itb-nz logo
Story image

Global rise in DevSecOps but role uncertainty persists - GitLab study

25 May 2020

The line between development teams, security teams, and operations teams continues to blur into the culmination of DevOps and DevSecOps, according to those working in the industry.

Rising rates of DevOps adoption and tool choices are leading to job function changes, and organisation charts across development, security, and operations.

GitLab reports that DevOps practitioners are working with faster release times, continuous integration and deployment, and progress towards shifting test and security ‘left’, says GitLab CEO and cofounder Sid Sijbrandij.

“That said, there is still significant work to be done, particularly in the areas of testing and security. We look forward to seeing improvements in collaboration and testing across teams as they adjust to utilising new technologies and job roles become more fluid.”

The GitLab Global DevSecOps Survey explains that teams must understand how the role of the developer is changing, and how it affects security, operations, and test teams.

35% of developers say they define and/or create the infrastructure their app runs on, but only 14% monitor and respond to that infrastructure. This is traditionally a role held by operations. Additionally, more than 18% of developers instrument code for production monitoring, while 12% serve as an escalation point when there are incidents.

Furthermore, 83% of developers report being able to release code more quickly after adopting DevOps. continuous integration and continuous delivery (CI/CD) is also proven to help reduce time for building and deploying applications – 38% said their DevOps implementations include CI/CD. 

An additional 29% said their DevOps implementations include test automation, 16% said DevSecOps, and nearly 9% use multi-cloud.

Automated testing is on the rise, but only 12% claim to have full test automation. And, while 60% of companies report deploying multiple times a day, once a day or once every few days, over 42% say testing happens too late in the development lifecycle.

There is increasing uncertainty from both developers and security teams over who should take responsibility for security development.

More than 25% of developers reported feeling solely responsible for security, compared to testers (23%) and operations professionals (21%).

Additionally, 33% of security team members say that they ‘own’ security, while 29% say everyone should be responsible.

Despite questions of ownership, security teams continue to report that developers are not finding enough bugs at the earliest stages of development and are slow to prioritize fixing them – a finding consistent with last year’s survey. 

More than 42% of security respondents say that testing still happens too late in the life cycle, while 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritising vulnerability remediation an uphill battle.

“Although there is an industry-wide push to shift left, our research shows that greater clarity is needed on how teams’ daily responsibilities are changing, because it impacts the entire organisation’s security proficiency,” comments GitLab vice president of security, Johnathan Hunt. 

“Security teams need to implement concrete processes for the adoption of new tools and deployments in order to increase development efficiency and security capabilities.”

GitLab surveyed more than 3,650 software professionals from 21 countries worldwide.

Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
New AI speech technology for contact centres lands in A/NZ
The contact centre enhancement, Oration, combines an artificial intelligence language interpreter with advanced speech recognition. More
Story image
Case study: MECCA has HCM makeover with Workday
The phased HCM makeover began in 2017, when the company made the decision to launch a three to five-year program to digitalise its human capital management technology so that it could simplify everyday requirements for its team members and enable them to self-serve. More
Story image
Fortinet SOARs to new heights of protection on the wings of AI & automation
Jon McGettigan, Fortinet A/NZ Regional Director, talks about SOAR (security orchestration, automation and response) and explains that effective SOAR starts with your security policy.More
Link image
How to prove to your C-Suite that CX is worth the investment
Regardless of the benefits of customer experience (CX), the C-Suite wants to know how to validate an experience management program. Local CFOs voice their concerns about ROI, tangible value, and financial benefits – how will you make your case?More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More