In a recent report, leading analyst firm Gartner predicted that the Public Cloud Services Market will continue to gain steam, reaching $397.4B by 2022. This is surely due, in part, to the fact that an overwhelming number of enterprise CEOs are making digital business transformation a top priority for their businesses. This focus and priority have been further accelerated by the Covid-19 pandemic.
The infographic below breaks DevSecOps down into four categories:
- Digital transformation is a board-level issue
- More companies are adopting to DevSecOps
- Security is an impediment to DevOps
- Cloud security breaches are on the rise
The DevOps cultural shift
In response, many of the biggest organizations are experiencing a significant cultural shift, especially within their development teams. As a result, DevOps has now become the preferred method for driving application development and deployment at speed and at scale. DevOps methodologies are enabling organizations to deploy updates to cloud application code — including new capabilities and features — dramatically faster. According to GitLab’s recent 2021 Global DevSecOps Survey, 60% of developers said they are releasing code 2x faster than before, thanks to DevOps.
The speed challenge of DevSecOps
Of course, not all of this is without its challenges. Today, organizations not only need to get their applications to the cloud and market faster, but they need to do it in a way that assures they are secure and compliant. With the expansion of DevOps and Secure DevSecOps models, the concept of “shifting left”, “shifting right,” and “shifting everywhere” in the software development life cycle (SDLC) is critical. While this bodes well for building effective DevSecOps teams, security and risk leaders are still challenged to implement cloud application security at the requisite speed of DevOps. Although DevSecOps practices will be embedded in 60% of rapid development teams this year, Gartner reported that 71% of CISOs say their DevOps stakeholders still view security as an impediment to speed-to-market.
“…Organizations not only need to get their applications to the cloud and market faster, but they need to do it in a way that assures they are secure and compliant.”
The stakes of cloud breaches are high
While the adoption of public cloud services and DevSecOps continues to surge, cloud breaches are showing no signs of waning. After years of downward trends, a near majority of cybersecurity professionals confirm they are concerned about cloud security. And today’s threat actors are heading the opportunity created by inadequate cloud security and cloud misconfigurations. According to a report by DivvyCloud, the struggle to implement proper cloud security by enterprises resulted in more than 33 billion records exposed in 2018 and 2019 alone. In addition, a study by Ermetic and IDC found that nearly 80% of companies surveyed said they had experienced at least one cloud data breach in the past 18 months.
Wrapping up: What’s the future of DevSecOps?
Simply put, effective DevSecOps in the cloud should always be one of the main concerns of SaaS companies and DevOps teams leveraging the power of new cloud-based technology and services to build, deploy, and deliver new applications and business solutions. To outline the latest trends, journey, challenges, and threats to successful cloud application security and DevSecOps, I created the Infographic above. It was compiled from a host of reputable sources including Gartner, InfoSecurity Magazine, Threat Stack, Crowd Research Partners, Enterprise Security Group, Ponemon Institute, Verizon, IDC, Puppet’s 2020 State of DevOps Report, and more.