ANZ organisations moving towards DevSecOps

Data-driven cloud security company Lacework has found a shift is happening in the local ANZ market as more organisations are moving to adopt agile DevSecOps practices, with 39 per cent already undertaking this transition, and a further 36 per cent earmarking plans to do so in 2022.

The research outlined in Lacework’s new DevSecOps Market Survey in Australia and New Zealand, which surveyed 170 technology practitioners from Australia and New Zealand across enterprise and SMB organisations, revealed more significant amounts of software development combined with greater security concerns are driving the adoption of the DevSecOps practice.

The adoptees, however, are still facing challenges with over half of respondents (53 per cent) citing budget constraints, the well-publicised skills shortage in the ANZ market, and tool proliferation that stretches existing teams to capacity as factors hindering their adoption and practice of DevSecOps. Only 16 per cent of respondents currently rely on a single tool for testing and scanning, while 84 per cent report using two or more tools to perform these tasks.

According to Graham Pearson, vice-president and managing director ANZ at Lacework, there has been a positive and speedy uptake of DevSecOps across the region.

“In order to take advantage of DevSecOps processes, ANZ organisations must streamline security tools and adopt and implement continuous security and create automated testing throughout the software development and release process.

“It’s not possible to maintain the security status quo and also achieve innovation through organisational agility as business processes evolve.

“Throwing more money at the problem without taking these steps will only feed existing challenges, not solve them,” Pearson said.

Promisingly, the report found that DevOps and engineering teams are improving build-time security and their ability to catch issues before shipping to production environments with 37 per cent of those surveyed said their DevOps teams have a dedicated headcount in place to take responsibility for build-time security as part of the development cycle. A further 23 per cent called out a shared responsibility model whereby build-time security was the joint responsibility of DevOps and security.

“With cloud spending tipped to continue explosive annual growth of 23.4-28.8 per cent, tooling needs to evolve to foster and promote agile practices like DevSecOps and maximise cloud without adding complexity,” Pearson concluded.