Skip to main content
close search
site logo
Dive Brief

DevSecOps steps in for companies that don't have time to dedicate to security

Published March 5, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty

Dive Brief:

  • For the last three years, half of developers have agreed security is important, but they don't dedicate enough time to it, according to Sonatype's 2019 survey of more than 5,550 IT professionals.
  • Risk management, improved code and application quality, and meeting compliance requirements are the top three motivating factors for weaving security into the development lifecycle, according to the survey. About one-quarter of respondents said "'security' is synonymous with delivering 'quality.'"
  • Just over one-quarter of companies have a mature DevOps adoption, and those organizations are 350% more likely to integrate automated security. About 47% of all companies deploy to production several times per week, though about 14% deploy once a week. 

Dive Insight:

Intertwining security and software allows companies to find the sweet spot between speed and security. Agile serves as the prelude for DevSecOps as companies embrace more automated solutions. In fact, nearly one-third of developers trained in agile and waterfall practices were not provided security training, according to the survey.

The "shift left" mentality of moving security to the start of the development process allows companies to test for vulnerabilities sooner. Any points of concern can be addressed in one of the dependencies earlier on and developers don't have have to wait until the end of development to resolve the issue.

Line-of-business employees tend to have a less informed view of cybersecurity. Because of this, they are more inclined to adopt software with little regard to unmonitored tools because security was left out of the acquistion. 

Improved code quality and input validation can help mitigate the risk of flaws and data leaks. DevSecOps, as opposed to DevOps, can resolve a flaw 12 times faster than a traditional organization. The automated component of DevSecOps allows for software scans and eases the burden of security.

However, confusion around DevOps itself has lost some of its impact due to unreliable marketing and hype.

DevOps stands in a position to unite development, operations and security, which can lead to more seamless processes. Risk reduction and a decrease in size of changes to production environments are the potential benefits of a DevSecOps culture and mindset. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell