Shifting left from DevOps to DevSecOps aims to prioritize security by automating parts of the development lifecycle to improve a company’s security posture.
While development teams often have more to do than time allows, such as meeting project deadlines or fixing an urgent technical bug, neglecting security in the modern age simply isn’t an option. The more efficient process offered by a DevSecOps model aims to help combat reports that 97% of developers struggle to meet critical launch deadlines.
Let’s look at the precise definition of DevSecOps and key statistics that shed light on the benefits of this modern approach to the development lifecycle.
Gartner defines DevSecOps as “the integration of security into emerging agile IT and DevOps development as seamlessly and as transparently as possible.”
Gartner continues to stress the importance of not sacrificing speed and agility while introducing security to the process. To achieve this, they recommend implementing security practices directly into workflows without requiring developers to leave their toolchain environments.
Yet, this can be a challenge to sell to stakeholders who all too often are pushed to prioritize speed to market instead of security. These stats should help show the importance of shifting left to a DevSecOps model.
DevSecOps Statistics for Developers
- 90% of development teams claim to be following DevSecOps practices. (Gartner)
- 39% of developers feel fully responsible for security in their organization. (GitLab)
- 79% of DevSec teams report it’s challenging to consistently monitor for vulnerabilities. (State of Pentesting Report 2022)
- 79% of companies admit their average application in development has an average of 20 or more vulnerabilities. (ContrastSecurity)
- By 2025, Gartner predicts 70% of organizations will use infrastructure automation tools within their DevOps processes. (Gartner)
The benefits of a DevSecOps model comes from the increased collaboration between development, security, and operation teams, where all teams can contribute more to the company’s bottom line with an improved security posture. While most development teams say they’re using a DevSecOps methodology, many stats challenge how effectively.
A key takeaway for development teams is that a significant portion feel responsible for security directly. With this responsibility, we see challenges in keeping up with security tasks such as monitoring vulnerabilities. Thankfully, this can be alleviated with automation and better alignment across processes.
Security Team Statistics
- 94% of security teams and 93% of development teams report being impacted by talent shortages. (State of Pentesting Report 2022)
- Only 25% of Orgs with low-security integration can remediate a vulnerability within 1 day, compared to 45% of organizations with high levels of security integration. (Puppet Labs, 2020)
- 52% of organizations report sacrificing cybersecurity for speed to market. (PagerDuty)
- Only 33% of data breaches involved internal team members, of those 78% of data breaches were from unintentional data loss or exposure. (Aberdeen Report)
For security teams, evangelizing the importance of security to improve awareness remains a key component to a strong security plan. This includes awareness across the company but special consideration should be given to development and operations teams to promote collaboration across their departments.
A key takeaway for security teams is that increased integration and collaboration with other teams decreases risk. While much of the DevSecOps model focuses on three departments with the highest levels of collaboration, security teams should also use awareness training for the entire company to avoid unintentional internal data leaks.
Overall Benefits of DevSecOps
- The DevSecOps market is expected to grow at a CAGR of 25.6% from $2.79 billion in 2020 up to $17.24 billion in 2028. (Research & Markets)
- 57% of organizations suffered from a security incident related to exposures in DevOps. (ThycoticCentrify)
- According to a 2020 report, cloud misconfigurations cost organizations $5 trillion in 2018 and 2019. (DivvyCloud)
The benefits of DevSecOps become self apparent when considering the high risk of a cyberattack in 2022. Alignment between these different teams to improve processes has been shown to decrease the risks of a breach.
With a few interesting takeaways here for any company considering implementing a DevSecOps process, the most important thing to highlight is the huge demand. This shows the value of DevSecOps in an explicit manner with the market cap expected to expand from under $3 billion in 2020 to over $17 billion by 2028.
In closing, we hope this shows the importance of shifting left towards a DevSecOps model — and makes it easier to encourage teammates, managers, and senior leadership to pursue a similar mentality. The increased security benefits alone should be reason enough but there are also benefits created specifically for development and operation teams such as peace of mind about vulnerabilities in the code or improved efficiency.
Learn how Cobalt’s innovative Pentest as a Service (PtaaS) model supports a shift left through increased collaborations between pentesters and developers.