Security Compass published the results of a new report, "The 2021 State of DevSecOps".
The study was designed to gather insights into different approaches and
views on DevSecOps with a focus on large enterprises (US$1B+ in annual
revenue) where security threats are gravest. Areas of focus for the
study included overall understanding and experience in DevSecOps, its
adoption maturity, challenges, time and budget invested, program
comprehensiveness, and more.
The
single most important driver of DevSecOps programs found in the study
was improving the security, quality, and resilience of software.
Bringing technology to market faster was the second most important
driver, while cost reduction was the least important. The report also
reveals how perceptions toward security and compliance evolve as
organizations reach maturity in their DevSecOps programs. Viewpoints
from CEOs to frontline practitioners, including all levels in between,
are compared and contrasted throughout the report.
Key Findings Include:
- Insufficient automation in software development is the number one cause of delays in product releases
- 75%
of respondents reported that manual security and compliance processes
slow down code release, ultimately delaying time to market and affecting
competitiveness. DevSecOps personnel also pointed to technical
challenges, organizational silos, and insufficient automation as the
chief reasons why security and compliance processes slow down time to
market.
- 96% of respondents agreed that they would benefit from the automation of security and compliance processes.
- Technical challenges are the main roadblock to initial DevSecOps adoption
- 60%
of those tasked with getting product built found technical challenges
to be the main hurdle to DevSecOps adoption. Cost, insufficient time,
and lack of education are additional challenges noted.
- The
majority of respondents (73%) reported their organizations follow "by
design" (i.e., proactive) principles for cyber/information security and
regulatory compliance.
- Executives,
especially risk executives, within large enterprises that adopt
DevSecOps across the majority of their applications express confidence
in their ability to meet regulatory compliance and risk management
needs.
"When
we set out to conduct this study, we were eager to better understand
the state of DevSecOps adoption; and the results paint a clear picture
that manual security processes are a roadblock to timely product
releases and impact a company's competitiveness," said Rohit Sethi, CEO,
Security Compass. "We are hopeful that this study will raise awareness
of the ways automation can solve significant challenges in secure
application development and look forward to publishing more studies
throughout 2021 to support companies in their DevSecOps journey."
For more information, and to view the full 2021 State of DevSecOps report, click here.