As DevOps continues to gain popularity for rapid delivery and innovation of IT-enabled capabilities, concerns about security increase. Security and risk management leaders must adapt security tools, processes and policies to the DevOps toolchain without slowing the development and release process. 

 

Key Challenges 

  • DevOps adoption is increasing as an alternative to traditional waterfall and agile development methodologies, but security and compliance typically remain afterthoughts. 
  • DevOps practices encourage automation to achieve scale, but security has traditionally been manual, process-heavy and gate-driven — the antithesis of automation, transparency and speed. 
  • Most developers have no knowledge of secure coding, including those versed in agile and DevOps. 
  • Traditional application security testing approaches weren’t designed for speed and transparency. 
  • For some applications in specific industries, new versions need to be government-recertified after every production update, making rapid change an issue. 

By 2022, 90% of software development projects will claim to be following DevSecOps practices, up from 40% in 2019. 

By 2022, 25% of all software development projects will be following a DevOps methodology from conception to production, up from less than 10% today. 

Discuss Further 

your specific Security and DevOps questions – contact Susan Buytenhuys, Gartner State of CA - Managing Client Director - 916.281.5145 - Susan.Buytenhuys@gartner.com 

 

Also: Register and join these Gartner Webinars to gain further insight. 

The Field Guide to Infrastructure Automation 

Infrastructure automation is no longer optional. But it is complex, and no one tool can do it all. Join this complimentary webinar as Gartner expert Paul Delory unfolds a detailed map of the infrastructure automation landscape, including infrastructure-as-a-service and infrastructure-as-code-models, DevOps and DevSecOps pipelines, tool selection, infrastructure modernization, orchestration, software delivery, patching, compliance, and governance. 

Hosted by: Paul Delory