliance data.
Encouragingly, 48% were familiar and interested in Infrastructure and Policy-As-Code, while 58% of respondents agreed that culture is the biggest barrier to DevSecOps progress, yet only 24% are prioritising culture as an area to optimise in the next 12-18 months.
In addition, at a people level, respondents said that they felt the following should happen to support a shift to a more strategic DevOps approach compared to a tactical approach involving only Dev/IT Ops:
- Upskilling of developers and engineers to move into SRE roles (72%)
- Creation and hiring of new roles such as certified SRE (Site Reliability Engineer) (60%)
- More investment in continuous learning for developers and engineers (48%)
The organisations succeeding in the implementation of DevOps and DevSecOps policies and practices recognise the importance of security training and upskilling. This helps them reach a higher level of continued long-term collaboration between security and development teams.
According to the respondents, the top business factors driving the adoption and evolution of DevOps inside their organisations include a focus on agility, reducing the business risk of quality, security, and downtime or performance issues, and the need to implement DevOps to support a cloud-mandate or their move to the cloud. Other survey areas highlighted include infrastructure modernisation efforts, policy as code, cloud-native adoption, time to ROI, investment and education opportunities and more.
"The benefits of integrating security into DevOps are plentiful from reduced risk and lower costs to faster delivery and more effective compliance. Unfortunately, its not as easy as snapping your fingers," says Sundar Subramanian, EVP & GM DevOps, Progress.
"Our research confirms what we see and hear from customers every day that each has their own unique culture and trajectory, with their own inflection points and challenges, which present more than one roadblock to DevSecOps adoption.
"That's why businesses around the globe are turning to Progress. We make DevSecOps an automated reality."
Subramanian says the race to digital has only accelerated across every aspect of business over the last few years, and organisations that have embraced this acceleration are thriving today.
"They rely on Progress to serve the entire DevSecOps lifecycle, from design to development to operational assurance including secure hybrid-cloud infrastructure management, full-stack observability and high availability," he says.
"Progress is a leader in DevOps and DevSecOps, offering the essential products to automate and secure deployments to multi-cloud, hybrid cloud and on-premise environments."