Micro Focus, in partnership with Accenture, ran the DevSecOps Survey 2019 in July and August, which gleamed valuable insight into how South African businesses treat DevOps, as well as their current and future DevSecOps strategies.
The survey covered questions relating to business’ application landscape, agile development practices, risk and DevOps integration, as well as the perceived advantages and future plans for DevSecOps.
“If we look at where systems are heading, a lot of organisations in South African have already started some form of digital journey or digital transformation,” said Accenture Intelligent Engineering Services Lead in Africa, David Christie.
“However, they are quickly realising that if you don’t radically change the way you deliver IT systems, you’re not going to reap the full benefits of the transformation journey.”
The importance of DevSecOps
DevSecOps focuses on the importance of viewing security as a critical part of technology adoption and innovation.
Many businesses prioritise DevOps-driven innovation and feature-rich improvements using systems such as “fail fast” and “Agile IT culture,” which implies that these businesses experiment regularly and aggressively.
This results in frequent code changes, which increases the risk of introducing security vulnerabilities into the code.
DevSecOps drives home the idea that all innovation should be done within and alongside secure systems and security professionals.
Rather than seeing security as an afterthought, DevSecOps combines development, security, and operations into a single model that works together from start to finish – ensuring that all changes are immediately and concurrently dealt with by one’s security team.
This alliance offers various benefits, including:
- Shorter development cycles.
- Security systems that work as a unit.
- Quicker problem-solving.
- Easier automation.
Christie said that about 3,500 respondents completed the survey, but what was noticeable was the relative lack of security professionals among the respondents.
“To me, this implies that DevSecOps has a misalignment in terms of understanding in organisations because security guys are thinking that it is something that the developers, operations managers, and release teams need to address.”
Christie said that the percentage of businesses that have implemented DevSecOps was relatively low, although there did appear to be ambition from many respondents to make this transition.
However, Christie highlighted that security is often seen as the “no-police,” which serves as inhibition for high-velocity delivery, rather than as an enabler.
Despite this, Christie said that DevSecOps will be required as execution of projects becomes more frequent and time sensitive.
“As we start moving towards high-velocity experimentation and feature delivery, very often one-offs will not cut it,” said Christie.
Other key insights included the fact that around 75% of all respondents have some form of public-facing website.
“If you link that to 72% of them actively building new web applications as part of their day jobs, it automatically heightens the security risk and the importance of security.”
The survey also found that most respondents still work on data centres, although he speculated that as the likes of Azure and AWS increase their reach in South Africa, the industry will see a radical shift towards the cloud in the coming years.
Surprisingly, only 55% of all respondents said they had suffered a breach in the past.
“However, the other 45% who said they hadn’t should re-check their systems, as they probably had a breach and simply haven’t realised it yet,” said Christie.
Accenture’s survey insights can be viewed here.
This article was published in partnership with Micro Focus.