State of DevOps 2021: Benefits of a Secure Software Supply Chain

As more and more organizations embrace digital transformation and ways of conducting business virtually, we have unfortunately seen a corresponding increase in the number of data breaches and cyberattacks. In 2020 alone, more than 22 billion confidential personal information or business data records were exposed, according to Tenable’s 2020 Threat Landscape Retrospective Report. These data breaches are more than just leaked bits of information, they have long-term implications for the people who trusted the impacted businesses with keeping their personal data secure. 

As a community, it’s tech’s responsibility to build services and applications that can be trusted by the people we serve. However, it requires a significant investment to make changes to how your team and organization operate. How will adding more security measures to your processes affect the outcomes your team and organization care about? The 2021 Accelerate State of DevOps Report highlights the way integrating security best practices throughout the software development process impacts a team’s ability to deliver and operate software as well as meet business goals. 

With seven years of research and more than 32,000 survey responses from industry professionals, the 2021 Accelerate State of DevOps Report examines the software development and DevOps practices that make teams and organizations most successful. This year, 1,200 working professionals from a variety of industries around the globe shared their experiences to help grow our understanding of the factors that drive higher performance, including security. 

Consistent with previous reports, we found that elite performers excel in implementing security best practices and were twice as likely to have security integrated with their software development process. This suggests that teams who have accelerated delivery while maintaining their reliability standards have found a way to integrate security checks and practices without compromising their ability to deliver software quickly or reliably. 

In addition to exhibiting high delivery speed and operational performance, teams who integrate security best practices throughout their development process are 1.6 times more likely to meet or exceed their organizational goals.

Teams that embrace security drive significant value to the business, but what meaningful steps should be taken to see these benefits? The table below shows the percentage of respondents from the 2021 Accelerate State of DevOps Report who leverage specific security best practices. Consider implementing these practices in your organization to ensure you maintain a secure software development life cycle: 

Security best practice
Test for security. Test security requirements as a part of the automated testing process, including areas where pre-approved code should be used.58%
Integrate security review into every phase. Integrate information security (infosec) into the daily work of the entire software delivery life cycle. This includes having the infosec team provide input during the design and architecture phases of the application, attend software demos and provide feedback during demos.54%
Security reviews. Conduct a security review for all major features. 60%
Build pre-approved code. Have the infosec team build pre-approved, easy-to-consume libraries, packages, toolchains and processes for developers and IT operations to use in their work.49%
Invite infosec early and often. Include the security engineering team during planning and all subsequent phases of application development, so that they can spot security-related weaknesses early and give the team ample time to fix any vulnerabilities identified. 63%

This year’s report investigated a variety of capabilities and practices that drive performance, and security was just one. In the 2021 Accelerate State of DevOps Report, we also examined the effects of SRE best practices, the pandemic and burnout, quality documentation and we revisited our exploration of how organizations are leveraging the cloud. If you’d like to read the full report or any previous report, you can visit cloud.google.com/devops.

Avatar photo

Dustin Smith

Dr. Dustin Smith is a Human Factors Psychologist and Senior User Experience Researcher at Google. He has studied how people are affected by the systems and environments around them in a variety of contexts: Software Engineering, Free-to-Play Gaming, Healthcare, and Military. His research at Google has emphasized identifying the areas where software developers can feel happier and more productive during development. Dustin received his PhD in Human Factors Psychology from Wichita State University.

dustin-smith has 1 posts and counting.See all posts by dustin-smith