CIO Influence
CIO Influence News IT and DevOps

Mezmo, ESG Research Finds That Despite Low Adoption, DevSecOps Brings Significant Results

Mezmo, ESG Research Finds That Despite Low Adoption, DevSecOps Brings Significant Results

Challenges with data volume, collection, and analysis hinder successful adoption, driving the need for better tooling to generate actionable insights

Mezmo, the leading observability data platform, published the report “Leveraging Observability Data for DevSecOps,” which provides insights on DevSecOps adoption, its benefits, and the challenges with implementation. According to the study, only 22% of respondent organizations have developed a formal DevSecOps strategy integrating security into software development lifecycle (SDLC) processes, but an overwhelming percentage of those report a positive impact on accelerating incident detection (95%) and response (96%) efforts.

Based on a survey of 200 DevOps and IT/information security professionals conducted by leading analyst firm ESG, the report shows that more than half of respondent organizations using DevSecOps tools and processes experienced a significant reduction in incidents that occur in production. The greatest impact reported was on accelerating incident detection efforts, and nearly half reported significant improvements in incident response and remediation times.

Although adoption is low for now, the study also confirms potential growth in the industry with 62% of respondents saying their organization is actively evaluating use cases or has plans to implement DevSecOps.

Latest ITechnology News: Netlify Announces the Better Next.js Runtime for Developers

“As organizations adopt modern software development processes leveraging cloud
platforms, they are looking to incorporate security processes and controls into developer workflows,” said Melinda Marks, senior analyst at ESG. “This research shows DevSecOps can be a game changer for companies, and there is no doubt we will see growing market traction over the next few years.”

Factors Limiting DevSecOps Adoption and Success

According to the research, there are distinct differences between the perceived and actual challenges of implementation. Companies believe that establishing a culture of collaboration and encouraging developers to leverage security best practices are nearly equal in importance to adopting DevSecOps tools. While it is common to anticipate cultural transformation to be a roadblock prior to adoption, those practicing DevSecOps report that technical limitations, such as data capture and analysis, are actually greater barriers to success.

Eighty-four percent of respondents believe that getting the right data and tools to developers is key for enabling success. But, as organizations increase the speed and volume of releases to serve more customers, they are collecting huge volumes of data. Organizations surveyed capture several (54%) or even hundreds (32%) of terabytes per month, with 6% capturing a petabyte or more per month.

This amount of data is costly to collect and store, and parsing through it for incident triage and response is time-consuming. In fact, 17.5 person hours is the average time it takes to triage and understand security incidents—an amount that 82% of companies would like to reduce. Most organizations (69%) do not capture certain data sources because of the high cost of storage/retention, which is problematic if there is an incident and the organization has incomplete data for a thorough analysis and/or timely response.

Latest ITechnology News: Security Experts at INE Unveil Damn Vulnerable AWS and Azure Tools

Making the Most of Your Data with Observability

The study shows that 91% of organizations are using multiple tools to get the most value out of their data, which makes it difficult for multiple groups to have access to the data they need to do their jobs. Not having a “single source of truth” is reported as the greatest challenge holding back teams.

“To move fast and build secure applications, companies need solutions that help them to fully harness the value of their data to drive better results,” said Tucker Callaway, CEO, Mezmo. “To achieve this, teams are looking for observability solutions that are flexible and scalable, with automation features to help improve data collection and analysis.”

Right now, most companies (87%) are using open source tools as part or all of their observability stack because they are more customizable. But 84% believe it will become challenging to manage, adapt, and scale with these solutions. Nearly all survey respondents (98%), with titles across teams, from application developers to IT and security professionals, said they will likely investigate a managed observability solution over the next 12 months.

Latest ITechnology News: Involta Expands Its Cleveland Market Data Center

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Viakoo and Presidio Announce Partnership to Deliver Best-in-Class IoT/OT Enterprise Security

PR Newswire

Zudy, the Leader in Rapid Digital Transformation, Launches Vinyl 3.2 the Most Advanced No-Code Platform Available for the Enterprise

GoVanguard Expands Cybersecurity Capabilities with Acquisition of Gotham Security