The automation, stability of infrastructure, and inherent traceability of DevOps tools and processes offer a ton of security and compliance upsides for mature DevOps organizations.
According to a new survey of over 5,500 IT practitioners around the world, conducted by Sonatype, "elite" DevOps organizations with mature practices, such as continuous integration and continuous delivery of software, are most likely to fold security into their processes and tooling for a true DevSecOps approach.
Throughout the "DevSecOps Community Survey 2019," responses show that mature DevOps organizations have an increasing awareness of the importance of security in rapid delivery of software and the advantages that DevOps affords them in getting security integrated into their software development life cycle.
"The incorporation of security as part of the product development cycle is key," said Ariel Kirshbom of Ernst & Young, in response to one question about why DevSecOps is important to her organization. "To really embrace DevOps, security needs to be seamlessly integrated to the software development life cycle."
Most importantly, the study offers concrete statistical evidence that DevOps organizations are doing better in key areas including automating security functions, tracking components and changes for compliance purposes. They are also making faster headway on securing emerging infrastructure technologies like containers and container orchestration. Read on for more about why they excel.