Growing urgency for observability and security to converge
There is a growing growing urgency for observability and security to converge, according to a new report.
Software intelligence company Dynatrace has revealed the results of an independent global survey of 1,300 CIOs and senior DevOps managers, including 100 from Australia, in large organisations.
The findings revealed the increased difficulty of maintaining software reliability and security as the demand for continuous release cycles and the rising complexity of cloud-native environments create more risk for undetected defects and vulnerabilities to escape into production.
CIOs and senior DevOps managers are looking to DevSecOps processes, the convergence of observability and security, and the increased use of AI and automation to balance accelerated innovation with reliability and security.
The research reveals that 78% of Australian organisations (90% globally) say digital transformation has accelerated in the past 12 months.
It found 91% of Australian organisations (78% globally) deploy software updates into production every 12 hours or less, and 66% (54% globally) say they do so at least once every two hours.
Australian DevOps teams spend a third (31% globally) of their time on manual tasks involving detecting code quality issues and vulnerabilities, reducing the time spent on innovation, while 72% of Australian organisations (55% globally) make tradeoffs between quality, security, and user experience to meet the need for rapid transformation.
The report found 87% of Australian CIOs (88% globally) say the convergence of observability and security practices will be critical to building a DevSecOps culture, and 94% (90% globally) say increasing the use of AIOps will be key to scaling up these practices.
"It's difficult for teams to accelerate the pace of innovation while also maintaining the highest quality and security standards," says Bernd Greifeneder, Founder and Chief Technology Officer at Dynatrace.
"More frequent software deployments, combined with complex cloud-native architectures, make it easier for errors and vulnerabilities to escape into production where they impact customer experience and create risk," he says.
"There simply are not enough hours in the day for teams to test code as thoroughly as when they had only a single monthly deployment, but there is no margin for error in today's ultra-competitive, always-on economy. Something has to change."
Additional findings from the survey include:
Australian organisations plan to increase their spending on automation across development, security, and operations by 41% (35% globally) by 2024, as they invest more in continuously testing software quality (47% in Australia versus 54% globally) and security (51% in Australia versus 49% globally) in production, automatic vulnerability detection and blocking (56% in Australia versus 41% globally)), and automating release validation (51% in Australia versus 35% globally).
Some 91% of Australian CIOs (70% globally) say they need to improve their trust in the accuracy of AIs decisions before they can automate more of the CI/CD pipeline, while 94% of CIOs say extending a DevSecOps culture to more teams is key to accelerating digital transformation and driving faster, more secure software releases.
"Organisations know that manual approaches are not scalable," says Greifeneder.
"Teams cant afford to waste time and effort chasing false positives, searching for vulnerabilities whenever a new threat alert is raised, or conducting forensics to understand whether data has been compromised. They need to work together to drive faster, more secure innovation," he says.
"Automation and modern delivery practices such as DevSecOps are key to this, but teams need to trust that their AI is reaching the right conclusions about the risk impact of a particular vulnerability."
To accomplish this, Greifeneder says organisations require a unified platform that can converge observability and security data to eliminate the silos between teams.
"By bringing their data together and retaining its context, DevOps and security teams can unlock the insights they need through causal AI," he says.
"This enables them to harness intelligent automation to rapidly deliver high-performing and secure applications that delight their users."