75% of participants reported that manual security and compliance processes slow down code release, impacting time to market and competitiveness
TORONTO – Feb. 9, 2021 – Security Compass, developer of the industry’s first Balanced Development Automation (BDA) platform, today published the results of a new report, “The 2021 State of DevSecOps”. The study was designed to gather insights into different approaches and views on DevSecOps with a focus on large enterprises (US$1B+ in annual revenue) where security threats are gravest. Areas of focus for the study included overall understanding and experience in DevSecOps, its adoption maturity, challenges, time and budget invested, program comprehensiveness, and more.
The single most important driver of DevSecOps programs found in the study was improving the security, quality, and resilience of software. Bringing technology to market faster was the second most important driver, while cost reduction was the least important. The report also reveals how perceptions toward security and compliance evolve as organizations reach maturity in their DevSecOps programs. Viewpoints from CEOs to frontline practitioners, including all levels in between, are compared and contrasted throughout the report.
Key Findings Include:
- Insufficient automation in software development is the number one cause of delays in product releases
- 75% of respondents reported that manual security and compliance processes slow down code release, ultimately delaying time to market and affecting competitiveness. DevSecOps personnel also pointed to technical challenges, organizational silos, and insufficient automation as the chief reasons why security and compliance processes slow down time to market.
- 96% of respondents agreed that they would benefit from the automation of security and compliance processes.
- Technical challenges are the main roadblock to initial DevSecOps adoption
- 60% of those tasked with getting product built found technical challenges to be the main hurdle to DevSecOps adoption. Cost, insufficient time, and lack of education are additional challenges noted.
- The majority of respondents (73%) reported their organizations follow “by design” (i.e., proactive) principles for cyber/information security and regulatory compliance.
- Executives, especially risk executives, within large enterprises that adopt DevSecOps across the majority of their applications express confidence in their ability to meet regulatory compliance and risk management needs.
“When we set out to conduct this study, we were eager to better understand the state of DevSecOps adoption; and the results paint a clear picture that manual security processes are a roadblock to timely product releases and impact a company’s competitiveness,” said Rohit Sethi, CEO, Security Compass. “We are hopeful that this study will raise awareness of the ways automation can solve significant challenges in secure application development and look forward to publishing more studies throughout 2021 to support companies in their DevSecOps journey.”
For more information, and to view the full 2021 State of DevSecOps report, click here.
About the Survey Security Compass commissioned Golfdale Consulting to conduct two independent online panel surveys in the Fall of 2020. The first survey focused on DevSecOps with 250 respondents from the U.S. and U.K., representing large enterprises (US$1B+ in annual revenue) that develop software in the technology, banking, insurance, pharma, healthcare, manufacturing and energy/utilities sectors. The study surveyed executives and practitioners in risk/compliance as well technology roles. The second survey exclusively interviewed professionals within the C-Suite on their views on time to market of their software products.