• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCIO: How DevOps practitioners see DevSecOps

Allan Tan by Allan Tan
September 15, 2022
PodChats for FutureCIO: How DevOps practitioners see DevSecOps

PodChats for FutureCIO: How DevOps practitioners see DevSecOps

Gina Smith

Gina Smith, a research manager for DevOps in Asia/Pacific with IDC explains that with the COVID-19 pandemic going into its third year, Asia/Pacific organizations are looking to DevOps processes and practices now more than ever.

"The need to deliver evocative and secure applications and services is unrelenting. Mature DevOps efforts will combine IT, development, and business resources to help organizations stay competitive and resilient moving forward," she adds.

Gartner predicts that through 2022, 75% of DevOps initiatives will fail to meet expectations due to organisational learning and change issues.

For Dirk de Vos, channels director for Asia Pacific at GitLab, DevOps comes down to three things:

Dirk de Vos

“Most importantly, it’s a philosophy - for how organisations approach developing applications and introducing fast iterations and agility. It’s a change in how they bring together their developers, operations teams, platforms teams, and now security teams.”

Dirk de Vos

“This is supported by an agile methodology where you can iterate and take your software to production fast. And it also involves looking at the tools you use within a DevOps organisation,” he continued.

DevOps in Asia in 2022

The best way to look at which countries have embraced DevOps, noted de Vos, is to follow the bouncing ball of the hyperscalers.

“Looking at adoption in APAC, you get a sense of how quickly companies are embracing a modern application approach. In some markets, there is huge adoption, and companies have changed their people and processes to adopt a DevOps methodology – a hard but necessary task if you want to be agile.

Others are slower to adopt a cloud-native approach, and despite being an appetite amongst businesses for new technology and software, some legacy systems remain.

DevOps by region

Huge adoption in Australia, New Zealand, and Singapore in both public and private businesses. These organisations have changed their people and processes to adopt a DevOps methodology – a hard but necessary task if you want to be agile.

Japan and South Korea have strong demand for consumer technology and deliver huge amounts of technology globally. While there remain some legacy systems, with some businesses yet to fully adopt a cloud-native approach, the organisations in these countries in both the public and private spaces are very open to adopting new software and technology.

Companies in Southeast Asia and India are adopting DevOps quickly. India has a lot of cloud-native companies coming through the ranks. And in Southeast Asia, there are lots of large organisations that have pivoted fast to adopt DevOps.

Developers struggling to incorporate security

Asked whether software developers in Asia are struggling to incorporate security aspects/processes into the development cycles, irrespective of whether this is waterfall or agile, long-form or low-code/no-code, de Vos comments that the struggle is not unique to Asia.

Citing data from GitlLab’s annual Global DevSecOps Survey, de Vos commented that budgets, misalignment between teams, and a lack of collaboration and transparency as notable discoveries of the study.

Budget. Only 10% of respondents felt they were getting an adequate budget to invest in security. That shows the disconnect between management and business, and what’s happening on the ground with developers and the SecOps teams.

Ongoing misalignment between security and DevOps teams. What I’m seeing in the market is an overlay of responsibility between the developers and security teams. To align performance metrics with reality, developers must be incentivised to practice security protocols from the outset, which will give them full visibility into the toolchain and all the potential risks associated with that.

Collaboration and transparency. You need your teams to be collaborating on all application projects. And there is still a lot that needs on an organisational level here.

What is DevSecOps?

“We discussed that DevOps is the combination of bringing developers and operations and platform teams together. Now there is the third silo – security,” said de Vos.

“DevSecOps is fast becoming one of the most important criteria for organisations to ensure they are adopting a proper security posture when they are bringing applications to market, by introducing security earlier in the development cycle,” he added.

Maturity of DevSecOps practice in Asia

Johnathan Hunt

Johnathan Hunt, VP of InfoSec and Cyber Security at GitLab says DevSecOps is a proven strategy within the DevOps Platform that reduces risk and security incidents while allowing faster and more secure code deployments — and organisations know this to be true.

He predicts that in 2022, DevSecOps will be the preferred strategy across all industries to combat today's evolving threat landscape.

“Although we see an increase in the implementation of certain security protocols, overall, the industry has been slow to respond. Much of this is due to the understanding, complexity, and difficulty in implementation of full DevSecOps within the tech stack."

Johnathan Hunt

For his part, de Vos says in APAC, there are already pockets of ingenuity in APAC, mainly driven by companies that are new, cloud-first, and without legacy.

They build their organisation from scratch with DevSecOps in mind. Interestingly, a lot of change is also coming from within government, with some organisations having an aggressive posture to tech consumption and development,” he continued.

He concedes the need for more education in the market. Companies are getting their head around DevOps, and security adds new complexity.

Companies live and die by their ability to create and deliver software. To be competitive – companies need to be 10 x faster. They need to adopt a DevSecOps philosophy and drive new technology with great speed while making it secure.

For DevOps teams, do you see the use of testing tools as able to minimise risks associated with poor coding practice, etc?

Photo by RealToughCandy.com from Pexels: https://www.pexels.com/photo/people-woman-technology-time-11035393/

De Vos says DevOps adoption as a practice should be driving better code quality, productivity and operational efficiency across the business. “Having the right process to support quick sprints in iteration leads to code that is cleaner, more efficient and less error-prone. Ultimately, the output for testing should gain better and quicker results,” he explained.

He concluded that the priority for testing is to automate.

“DevOps teams want automation because this drives speed to market. They are looking at ways to incorporate AI and ML into those testing processes. Streamlining the approach will foster collaboration with the operations and security teams and accelerate with fewer errors when you hit the testing phase,” he added.

AI will not displace DevOps teams

Despite the continuing advances in artificial intelligence and machine learning, de Vos does not believe that AI will replace DevOps teams inside an organisation.

“AI and ML will reduce some of the overheads in the testing, like monitoring and root cause analysis. They can help with that day-to-day grind for DevOps teams by increasing efficiencies, allowing them to focus on the bigger picture,” he pointed out.

What is the way forward for CIOs and DevOps teams in the practice of DevSecOps?

For de Vos, CIOs need to have a holistic view of the organisation, and security is as important as speed to innovation. Departments must become less complex and less siloed, and toolchains need to be simplified.

“A single pane of glass for developers, ops and security teams should improve efficiency, and provide visibility to ensure security is incorporated into every stage of the application cycle,” he concluded.

Click on the PodChat player to listen to de Vos describe the challenges and opportunities CIOs, DevOps and SecOps can achieve to improve the security of applications.
  1. Briefly define DevOps and describe the DevOps landscape in Asia today.
  2. Compared to DevOps as practised in the US, how would you rate Asian developers?
  3. Is it fair to say that developers (in Asia) – whether in-house or those working for a software house – are struggling to incorporate security aspects/processes into the development cycles, irrespective of whether this is waterfall or agile, long-form or low-code/no-code? What are the top three reasons why this is so?
  4. Define DevSecOps and how mature is DevSecOps as a practice in Asia-Pacific. What needs to happen to accelerate this (training, certification, practice, etc)?
  5. For DevOps teams, do you see the use of testing tools as able to minimise risks associated with poor coding practice, etc?
  6. Do you see AI as supporting DevOps teams? To what extent should DevOps teams trust AI tools with application development, including testing, failure forecasting, resource management, and root cause analysis?
  7. What is the way forward for CIOs and DevOps teams in the practice of DevSecOps?
Related:  Asia/Pacific ICT spending to hit $1.4 trillion in 2025
Tags: automationDevOpsDevSecOpsGitLabIDCPodchats
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe