Skip to main content

Automated security in DevOps is a sign of mature dev organisations

(Image credit: Image Credit: Profit_Image / Shutterstock)

Mature development organisations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype (opens in new tab)

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

There was a nearly 50 per cent increase in breaches, compared to SonaType’s 2014 survey. 

Two thirds of respondents (67 per cent) have described their DevOps practices as ‘very mature’ or ‘of improving maturity’. In almost half of the cases (47 per cent), traditional development and operations teams see security teams and policies slowing them down. In such cases, DevOps teams have found new ways of integrating security at the speed of development.

Just above a quarter (28 per cent) of mature DevOps teams believe security requirements are slowing them down.

"As evidenced by this year’s survey results, organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes,” said Wayne Jackson, CEO, Sonatype. “Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.”

The report also finds that development plays an active and early role in application security, and that for DevOps teams, security controls are increasingly automated throughout the development lifecycle. 

And finally, automated security practices are said to allow developers to keep pace with the speed and scale of innovation.

Image Credit: Profit_Image / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.