The rapid adoption of DevOps in 2021 drove rapid software delivery, better code quality, and improved developer productivity. Key challenges and opportunities for the upcoming year include tool consolidation, an increased focus on security and compliance, and a continued effort to align development and security teams.
GitLab’s 2022 Global DevSecOps Survey highlights the continued prioritisation of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption.
Among the 5000 respondents to the survey, nearly three-quarters of respondents have adopted–or plan to adopt within the year – a DevOps platform to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business and government leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab.
“Streamlined toolchains and standardised, transparent processes help organisations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.”Jonathan Hunt
The 2022 survey results highlight security as the highest-priority investment area for organisations, with more than half of security team members stating their organisations have either shifted security left or plan to this year.
Toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.
Waking up to reality
That’s the good news. Now read about the long journey ahead.
Despite the acknowledgement of the importance of security and shift security left strategy being taken, many companies are still nascent in their approach and results. Only 10% of respondents reported receiving an additional budget for security.
Despite security being a performance metric for developers within their organisations, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities.
Carrot AND stick
To align performance metrics with reality, developers must be incentivised to practice security protocols and be provided with full visibility into the toolchain and potential risks.
When security collaboration is achieved, organisations produce great results. Development, security, and operations teams broadly noted better security as a key advantage to a DevOps platform.
Survey data demonstrated that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform or other tools.
Additionally, investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.