More Companies Adopting DevOps & Agile for Security

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.

Dark Reading logo in a gray background | Dark Reading

DevOps and agile programming continue to make inroads into software-development teams, with the two development methodologies accounting for more than two-thirds (68%) of the practices at companies polled in a recent survey, according to a report published by development-tools maker GitLab on Tuesday.

The adoption coincides with developers taking an increasing role in securing software — so-called "shifting left" — with 39% of developers "feeling fully response for security," up from 28% last year, while 32% share responsibility for security with other teams, according to survey results. Overall, the security outlook among developers has increased significantly over the past year, with 72% calling their organization's security either "good" or "strong," up from 59% the prior year.

This year, more than any other year, integrating security into DevOps — often called DevSecOps, SecDevOps, or secure DevOps — is a reality, says Johnathan Hunt, vice president of security at GitLab.

"Last year, often no one knew who owned security, and the adoption of DevSecOps was stagnant — you could see that," he says. "Now, we are feeling better about security as an organization, and our perception of security is improving."

The survey focuses on DevOps and DevSecOps rather than on other software development methodologies, such as agile programming, scrum, kanban, or waterfall. The majority of DevOps implementations included continuous integration and continuous deployment (CI/CD), followed by the integration of security (DevSecOps), and test automation.

While GitLab did not ask specifically about the impact of the pandemic, the last year had a significant impact on the software development community. Because programmers are ideal candidates for remote work, the vast majority of them worked remotely, which focused the teams on software development methodologies that supported a distributed workforce.

"2020 was a catalyst for DevOps maturation,” Eric Johnson, CTO at GitLab, said in a statement. “Teams worldwide worked to streamline development cycles and deliver faster release time than ever before, all while adjusting to remote work and shifting priorities to meet the high demands of last year."

Nearly 4,300 respondents completed the survey in February and March 2021, with software- and DevOps-related disciplines — such as software developers and DevOps engineers — accounting for respondents' top four roles and more than two-thirds of survey takers overall.

While the increasing role of security in development is promising, there are still tensions between the two disciplines, says Hunt. The majority of DevOps developers claim that the frequency of software deployment doubled, with 28% deploying multiple times a day, 15% once a week, and 10% deploying every month.

"Even though we have seen a large increase in security ownership, that problem is not solved. There is still moderate confusion over ownership of the secure development life cycle," Hunt says.

The most significant challenge continues to be testing, including security testing, with more than 40% of the developers believing that testing happens too late in the development pipeline, according to the survey.

Testing continues to cause delays, despite the fact that nearly a quarter of respondents to the survey say their company has implemented full test automation. Another 25% of respondents, however, have no test automation or may only be thinking about automated testing.

"There has always been this conflict on when do we test, when do we scan, when do we find these vulnerabilities, how does it slow down the development life cycle," Hunt says. "Now, developers want it sooner, and that is interesting, but they are also saying that it is too difficult to handle vulnerabilities."

Companies continue to quickly adopt artificial intelligence (AI) and machine learning (ML) to improve their development, with more than 41% adopting the technologies for testing. In 2020, only about 16% of respondents were testing using AI or ML tools. However, DevOps teams appear to be behind the curve, with just a bit more than 11% using AI and ML tools for development, up from 4% in 2020, but well behind the average.

A significant percentage of developers (30%) consider an understanding of the technologies to be critical to their future careers, ahead of soft skills, such as communication skills, which ranked No. 1. in 2020.

"Technical skills remain an issue for DevOps teams, but that is a problem related to the rapid adoption of AI and ML," Hunt says. "As we are moving toward AI and ML, developers don't really know what to do with that technology."

About the Author

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights