If we look at the security breach statistics in today’s times, even a small error made by the DevOps or software development team can led to tremendous impact on businesses’ reputations or, in some cases, their existence. Hence it is essential for organisations to integrate security testing and other activities into the earliest stage of the software development life cycle (SDLC). In reality, however, only 21% of Indian organisations polled by analyst firm IDC said that they follow this principle - which means a whopping 79% neglect the practice of incorporating security testing into the early stages of software development.
This in turn leads to many unsuccessful DevOps projects, which is otherwise an effective practice that produces a culture of collaboration among development and operational teams.
"India organisations are dedicating significant budgets to their SDLC and increasingly incorporating agile and DevOps methodologies. However, they also need to realise the importance of incorporating security across the SDLC," said Rithika Ponnala, Senior Research Analyst, Digital Transformation Practice, IDC India.
IDC’s study titled, ‘Are India Enterprises DevSecOps-Ready?’ also reveals that organisations stressing on innovation and application delivery, have integrated security with DevOps (popularly known as DevSecOps).
The need for faster delivery, increasing security concerns, and agility are the top drivers of DevSecOps initiatives across Indian organisations, the study said.
“Explosion of new applications results in the increase of cybersecurity attacks too. As a result, DevSecOps gains momentum and IT leaders aim towards integrating security early in the development cycle,” said Neha Gupta, Senior Research Manager, IDC India.
Organisations have, however, also cited lack of integrated tools, automating across hybrid environments, and budget constraints to be the biggest obstacles.
According to a 2021 report by research firm Gartner, by 2030, 90% of DevOps initiatives will fail to fulfil their expectations because of restrictions on leadership approaches, lack of security integration and other non-technical reasons.