sb-nz logo
Story image

DevSecOps increasingly important, but APAC organisations lagging behind

Three in four IT leaders say COVID-19 is accelerating initiatives to secure software development processes, and DevSecOps is recognised as an increasingly important component of any digital initiative.

This is according to a new survey completed by IDC and sponsored by Micro Focus, which highlights the importance of continuous security and automated testing throughout the software development cycle.

IDC completes DevSecOps report

The report, DevSecOps: A framework for digital innovation, is an IDC InfoBrief featuring findings from the IDC Asia Pacific 2020 DevSecOps Survey.

Surveying close to 1,200 enterprise leaders across 14 APAC regions, the study looked at the state of organisational DevSecOps maturity, as well as DevSecOps activities, plans, challenges and processes.

In this report, DevSecOps refers to a set of practices that add security to the software development supply chain from the planning stage to deployment, delivery, and beyond.

Increasing importance on DevSecOps

The survey reveals that the ongoing COVID-19 outbreak has driven the demand for secure software development initiatives, according to 74% of the respondents in Asia Pacific (APAC).

The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities, the report shows.

However, a majority of APAC organisations are not equipped to tackle the issue at hand, with 55% of the respondents ranking modest to low in terms of their DevSecOps maturity levels.

APAC businesses encounter barrier to entry

According to IDC, today’s businesses recognise that efficient software development, security threats, and business agility as the top drivers of DevSecOps initiatives in APAC.

However, the survey found that while there is awareness of the benefits of engaging in DevSecOps practices amongst IT leaders, many obstacles remain on the path to the full adoption.

On a regional scale, only four in ten APAC leaders say they have united their DevOps and security teams to improve software development, with India (53%) and China (51%) leading integration efforts.

DevSecOps adoption is still in the early stages for Korea (29%) and Japan (30%).

Today, an organisation’s DevSecOps maturity level is intricately linked to its people, processes and tools - looking at stakeholder buy-in, approach to secure DevOps, and the technology used in testing and automating processes, the researchers state.

Findings from the study reveal that the top obstacles to DevSecOps adoption are spread across the following three pillars: budget issues (15%), dearth of talent or skills (13%), and difficulty automating across hybrid infrastructures (13%).

Overcoming these obstacles is a priority for APAC organisations as the need for software-powered innovation rises, which translates to a greater scrutiny on application digital risks.

The notion of late-stage security testing in software development is proving to be outdated in the context of today’s digital economy, where secure applications, services and platforms are the cornerstone of digital innovation, the report states.

The current state of security teams

Amongst APAC organisations, DevOps teams are still primarily responsible for application security testing, followed by security teams.

The most common security tools currently in use are software composition analysis (24%), followed by interactive application security testing (19%), and static application security testing (18%).

IDC Asia/Pacific DevOps research lead Gina Smith says, “The pressure to fully embed security into the continuous delivery pipeline signals a major shift towards a stronger DevSecOps culture, characterised by the abandonment of siloed functional teams in favour of shared responsibilities between developers and security experts.

"This is a strong step in the right direction for organisations looking to adopt an end-to-end security approach and build better digital capabilities."

DevSecOps adoption at core of digital initiatives moving forward

Micro Focus president Asia Pacific and Japan Stephen McNulty says, “Moving new digital initiatives forward quickly, especially to optimise the online experience for consumers and employees who are increasingly interacting with organisations virtually today, calls for secure and efficient software development processes."

“This is a defining period for relationship and digital trust building, which means organisations will need to quickly speed up DevSecOps adoption through continuous and automated security testing to effectively respond to their stakeholders’ digital needs.”

He says, “The most holistic approach to DevSecOps that will play a key role in increasing organisations’ maturity level involves making security an integral part of every software development project, striving for 100% automated testing, and continuously analysing application performance for potential gaps."

Story image
How has COVID-19 transformed our perception of work?
Almost three quarters (74%) of people never want to return to pre-COVID-19, traditional work paradigms, putting more pressure on employees to adequately support and secure changing workplace environments.More
Story image
With cyber-threats continuing to evolve, organisations need to remain in the fight in 2021
Teams can make improvements in 2021 by having a more comprehensive understanding of the threats that are out there and defining how they conduct operations to offer flexibility to adapt better.More
Story image
Claroty finds four vulnerabilities in Schneider Electric OT device
Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.More
Story image
Rising threat of data breaches among enterprises drives growth in network security revenue
"Key factors leading to the growth of network security market revenue in the Asia Pacific region includes instances of ransomware attacks, targeted attacks and phishing."More
Story image
Ransomware attacks over SSL increase by 500%, Zscaler report shows
The research reveals the emerging techniques and impacted industries behind a 260% spike in attacks, using encrypted channels to bypass legacy security controls.More
Story image
Video: 10 Minute IT Jams - Bitglass director on all things SASE
This is our second IT Jam with both Bitglass and Jonathan Andresen, who is the company's senior director of marketing. In this video, Jonathan discusses all things related to Secure Access Service Edge (SASE): its advantages over traditional security tech, what enterprises should look for, and how SASE relates to cloud-delivered secure web gateways.More