Lacework announced the findings of its DevSecOps Market Survey in Australia and New Zealand. A shift is happening in the local ANZ market as more organisations are moving to adopt agile DevSecOps practices, with 39 percent already undertaking this transition, and a further 36 percent earmarking plans to do so in 2022.
The research, which surveyed 170 technology practitioners from Australia and New Zealand across enterprise and SMB organisations, found more significant amounts of software development combined with greater security concerns are driving the adoption of the DevSecOps practice.
However, these adoptees are still facing challenges with over half of respondents (53 percent) citing budget constraints, the well-publicised skills shortage in the ANZ market, and tool proliferation that stretches existing teams to capacity as factors hindering their adoption and practice of DevSecOps. Only 16 percent of respondents currently rely on a single tool for testing and scanning, whilst 84 percent report using two or more tools to perform these tasks.
Graham Pearson, Vice President and Managing Director ANZ at Lacework, said, “We are seeing a positive and speedy uptake of DevSecOps across the region, but it’s not possible to maintain the security status quo and also achieve innovation through organisational agility as business processes evolve,” “In order to take advantage of DevSecOps processes, ANZ organisations must streamline security tools and adopt and implement continuous security and create automated testing throughout the software development and release process. Throwing more money at the problem without taking these steps will only feed existing challenges, not solve them.”
Promisingly, the report found that DevOps and Engineering teams are improving build-time security and their ability to catch issues before shipping to production environments: 37 percent of those surveyed said their DevOps teams have a dedicated headcount in place to take responsibility for build-time security as part of the development cycle. A further 23 percent called out a shared responsibility model whereby build-time security was the joint responsibility of DevOps and Security.