Businesses make automated security a part of DevOps

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

There was a nearly 50 per cent increase in breaches, compared to SonaType’s 2014 survey.

Two thirds of respondents (67 per cent) have described their DevOps practices as "very mature" or "of improving maturity." In almost half of the cases (47 percent), traditional development and operations teams see security teams and policies slowing them down. In such cases, DevOps teams have found new ways of integrating security at the speed of development.

Just above a quarter (28 percent) of mature DevOps teams believe security requirements are slowing them down.

"As evidenced by this year’s survey results, organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes," says Wayne Jackson, CEO, Sonatype. "Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever."

The report also finds that development plays an active and early role in application security, and that for DevOps teams, security controls are increasingly automated throughout the development lifecycle.

And finally, automated security practices are said to allow developers to keep pace with the speed and scale of innovation.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Photo Credit: Alexander Supertramp/Shutterstock