DevSecOps: When Security Can't Wait

Today’s faster software development cycles are hamstrung by old school security practices.

Security needs to be a continuous, full-cycle activity. It no longer is enough just to streamline development and operations (DevOps) and let security remain a late-stage gambit. Late-stage security is hazardous. Waiting too long for security stands to erase many of the efficiency gains organizations win from their agile and DevOps practices.

Secure DevOps – that is to say, DevSecOps – means full-cycle, continuous security. Integrating security into the design or even the planning stages lets organizations identify software problems earlier in the software development process. That frees teams to focus on innovation, instead of chasing their tails with constant 11th-hour reworkings and fixes.

Such freedom in turn enhances business agility. That's critical to Asia/Pacific organizations now and in the future of digital innovation.

More than 75% of Asia/Pacific organizations tell IDC they intend secure DevOps with automated security and compliance tools (IDC 2020), but fewer than a third have even gotten started. That’s understandable. DevSecOps is easier said than done. It is as much about reteaming as retooling. Not only must organizations bust old authoritarian security siloes, but they must weave together security with DevOps teams into a collaborative whole. In DevSecOps, every stakeholder holds an equal responsibility for security. It isn’t just the province of the chief security office. It can't be.

DevSecOps is a bedrock capability of the Future of Digital Innovation, which holds that all enterprises in the future will have to become software innovators just to keep up. In coming weeks, Linus Lai and I will be digging into low-code tools, the API economy and other factors that will define it. Find IDC’s DevSecOps Framework for Innovation here.

Based in Hong Kong, Gina Smith, Ph.D. leads DevOps research for IDC Asia. She is the author of Apple cofounder Steve Wozniak's biography, iWOZ: How I Invented the Personal Computer and Had Fun Doing It. Email her at [email protected]