GitLab Inc., bekend van ’the One DevOps Platform’, heeft zijn jaarlijkse DevSecOps-onderzoek gepubliceerd waaruit een fundamentele verschuiving naar voren komt in de manier waarop security benaderd wordt in organisaties, gerelateerd aan het streven van software development teams om veilige en compliant code af te leveren in het tempo dat de organisatie vereist.
UIt het onderzoek dat plaatsvond onder 5.000 respondenten wereldwijd, waaronder developers, operations en security professionals en managers, blijkt onder andere dat:
Uit het onderzoek blijkt dat security voor DevOps teams het belangrijkste aspect is waarin geïnvesteerd wordt
Zeven van de tien ondervraagden (69%) verklaart dat zij hun toolchains graag willen consolideren
Bijna driekwart van de respondenten beschikt over een DevOps-platform of is van plan dit binnen een jaar te introduceren – om te voldoen aan de stijgende verwachtingen van het bedrijfsleven op het gebied van security, compliance, consolidatie van de toolchain, en snellere oplevering van software.
Uit het onderzoek bleek echter ook dat men zich zorgen maakt over de complexiteit van toolchain management en de daarmee gepaard gaande monitoring taken.
Hoewel de meeste ondervraagde developers (60%) sneller code vrijgeven dan voorheen, heeft de grote hoeveelheid toolchains impact op hun snelheid en productiviteit en is het tijdrovend
Bijna vier op de tien developers besteedt tussen een kwart en de helft van de tijd aan het onderhoud of de integratie van complexe toolchains – een aanzienlijk hoger percentage dan naar voren kwam in de survey van vorig jaar
Verantwoordelijkheden op het gebied van compliance zijn toegenomen bij developers en bij operations en security professionals: bijna driekwart (71%) van de operations professionals houdt zich minimaal een kwart van hun tijd, of meer, bezig met audit en compliance. 28% van de security professionals houdt zich met deze taken bezig.
Het volledige Engelstalige persbericht
GitLab Inc.’s Sixth Annual Global DevSecOps Survey Shows Security is the Driving Force for Choosing a DevOps Platform
Results show efficiency, higher quality code, and developer productivity are key drivers for DevOps adoption
SAN FRANCISCO – Today, GitLab Inc., provider of The One DevOps Platform for software innovation, released the results of its annual DevSecOps survey. GitLab’s 2022 Global DevSecOps Survey highlights the continued prioritization of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption.
The survey consisted of 5,001 respondents, including developers, operations and security practitioners and organizational leaders. It found that, following two years of explosive technological adoption, nearly three-quarters of respondents have adopted–or plan to adopt within the year– a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business and government leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab. “Streamlined toolchains and standardized, transparent processes help organizations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.”
The 2022 survey results highlight security as the highest-priority investment area for organizations, with more than half of security team members stating their organizations have either shifted security left or plan to this year. Toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.
Security is both top challenge and top area of investment for DevOps teams
Security has surpassed even cloud computing as the number one investment area across DevOps teams at global organizations. However, despite an appetite to shift security left, many companies are still nascent in their approach and results – only 10% of respondents reported receiving additional budget for security.
Data continues to support the ongoing trend of misalignment between security and development teams. Over half of survey respondents stated that security is a performance metric for developers within their organizations, however, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities. In order to align performance metrics with reality, developers must be incentivized to practice security protocols and be provided with full visibility into the toolchain and potential risks.
When security collaboration is achieved, organizations produce great results. Development, security, and operations teams broadly noted better security as a key advantage to a DevOps platform. Survey data demonstrated that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform or other tools. Additionally, investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.
Plans to consolidate tech stacks skyrocket as toolchain tax continues to challenge developers
Although 60% of developers surveyed are releasing code faster than before, toolchain sprawl is impacting speed and productivity, taking valuable time away from developers. Nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021.
Accordingly, 69% of those surveyed stated that they would like to consolidate their toolchains. Primary concerns surrounding toolchain management include challenges around consistently monitoring a myriad of tools, and difficulty context switching, as well as slowed development velocity, increased costs, and retention.
“The last year marked a significant turning point in the adoption of DevOps tools, platforms, and processes. In 2022, we’re seeing the fruits of those efforts,” said David DeSanto, VP of Product at GitLab. “Despite hurdles presented by the ongoing pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organizations continue to consolidate their DevOps toolchains and processes.”
However, the trend toward speedy software releases is mainly restricted to the private sector, as the survey found that the speed of software delivery within the public sector stalled from the previous year, with 59% of government respondents reporting the same rate of delivery or slower than 2021.
“It’s encouraging to see that half of American government respondents have adopted a DevSecOps platform, but there’s still a ways to go for the public sector to catch up with its private sector counterpart in terms of software release speed and innovation,” said Bob Stevens, VP of Public Sector at GitLab. “Government agencies must invest in tools that enable rapid software delivery to meet the needs of service members and citizens or risk stagnation and even attacks.”
Overall, the data shows that releases are faster than ever and developers point to investment in a DevOps platform as the reason why.
The rapid adoption of DevOps in 2021 drove rapid software delivery, better code quality, and improved developer productivity. Key challenges and opportunities for the upcoming year include tool consolidation, an increased focus on security and compliance, and a continued effort to align development and security teams. To access the 2022 DevSecOps Survey, click here.
Methodology
GitLab surveyed 5,001 software professionals worldwide in May 2022. The margin of error for the total sample (n=5001) is 1.4%.
