Device & IoTPress ReleaseThreat Detection & Defense

GitLab Inc.’s Sixth Annual Global DevSecOps Survey Indicates Security Is the Key Factor in Selecting a DevOps Platform

GitLab Inc., provider of The One DevOps Platform for software innovation, released the results of its annual DevSecOps survey. GitLab’s 2022 Global DevSecOps Survey highlights the continued prioritisation of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption.
 
The survey consisted of 5,001 respondents, including developers, operations and security practitioners and organisational leaders. It found that, following two years of explosive technological adoption, nearly three-quarters of respondents have adopted–or plan to adopt within the year– a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.
 
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business and government leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab. “Streamlined toolchains and standardised, transparent processes help organisations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.”
 
The 2022 survey results highlight security as the highest-priority investment area for organisations, with more than half of security team members stating their organisations have either shifted security left or plan to this year. Toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.
 
Security is both top challenge and top area of investment for DevOps teams
Security has surpassed even cloud computing as the number one investment area across DevOps teams at global organisations. However, despite an appetite to shift security left, many companies are still nascent in their approach and results – only 10% of respondents reported receiving additional budget for security.
 
Data continues to support the ongoing trend of misalignment between security and development teams. Over half of survey respondents stated that security is a performance metric for developers within their organisations, however, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities. In order to align performance metrics with reality, developers must be incentivised to practice security protocols and be provided with full visibility into the toolchain and potential risks.
 
When security collaboration is achieved, organisations produce great results. Development, security, and operations teams broadly noted better security as a key advantage to a DevOps platform. Survey data demonstrated that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform or other tools. Additionally, investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.
 
Plans to consolidate tech stacks skyrocket as toolchain tax continues to challenge developers
Although 60% of developers surveyed are releasing code faster than before, toolchain sprawl is impacting speed and productivity, taking valuable time away from developers. Nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021.
 
Accordingly, 69% of those surveyed stated that they would like to consolidate their toolchains. Primary concerns surrounding toolchain management include challenges around consistently monitoring a myriad of tools, and difficulty context switching, as well as slowed development velocity, increased costs, and retention.
 
“The last year marked a significant turning point in the adoption of DevOps tools, platforms, and processes. In 2022, we’re seeing the fruits of those efforts,” said David DeSanto, VP of Product at GitLab. “Despite hurdles presented by the ongoing pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organisations continue to consolidate their DevOps toolchains and processes.”
 
However, the trend toward speedy software releases is mainly restricted to the private sector, as the survey found that the speed of software delivery within the public sector stalled from the previous year, with 59% of government respondents reporting the same rate of delivery or slower than 2021.
 
“It’s encouraging to see government organisations adopting a DevSecOps platform, but there’s still a ways to go for the public sector to catch up with its private sector counterpart in terms of software release speed and innovation,” said Bob Stevens, VP of Public Sector at GitLab. “Government agencies must invest in tools that enable rapid software delivery to meet the needs of service members and citizens or risk stagnation and even attacks.”
 
Overall, the data shows that releases are faster than ever and developers point to investment in a DevOps platform as the reason why.
 
The rapid adoption of DevOps in 2021 drove rapid software delivery, better code quality, and improved developer productivity. Key challenges and opportunities for the upcoming year include tool consolidation, an increased focus on security and compliance, and a continued effort to align development and security teams. To access the 2022 DevSecOps Survey, click here.
 
Methodology
GitLab surveyed 5,001 software professionals worldwide in May 2022. The margin of error for the total sample (n=5001) is 1.4%.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *