Security is a driving force for choosing a DevOps platform, finds GitLab study

Johnathan Hunt, Vice President of Security at GitLab

GitLab Inc., provider of The One DevOps Platform for software innovation, released the results of its annual DevSecOps survey. GitLab’s 2022 Global DevSecOps Survey highlights the continued prioritisation of security and compliance, investment in toolchain consolidation, and the impacts of rapid DevOps adoption. The survey consisted of 5,001 respondents, including developers, operations and security practitioners and organisational leaders.

The study found, following two years of explosive tech adoption, nearly three-quarters of respondents have adopted–or plan to within the year– a DevOps platform in order to meet rising expectations on security, compliance, toolchain consolidation, and software delivery.

“Rapid deployment and speed-to-market are some of the biggest differentiators in business landscape. This often comes at the cost of security – a major concern across tech, business and govt leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab.

“Streamlined toolchains and standardised, transparent processes help firms keep security and compliance at the core of the software development lifecycle, rather than an afterthought.”

What were the insights of the study?

The 2022 survey results highlight security as the highest-priority investment area for organisations, with more than half of security team members stating their organisations have either shifted security left or plan to this year. Toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.

Security is top challenge and top area of investment for DevOps teams

Security has surpassed even cloud computing as the number one investment area. However, despite an appetite to shift security left, many companies are still nascent in their approach and results – only 10% of respondents reported receiving additional budget for security.

Data continues to support the ongoing trend of misalignment between security and development teams. Over half of survey respondents stated that security is a performance metric for developers within their firms, however, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities.

In order to align performance metrics with reality, developers must be incentivised to practice security protocols and be provided with full visibility into the toolchain and potential risks. When security collaboration is achieved, firms produce great results. Development, security, and operations teams noted better security as a key advantage to a DevOps platform.

Survey data showed that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform. Investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.

Plans to consolidate tech stacks skyrocket as toolchain

Although 60% of developers surveyed are releasing code faster than before, toolchain sprawl is impacting speed and productivity, taking valuable time away from developers. Nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021. Accordingly, 69% of those surveyed stated that they would like to consolidate their toolchains.

Primary concerns surrounding toolchain management include challenges around consistently monitoring a myriad of tools, and difficulty context switching, and slowed development velocity, increased costs, and retention.“The last year marked a significant turning point in the adoption of DevOps tools, platforms, and processes. In 2022, we are seeing the fruits of those efforts,” commented David DeSanto, Vice President of Product at GitLab.

“Despite hurdles presented by the pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organisations continue to consolidate their DevOps toolchains and processes,” he said.

The trend toward speedy software releases is restricted to the private sector, as the survey found that the speed of software delivery within the public sector stalled from the previous year, with 59% of govt respondents reporting the same rate of delivery or slower than 2021.

“It’s encouraging to see government organisations adopting a DevSecOps platform, but there’s still a ways to go for the public sector to catch up with its private sector counterpart in terms of software release speed and innovation. Government agencies must invest in tools that enable rapid software delivery to meet the needs of service members and citizens or risk stagnation and even attacks,” commented Bob Stevens, VP of Public Sector at GitLab.

Overall, the data shows that releases are faster than ever and developers point to investment in a DevOps platform as the reason why. The rapid adoption of DevOps in 2021 drove rapid software delivery, better code quality, and improved developer productivity.

Key challenges and opportunities for the upcoming year include tool consolidation, an increased focus on security and compliance, and a continued effort to align development and security teams. For more information and to access the 2022 DevSecOps Survey, click here.