Automated security in DevOps is a sign of mature dev organisations

Top performing software development teams embrace DevSecOps automation.

Mature development organisations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

There was a nearly 50 per cent increase in breaches, compared to SonaType’s 2014 survey. 

Two thirds of respondents (67 per cent) have described their DevOps practices as ‘very mature’ or ‘of improving maturity’. In almost half of the cases (47 per cent), traditional development and operations teams see security teams and policies slowing them down. In such cases, DevOps teams have found new ways of integrating security at the speed of development.

Just above a quarter (28 per cent) of mature DevOps teams believe security requirements are slowing them down.

"As evidenced by this year’s survey results, organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes,” said Wayne Jackson, CEO, Sonatype. “Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.”

The report also finds that development plays an active and early role in application security, and that for DevOps teams, security controls are increasingly automated throughout the development lifecycle. 

And finally, automated security practices are said to allow developers to keep pace with the speed and scale of innovation.

Image Credit: Profit_Image / Shutterstock