More ANZ organisations warm to DevSecOps | #itsecurity | #infosec


More organisations in Australia and New Zealand (ANZ) are moving to adopt agile DevSecOps practices, with 39% already undertaking this transition and a further 36% earmarking plans to do so in 2022, according to a study.

Commissioned by Lacework, the study involving 170 technology practitioners from ANZ found that more significant amounts of software development combined with greater security concerns are driving the adoption of DevSecOps. 

However, DevSecOps adoptees still face challenges, with over half of respondents citing budget constraints, skills shortages and tool proliferation that stretches existing teams to capacity as factors hindering their adoption of DevSecOps.

Only 16% of respondents currently rely on a single tool for testing and scanning, while 84% report using two or more tools to perform these tasks. 

“We are seeing a positive and speedy uptake of DevSecOps across the region, but it’s not possible to maintain the security status quo and also achieve innovation through organisational agility as business processes evolve,” said Graham Pearson, vice-president and managing director of ANZ at Lacework.

“To take advantage of DevSecOps processes, ANZ organisations must streamline security tools, adopt and implement continuous security, and create automated testing throughout the software development and release process. Throwing more money at the problem without taking these steps will only feed existing challenges, not solve them,” he added.

“To take advantage of DevSecOps processes, ANZ organisations must streamline security tools, adopt and implement continuous security, and create automated testing throughout the software development and release process”
Graham Pearson, Lacework

The report also found that DevOps and engineering teams are improving build-time security and their ability to catch issues before shipping to production environments.

For example, 37% of those surveyed said their DevOps teams have a dedicated headcount in place to take responsibility for build-time security as part of the development cycle. A further 23% called out a shared responsibility model whereby build-time security was the joint responsibility of DevOps and security.

“With cloud spending tipped to continue explosive annual growth of 23.4%-28.8%, tooling needs to evolve to foster and promote agile practices like DevSecOps and maximise cloud without adding complexity,” said Pearson.

According to IDC, DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, fuelled by shorter software development lifecycles.

“Old security processes that put security at the middle or end of the process are just too expensive and inefficient now,” said Gina Smith, research manager at IDC Asia.

“Shifting security left – all the way to the planning stage – can dramatically improve efficiency and decrease cost. The bottom line is that it jumpstarts the output of quality code, which is what it is all about,” she added.

Smith said as more enterprises rely on open source and cloud technologies, as well as application containerisation, they will face a “complicated set of challenges” which a mature DevSecOps policy will help to address.

“Building security planning, testing and monitoring into every phase of the DevOps pipeline is about bridging the age-old division – and enmity – among developers, IT and security,” she added.



Original Source link

Leave a Reply

Your email address will not be published.

seventy three − 64 =