DevSecOps delivers significant results but take up remains low
Only 22 percent of organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle processes, according to a new report.
But the study from Mezmo shows an overwhelming percentage of those that do have a strategy report a positive impact on accelerating incident detection (95 percent) and response (96 percent) efforts.
Based on a survey of 200 DevOps and IT/information security professionals conducted by analyst firm ESG, the report shows that more than half of respondent organizations using DevSecOps tools and processes experienced a significant reduction in incidents that occur in production.
Although adoption is currently low 62 percent of respondents say their organization is actively evaluating use cases or has plans to implement DevSecOps. Companies believe that establishing a culture of collaboration and encouraging developers to leverage security best practices are nearly equal in importance to adopting DevSecOps tools.
"As organizations adopt modern software development processes leveraging cloud platforms, they are looking to incorporate security processes and controls into developer workflows," says Melinda Marks, senior analyst at ESG. "This research shows DevSecOps can be a game changer for companies, and there is no doubt we will see growing market traction over the next few years."
Getting the right data and tools to developers is key for enabling success according to 84 percent of respondents. But, as organizations increase the speed and volume of releases to serve more customers, they are collecting huge volumes of data. Organizations surveyed capture several (54 percent) or even hundreds (32 percent) of terabytes per month, with six percent capturing a petabyte or more per month.
The study shows that 91 percent of organizations are using multiple tools to get the most value out of their data, which makes it difficult for multiple groups to have access to the data they need to do their jobs.
"To move fast and build secure applications, companies need solutions that help them to fully harness the value of their data to drive better results," says Tucker Callaway, CEO of Mezmo. "To achieve this, teams are looking for observability solutions that are flexible and scalable, with automation features to help improve data collection and analysis."
You can read more on the Mezmo blog.