GitLab Inc.’s 2022 Global DevSecOps Survey underscores the need for enterprises to prioritize security and compliance while focusing in on the impact of rapid DevOps adoption.
GitLab, a provider of The One DevOps Platform for software innovation, surveyed 5,001 developers, operations and security practitioners, and organizational leaders. Researchers found that nearly 75% of respondents have adopted, or plan to adopt within the year, a DevOps platform to meet rising industry expectations around security, compliance, toolchain consolidation and faster software delivery.
The findings highlight security as the highest-priority investment area for organizations. In fact, GitLab found that more than half of security team members said their organizations have either “shifted security left” or plan to this year.
Toolchain consolidation is also a high-priority focus, as found that 69% of respondents want to consolidate their toolchains due to challenges with monitoring, development delays and negative impact on developer experience.
Commenting on the findings, Johnathan Hunt, vice president of Security at GitLab, said:
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business and government leaders – but it doesn’t have to. Streamlined toolchains and standardized, transparent processes help organizations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.”
Security Impacts on DevOps Teams
Security has surpassed even cloud computing as the leading investment area across DevOps teams at global organizations, Gitlab reports. However, many companies are still emerging in their approach and results. For that matter, only 10% of respondents reported receiving additional budget for security.
GitLab found that data supports the “ongoing trend of misalignment between security and development teams.” Over half of survey respondents stated that security is a performance metric for developers within their organizations, GitLab said. However, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities.
To “align performance metrics with reality,” GitLab advises that developers be incentivized to practice security protocols and be provided with full visibility into the toolchain and potential risks.
DevOps teams broadly noted “better security” as a key advantage to a DevOps platform, GitLab reports. Also, “commitment to security” was a driving force for many decision-makers when choosing a DevOps platform or other tools.
Toolchain Sprawl Challenges Developers
Although 60% of developers surveyed are releasing code faster than before, Gitlab reveals that “toolchain sprawl” is impacting speed and productivity, thereby taking valuable time away from developers.
Additionally, nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021. Accordingly, 69% of those surveyed stated that they would like to consolidate their toolchains.
David DeSanto, vice president of Product at GitLab, says that 2021 marked a significant turning point in the adoption of DevOps tools, platforms and processes. He explains that in 2022 we’re seeing the fruits of those efforts:
“Despite hurdles presented by the ongoing pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organizations continue to consolidate their DevOps toolchains and processes.”
What is the Impact on MSSPs?
As developers are spending more time maintaining and integrating complex toolchains and DevOps professionals are looking to consolidate toolchains in the coming years, MSSP partners have a unique opportunity to leverage native and add-on security solutions for their software development lifecycle and DevOps platforms.
Speaking to MSSP Alert, Nima Badley, vice president of Alliance at GitLab, explained the key role MSSPs in securing their DevOps platforms:
"Together with GitLab, MSSP partners that deliver more secure, streamlined solutions for businesses are uniquely positioned to help customers get more speed, productivity and security out of their DevOps investments. Partner program expansions play a key role in the consolidation of developer tools, more secure channel offerings and adoption of the DevOps platform. We know this firsthand at GitLab Inc., as we’ve grown the number of channel and alliance partners in our Partner Program by more than 75% in the last year."
