The DevOps culture and practice has been sweeping rapidly through the technical community.

Combining “Development” and “Operations” roles with automation and monitoring leads to numerous benefits, including faster time to market, fewer failures caused by changes, and shorter downtimes when problems do occur—it’s no wonder DevOps is being widely embraced.

However, security was largely an afterthought in the days of early DevOps adopters, and many organizations are still trying to play catch up when it comes to secure development and deployment automation.

The DevSecOps movement strives to incorporate continuous security into every stage of your DevOps workflow.

Though most organizations would like to implement DevSecOps, many are still trying to bridge the gap between intent and reality when it comes to marrying security with their DevOps program.

Struggling to put the “Sec” in DevOps

A recent survey by Threat Stack gives us insight into some of the obstacles facing those who are still struggling to employ a DevSecOps philosophy.

Threat Stack conducted a survey of 200 security, development and operations professionals from businesses large and small in multiple industry verticals. The results show that while everyone agrees security must be integrated into every phase of the development cycle, there are still obstacles keeping many from reaching their goals.

Tellingly, 85 percent of organizations surveyed said that employing DevSecOps best practices was an important goal, but only 35 percent actually had established the philosophy. At the same time, 18 percent had no DevSecOps at all.

Silos are one large contributing factor to this gap. Amongst respondents, security specialists are present in only 27 percent of operations teams and a lowly 18 percent of development teams.

In 38 percent of cases, security specialists are in a completely separate team only used “when needed.” To compound the problem, 42 percent of (Read more...)