Automation has a key roleto play in secure software development

Security Compass has published the results of a new report, “The 2021 State of DevSecOps”. The study was designed to gather insights into different approaches and views on DevSecOps with a focus on large enterprises (US$1B+ in annual revenue) where security threats are gravest. Areas of focus for the study included overall understanding and experience in DevSecOps, its adoption maturity, challenges, time and budget invested, program comprehensiveness, and more.

The single most important driver of DevSecOps programs found in the study was improving the security, quality, and resilience of software. Bringing technology to market faster was the second most important driver, while cost reduction was the least important. The report also reveals how perceptions toward security and compliance evolve as organizations reach maturity in their DevSecOps programs. Viewpoints from CEOs to frontline practitioners, including all levels in between, are compared and contrasted throughout the report.

Key Findings Include:

● Insufficient automation in software development is the number one cause of delays in product releases

○ 75% of respondents reported that manual security and compliance processes slow down code release, ultimately delaying time to market and affecting competitiveness. DevSecOps personnel also pointed to technical challenges, organizational silos, and insufficient automation as the chief reasons why security and compliance processes slow down time to market.

○ 96% of respondents agreed that they would benefit from the automation of security and compliance processes.

● Technical challenges are the main roadblock to initial DevSecOps adoption

○ 60% of those tasked with getting product built found technical challenges to be the main hurdle to DevSecOps adoption. Cost, insufficient time, and lack of education are additional challenges noted.

○ The majority of respondents (73%) reported their organizations follow “by design” (i.e., proactive) principles for cyber/information security and regulatory compliance.

○ Executives, especially risk executives, within large enterprises that adopt DevSecOps across the majority of their applications express confidence in their ability to meet regulatory compliance and risk management needs.

“When we set out to conduct this study, we were eager to better understand the state of DevSecOps adoption; and the results paint a clear picture that manual security processes are a roadblock to timely product releases and impact a company’s competitiveness,” said Rohit Sethi, CEO, Security Compass. “We are hopeful that this study will raise awareness of the ways automation can solve significant challenges in secure application development and look forward to publishing more studies throughout 2021 to support companies in their DevSecOps journey.”