Security Professionals Believe Their Corporate Culture Supports Fusion of Security and DevOps
June 21, 2018

Dror Davidoff
Aqua Security

DevSecOps is quickly gaining support and traction, within and beyond information security teams. In fact, 70% of respondents believe their culture can embrace the change needed to fuse Security and DevOps, according to a new survey of 80 security professionals by Aqua Security.

“DevSecOps provides the opportunity to re-work application security processes to align with the rise of cloud-native application development and a much more security-minded business culture,” said Alan Shimel, CEO of Media Ops, DevOps focused events and online publisher. “Given how new and transformative the discipline of DevSecOps is, I was pleased to learn that survey participants are confident they have the funds, talent and culture in place needed to successfully implement it.”

DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right

The main difference between cybersecurity ten years ago and today is that now, it’s becoming everyone’s job to help minimize threats, not just members of the information security team. DevSecOps in particular is an emerging discipline that, despite the cybersecurity skills shortage and its inherent complexity, is poised to thrive because it relies on shift-left security automation to enable much of the execution as part of the build process.

It's still early days, but right now, DevSecOps is maturing in a culture where multiple stakeholders are highly motivated to do it right.

Key findings from the survey include:

■ 57% believe they have the human and financial resources in place to implement DevSecOps

■ 62% reported they currently had either a formal or informal DevSecOps team in-house

■ 47% reported they are fairly or very mature in their implementation of DevSecOps for application security; another 39% ranked themselves as maturing

When asked to rank the three most important elements of DevSecOps, respondents ranked:

■ Applying security across the app lifecycle (61%)

■ Automating application security controls (52%)

■ Involving DevOps in security processes (43%)

Additionally, respondents were asked about budget trends, with 76% of the sample reporting their application security budget has increased over the past five years, 25% reporting it went up between 10-30%, and 14% sharing that it went up by more than 40%.

While this survey differs from our 2017 Container Security in the Enterprise Survey, when viewed chronologically, the data sets suggest that there is a rapid progression of DevSecOps. Last year, only 13% of a similar pool of respondents reported they had a DevSecOps team in place; less than a year later, that number has skyrocketed to 62%.

Dror Davidoff is Co-Founder and CEO of Aqua Security
Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.