cfo-nz logo
Story image

Global rise in DevSecOps but role uncertainty persists - GitLab study

25 May 2020

The line between development teams, security teams, and operations teams continues to blur into the culmination of DevOps and DevSecOps, according to those working in the industry.

Rising rates of DevOps adoption and tool choices are leading to job function changes, and organisation charts across development, security, and operations.

GitLab reports that DevOps practitioners are working with faster release times, continuous integration and deployment, and progress towards shifting test and security ‘left’, says GitLab CEO and cofounder Sid Sijbrandij.

“That said, there is still significant work to be done, particularly in the areas of testing and security. We look forward to seeing improvements in collaboration and testing across teams as they adjust to utilising new technologies and job roles become more fluid.”

The GitLab Global DevSecOps Survey explains that teams must understand how the role of the developer is changing, and how it affects security, operations, and test teams.

35% of developers say they define and/or create the infrastructure their app runs on, but only 14% monitor and respond to that infrastructure. This is traditionally a role held by operations. Additionally, more than 18% of developers instrument code for production monitoring, while 12% serve as an escalation point when there are incidents.

Furthermore, 83% of developers report being able to release code more quickly after adopting DevOps. continuous integration and continuous delivery (CI/CD) is also proven to help reduce time for building and deploying applications – 38% said their DevOps implementations include CI/CD. 

An additional 29% said their DevOps implementations include test automation, 16% said DevSecOps, and nearly 9% use multi-cloud.

Automated testing is on the rise, but only 12% claim to have full test automation. And, while 60% of companies report deploying multiple times a day, once a day or once every few days, over 42% say testing happens too late in the development lifecycle.

There is increasing uncertainty from both developers and security teams over who should take responsibility for security development.

More than 25% of developers reported feeling solely responsible for security, compared to testers (23%) and operations professionals (21%).

Additionally, 33% of security team members say that they ‘own’ security, while 29% say everyone should be responsible.

Despite questions of ownership, security teams continue to report that developers are not finding enough bugs at the earliest stages of development and are slow to prioritize fixing them – a finding consistent with last year’s survey. 

More than 42% of security respondents say that testing still happens too late in the life cycle, while 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritising vulnerability remediation an uphill battle.

“Although there is an industry-wide push to shift left, our research shows that greater clarity is needed on how teams’ daily responsibilities are changing, because it impacts the entire organisation’s security proficiency,” comments GitLab vice president of security, Johnathan Hunt. 

“Security teams need to implement concrete processes for the adoption of new tools and deployments in order to increase development efficiency and security capabilities.”

GitLab surveyed more than 3,650 software professionals from 21 countries worldwide.

Link image
The CFO’s guide to why CX deserves more attention
Customer experience an important way to keep customers coming back for more, but chances are the board is asking what the financial impact of any CX investment will be. Uncover the most common questions from APAC CFOs, and how to answer them.More
Story image
Data management a powerful way for businesses to gain competitive advantage
Leading innovators are ultimately leveraging data to disrupt new markets and gain a competitive advantage through strategic data management innovations, IDC finds.More
Story image
Skills gap, lack of budget, and competing initiatives holding back innovation in A/NZ enterprises - report
Despite A/NZ businesses showing the most confidence in their ability to innovate at a competitive rate, skills gaps continued to hold projects back.More
Story image
Skillsoft launches new leadership focused online learning resource
Skillsoft has launched a new series of online learning resources designed to help people with leadership development, with a particular focus on digital leadership skills required to be successful in today’s fast-changing world. More
Story image
Cohesity named top vendor in unstructured data management.
GigaOm cited Cohesity's end-to-end solution designed to tackle data and app challenges in modern enterprises. More
Story image
Apple unveils iPadOS 14, with redesigns for Siri, Search, widgets and more
“With iPadOS 14, we’re excited to build on the distinct experience of iPad and deliver new capabilities that help customers boost productivity, be more creative, and have more fun.”More