Findings show a clear disconnect between developer and security teams.
GitLab’s fourth annual DevSecOps survey showed roles across software development teams have changed as more teams adopt DevOps.
The key findings indicate rising rates of DevOps adoption and implementation of new tools, which has led to sweeping changes in job functions, tool choices and organisation charts within developer, security and operations teams.
Anthony McMahon regional director at APAC, GitLab told CIO Tech Asia the role of the developer is changing.
The survey found that the lines are blurring between developers and operations teams. DevOps adoption rates are also up – 25 per cent of companies are in the DevOps “sweet spot” of three to five years of practice while another 37 per cent are well on their way, with between one and three years of experience under their belts.
As part of this implementation, many are also seeing the benefits of continuous deployment: nearly 60 per cent deploy multiple times a day, once a day or once every few days (up from 45 per cent last year).
“As more teams become more accustomed to using DevOps in their work, roles across software development teams are starting to shift as responsibilities begin to overlap,” said McMahon. “There is more work to be done when it comes to streamlining collaboration between security, developer and operations teams.”
However the findings show a clear disconnect between developer and security teams – there is uncertainty about who should be responsible for security efforts.
“Security teams continue to report that developers are not finding enough bugs at the earliest stages of development and are slow to prioritise fixing them,” said McMahon. “Over 42 per cent said testing still happens too late in the life-cycle. While automated testing is on the rise, very few companies claim to have full test automation.”
According to McMahon, the most important question for the CIO is, how can they partner with the business and digital transformation and other top business priorities.
“At a tactical level, CIOs are expected to simultaneously increase operational efficiencies, increase velocity and deliver better products faster, and minimise security and compliance risk,” he said. “Another way of thinking about this is how they make it possible to rapidly and securely create new solutions (idea-to-code) and then efficiently deliver the solutions (code to cloud).”
It’s important for IT and business teams to align and focus their efforts on responsiveness and agility to meet these dynamic times, said McMahon.
“What they need is a consistent view across the lifecycle and collaboration that bridges the silos between for Dev, Ops, and Security teams,” he said. “They need the ability to be public cloud independent, deploy anywhere, SaaS and/or self-managed.”
An ability to work in parallel, get feedback and not have to wait on other teams. They must invest and promote automated pipelines that accelerate testing, security, deployments to minimise manual tasks and intervention, McMahon said.
“Embrace a “shift-left” mindset that encourages early testing and compliance efforts so teams can find and resolve security, compliance and quality issues at the point of code change,” he said.
“It’s a changing world for developer, operations and security teams and that holds true for roles and responsibilities as well as technology choices that improve DevOps practices and speed up release cycles.”
When done right, DevOps can go a long way to improve a business’s bottom line, but there are still obstacles to overcome to achieve true DevSecOps
“DevSecOps teams need to be able to collaborate, and visibility is a key component in helping teams work better together. By simplifying the toolchain, it reduces barriers to communication and gives DevOps access to the entire software development lifecycle (SDLC),” McMahon said. “When teams can build, test, and deploy with single sign-on simplicity, they can solve problems and share knowledge all in one place.”