Secure DevOps Needs to be Practiced More
According to new research findings, the consistent practice of secure DevOps is a challenging endeavor for organizations where a significant part of DevOps teams avoid integrating application security testing elements during continuous integration and continuous delivery (CI/CD) workflows. The research revealed the state of secure DevOps and the related shortcomings. While the majority of C-level executives believe in early testing being the key to cost and risk control, there are few teams that are practicing secure DevOps in a method that meaningfully reduces risks.
Secure Digital Transformation is Important
Around 50 percent of the modern IT decision makers are found to be using application security testing elements during the DevOps process. Although this adoption varies for different industries, the research suggests that there is a mere 12 percent difference between highest and lowest adopters in the industry. Conventionally, companies rely on software analysis scanning solution, third-party penetration testing and dynamic analysis for the secure practice of DevOps within the enterprise.
Even while lagging in adoption, survey respondents showcase a tremendous awareness of the benefits of secure DevOps which include an improved software quality, reduced risk, and speed to release process.
Suggested Read: Building the New Paradigm of Next-Gen DevOps Management
By Marc Priolo, VP, City National Bank
Despite such strong awareness among the CIOs and other decision-makers, organizations are seemingly failing to translate secure DevOps into practice due to certain limitation cited by the respondents varying from technology, process, and talent. These challenges may include the Lack of “automated, integrated” security testing tools, inconsistent approaches, and developer resistance.
A significant portion of the aforementioned responses have roots that are at least partially based on education, culture or awareness. With the issues pertaining to Inconsistency, resistance and a belief that secure DevOps clogs down workflows indicate a dire need for change at the very basic level of awareness.
Tracing the actual Problem
Since people, processes and technology form an interconnected network in a DevOps environment, it’s likely that the technological barriers are contributing to negative human perceptions and developer resistance. As CIOs consider how to optimize the risk, compliance and agility potential of secure DevOps, overcoming challenges may require smarter technology that fits seamlessly into existing CI/CD workflows. When security and third-party security testing contributes to an organization’s goals of software quality and rapid releases, it may be easier to overcome lingering cultural barriers to secure DevOps.
You may like: 3 Common Business Challenges a Right DevOps Structure Can Help Solve
By Patrick Funck, CIO, naviHealth, a Cardinal Health company