Quality and security suffer in the push for digital transformation
A new survey of 1,300 CIOs and senior DevOps managers in large organizations finds it's getting harder for IT teams to maintain software reliability and security amid the rapid acceleration of digital transformation and rising complexity of cloud-native environments.
The study from Dynatrace finds 90 percent of organizations say their digital transformation has accelerated in the past 12 months. 78 percent of organizations deploy software updates into production every 12 hours or less, and 54 percent say they do so at least once every two hours.
However DevOps teams spend 31 percent of their time on manual tasks involving detecting code quality issues and vulnerabilities, reducing the time spent on innovation. In addition 55 percent of organizations make tradeoffs between quality, security, and user experience in order to meet the need for rapid transformation.
"It's difficult for teams to accelerate the pace of innovation while also maintaining the highest quality and security standards," says Bernd Greifeneder, founder and chief technology officer at Dynatrace. "More frequent software deployments, combined with complex cloud-native architectures, make it easier for errors and vulnerabilities to escape into production where they impact customer experience and create risk. There simply aren't enough hours in the day for teams to test code as thoroughly as when they had only a single monthly deployment, but there’s no margin for error in today’s ultra-competitive, always-on economy. Something has to change."
The convergence of observability and security practices will be critical to building a DevSecOps culture according to 88 percent of CIOs and 90 percent say increasing the use of AIOps will be key to scaling up these practices.
Organizations also plan to increase their spending on automation across development, security, and operations by 35 percent by 2024, as they invest more in continuously testing software quality (54 percent) and security (49 percent) in production, automatic vulnerability detection and blocking (41 percent), and automating release validation (35 percent). But 70 percent of CIOs say they need to improve their trust in the accuracy of AI's decisions before they can automate more of the CI/CD pipeline.
"Organizations know that manual approaches aren't scalable," adds Greifeneder. "Teams can't afford to waste time and effort chasing false positives, searching for vulnerabilities whenever a new threat alert appears, or conducting forensics to understand whether data has been compromised. They need to work together to drive faster, more secure innovation. Automation and modern delivery practices such as DevSecOps are key to this, but teams need to trust that their AI is reaching the right conclusions about the impact of a particular vulnerability."
The full report is available from the Dynatrace site.