The adoption of a DevSecOps strategy in companieswhich integrates security in software development life cycle processes is not yet very high. Only 22% of organizations have developed it, according to a report from data observability platform provider Mezmo. However, those that have implemented it have achieved a very positive impact in terms of speeding up incident detection, something that 95% of the companies surveyed for the report that have a DevSecOps strategy say. Another 96% also say that thanks to this strategy they have improved their response to incidents.
Although its adoption is low, the study confirms that there is great growth potential for the sector. 62% of respondents from 200 organizations working in areas related to technology, DevOps, and security say their organization is actively evaluating use cases or has plans to implement DevSecOps. The study has also confirmed that more than half of those using DevSecOps tools and processes have experienced a significant reduction in incidents in production.
However, there are still differences between the perception of what DevSecoOps implementation is like and its challenges. Companies believe that establishing a culture of collaboration and encouraging developers to take advantage of security best practices are almost as important as adopting DevSecOps tools. Although it is common to expect cultural transformations before the adoption of DevSecOps, those who have adopted it point out that technical limitations, such as data capture and analysis, are even greater obstacles to success.
84% of respondents believe that providing developers with the right data and tools is key to success. But as organizations increase the speed and volume of releases to serve more customers, they collect vast amounts of data. Companies that have responded to the survey capture from several TB (54%) to hundreds of TB (32%) per month. 6% capture a Petabyte or more per month.
Collecting, storing and examining this data to identify incidents is expensive and time consuming. On average, 17.5 hours per person is what it takes to track and understand security incidents, a time that 82% of respondents would like to reduce. 69% of organizations do not capture certain data sources, due to the high cost of storage. This is problematic if there is an incident and the entity has incomplete data for analysis or incident response.
91% of organizations use multiple tools to get the most value from their data, making it difficult for multiple groups to access the data they need to do their jobs. Not counting a single data source is one of the main problems for the advancement of teams.
Currently, 87% of companies use open source tools as part of their observability assets, because they are more customizable. But 84% believe it will become difficult to manage, adopt and scale with these tools. Yes indeed, 98% of respondents they assure that investigate the possibility of adopting a managed observability solution over the next 12 months.
