Changing the game: The evolution of DevOps to DevSecOps

clock • 3 min read
Ben Todd

Ben Todd

Digital transformation, supported by cloud migration and modern DevOps practices are essential to organisations' drive to accelerate innovation to attract and retain customers. But these trends come at a price. 

As technology stacks become more complex and development cycles accelerate, it is increasingly difficult for human teams alone to keep up. DevOps teams must manage and secure data, platforms, and applications across a more dynamic and distributed landscape, where change is the only constant. 

To succeed, organisations need to adopt DevSecOps-driven automation practices. However, many are struggling to establish such a culture, despite a widespread understanding of the benefits of DevSecOps.

Tackling growing complexity

Organisations are faced with growing security risks as they attempt to keep up with the pace of digital transformation and shift to the cloud. In fact, research reveals that more than two-thirds (68%) of Chief Information Security Officers (CISOs) say the complexity of their software supply chain and cloud ecosystem has led to vulnerability management difficulties. 

DevOps teams are struggling to prioritise vulnerabilities due to insufficient context about the risk posed to their environment. Consequently, teams may spend days chasing false positives or non-critical issues, neglecting urgent risks and leaving them unnecessarily exposed. 

Manual application security processes and fragmented DevOps toolchains also impact how teams prioritise their work. Despite using numerous tools to maintain application security, DevOps teams struggle to respond quickly to resolve vulnerabilities as they are detected. This is because many solutions aren't designed or integrated with cloud complexity in mind. 

Teams are forced to rely on disparate sources of observability and security data, leading to visibility gaps across different platforms in their hybrid stack. They are therefore often required to manually analyse thousands of security alerts to identify, assess, and prioritise their response efforts to emerging vulnerabilities. 

This creates a lot of noise, which is increased by duplicate alerts from different tools, alongside false positives highlighting threats that don't carry any significant risk. Security teams need AI solutions that can help to prioritise their efforts by separating the most urgent vulnerabilities from those that are less critical to the business.

Adopting automation

To empower DevOps teams and to amplify the impact of DevSecOps on innovation, organisations should prioritise automation and adopt a unified approach to observability and security. This will break down silos between different sources of data and create a single, comprehensive source of truth to drive automation.

With the integration of trustworthy AI alongside this data source, DevOps teams can unlock the insights they need to support end-to-end DevSecOps automation across the software delivery lifecycle (SDLC). 

For instance, they can automate IT service management (ITSM) workflows and create an automatic support ticket as soon as a vulnerability is detected, which is then sent to the relevant team to resolve. Streamlining this process eliminates the need for DevOps teams to manually intervene, therefore saving time and resources. 

Embracing the potential of DevSecOps

As organisations evolve to meet customer demands through faster innovation, they must address the security risks created by this speed and agility. Success hinges on DevOps teams embracing a more intelligent approach to application security, supported by DevSecOps automation. 

Unlocking the full potential of DevSecOps automation relies on a culture shift within organisations to fully understand the benefits of holistic monitoring. By taking a more unified approach to observability and security, organisations can minimise the burden of vulnerability management on their DevOps teams. 

This allows these teams to prioritise higher value strategic tasks that drive business growth and create a lasting competitive edge. 

Ben Todd is senior director security, EMEA at Dynatrace. Ben has more than 20 years of experience in the tech industry, and has specialised in cybersecurity since 2014. He has worked for the likes of Cisco, Dell and Nomidio and joined Dynatrace in January 2021. In his role as Senior Director Security, EMEA, Ben is responsible for the build and scale out of the Dynatrace Security business in the EMEA market.

You may also like
Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

Security Technology

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

clock 26 March 2024 • 5 min read
 IT Essentials: Shift happens


'You were so preoccupied with whether you could, you didn't stop to think if you should'

clock 20 November 2023 • 2 min read
Bedding in DevSecOps at funiture retailer Dunelm


DevOps leads explain how they got their teams comfortable with integrating security into their code

clock 12 October 2023 • 5 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on DevOps

DevOps Excellence Awards 2024 - in pictures

DevOps Excellence Awards 2024 - in pictures

clock 18 March 2024 • 1 min read
Winners announced at the DevOps Excellence Awards 2024

Winners announced at the DevOps Excellence Awards 2024

The most outstanding people, projects and companies in DevOps

clock 15 March 2024 • 2 min read
DevOps on mainframe at HSBC, DevOps Excellence Awards finalist

DevOps on mainframe at HSBC, DevOps Excellence Awards finalist

The benefits far outweigh the complexities

Mike Thompson
clock 13 March 2024 • 3 min read