The idea of DevSecOps is to take traditional DevOps further – making software development more agile, more secure and promoting better cooperation between development and IT operations teams.
This evolving methodology requires expertise to handle the increased requirements and greater complexity of software as all organisations face a global shortage of developer skills. And with no one-size-fits-all solution to choose from when it comes to DevSecOps, every organisation is doing it differently, and few are getting what they want from it.
This raises the question: are IT leaders seeing DevSecOps practices deliver the expected results?
To answer it, we spoke to 200 IT decision-makers from large UK businesses and public sector organisations. The findings highlight the responses on both sides of the coin – those in the planning phase of DevSecOps, and those that have already adopted the practice.
Key insights include:
- A resounding 99% have seen marked improvements in both consistency and quality since adopting DevSecOps practises.
- And whilst 74% of those in the planning phase feel they will be able to provide return on their DevSecOps investment, the reality is 97% of current adopters can confidently report ROI (Return on Investment).
Yet, there is a flip side:
- 74% have experienced a rise in critical P1 incidents after implementing DevSecOps.
- And culture challenges are greater than expected – resistance for teams to change is cited as the number one barrier when it comes to delivery teams taking ownership of DevSecOps practices.
Our own experience shows quality is the most worrying challenge for teams that are also under pressure to achieve speed and value. Organisations need to embed premium DevSecOps practice from the outset, employing engineering that improves product, quality, and speed, while delivering value for money.
One organisation which has met their DevSecOps expectations is the UKHSA (United Kingdom Health Security Agency), which used automation to achieve significant efficiencies and reduced costs to support the scaling of healthcare systems that processed Covid-19 results. Automation captured four key DevSecOps metrics, pinpointing where bottlenecks were occurring, along with their root causes, allowing for adjustments of processes and pipelines across the delivery team. Delivery speed was improved by 60% and production incidents reduced by a massive 89%, while saving £1m through optimisations.
This is all achievable and founded on a culture of ownership, continuous delivery, security, quality, and extensive automation. A four-stage discovery-realise-transform-protect model will fully optimise DevSecOps performance, locking in long-term gains and providing continuous benchmarking of teams.
Whether you are considering adopting DevSecOps or are already on the journey, our findings offer invaluable insights to guide your strategy with a distinct and proven methodology.
Download the report now and get in touch for a more informed and effective DevSecOps journey.
Your business will be able to drive process improvements to increase overall capability and organisational maturity supporting the technology growth. Your teams will improve their collaboration with the right visibility while reducing costs and using automation to speed up development cycles without sacrificing quality and security.
For more information or to ask for more practical advice, please reach out to us via our website or via email at contact@capacitas.co.uk
About the Author
Thomas Barns
Thomas brings his hands-on experience in developing structured capacity and performance models for diverse IT systems in e-commerce, banking and telecommunications. Thomas is Capacitas Service Design Director. Has developed operational capacity management and reporting tools that have helped many of Capacitas clients.