A recent survey conducted by CloudPassage indicates that a lack of resources may be hindering the ability for companies to embed security in application release cycles stymieing their efforts to implement DevOps.
According to the survey:
- When asked the stage at which security is brought into software or product development release cycles, more than half of respondents (58 percent) said security is introduced during phase one, the concept and design phase. A quarter of respondents (22 percent) said security is brought in during phase two, the coding and implementation phase.
- While more than half of respondents (58 percent) said security is brought into the development lifecycle early, over half of respondents (51 percent) disagreed and or did not know if security is capable of moving as fast as product or service release cycles.
- Two-thirds (65 percent) of security professionals cited both lack of resources (i.e. talent and budget) and siloed departments as the biggest barriers to getting security earlier into release cycles. Lack of resources was reported as the main barrier by 34 percent of the respondents. Fewer respondents, 18 percent, said security would slow down the release cycle. Eight percent said they believe “DevOps derails security.”
- One-third (33 percent) of security professionals said the biggest business benefit for integrating security into DevOps methods is better security, faster. Twenty-five percent of respondents said they believe the biggest benefit is new applications without delays caused by security. Twenty-four percent said the driver is improved relationships between DevOps and security teams.
- Nearly two-thirds (64 percent) of IT security professionals characterized their organization’s cloud deployment as being “mixed or hybrid.” Alternatively, 16 percent of respondents described their cloud deployment as private, 13 percent said they operate in the public cloud, and just 8 percent of respondents said they do not have any cloud infrastructure.