Adopt DevSecOps across the enterprise if you want to embed security by design

As with the product mindset, innovation in software development around the concepts of DevOps is driving a fundamental cultural shift (refer to our latest Point of View The Seven Pillars of Cloud Native Operations – HFS Research). The advancement of DevOps has helped organizations to bring IT and business operations closer together. But it appears that security has been left behind. In our last cybersecurity survey, the vast majority of cybersecurity executives highlighted that CISO mandates exist around DevSecOps but the wider IT organization is still not able to effectively translate policies into standard operating procedures supported by the right technology enablers.

• Leaders: only thirty-one percent (31%) of cybersecurity executives reported that DevSecOps practices have been deployed widely across the enterprise.
• Laggards: Almost four out of ten respondents (39%) highlighted that there is currently a limited use of DevSecOps practices in their respective organizations but it is expanding. Initiatives are being sponsored and executed at “business unit” level. Twenty-six percent (26%) are currently running targeted pilot initiatives at “project” level.
• Losers: five percent (5%) mentioned that their organizations are still assessing how to apply DevSecOps effectively or even worse, not currently investigating or planning to deploy such practices.

The Bottom Line: Organizations are missing a great opportunity to move away from the “Security as an Afterthought” mindset toward embedding a proactive approach to mitigate cybersecurity threats at the source.

DevSecOps is still perceived by many as slowing down the product development cycle. It’s time for Security and IT leaders to come together and enforce security practices right at the core of the DevOps mindset. Pressure to quickly deliver products to customers, budget constraints or extensive change management required to “shift left” (the efforts to guarantee application security at the earliest stages in the development lifecycle) can no longer be an excuse, as one of every two (47%) cybersecurity executives reported that the lack of “security by design” has been the biggest contributor to security incidents in the past two years (refer to the Data Viewpoint You must seriously embed “security by design” to minimize security incidents).

Explore the HFS Pulse Dashboard

Take a look at the breadth of data in our Pulse Dashboard, which showcases data about current and future demand trends for technology and business services and related emerging technologies. See more here.