This SANS DevSecOps survey examines the progress made over the past year toward improving organizations’ security posture and operational effectiveness by aligning the development, security, and operations teams around secure DevOps cultural ideals, practices, and tools. Respondents representing a broad range of industries, job roles, and organization sizes participated.
The survey results indicate that, more than ever, applications are being hosted in multicloud, hybrid environments using virtual machines (VMs), containers, and serverless functions. Such environments present security challenges because of the inherent differences among the various cloud service providers and the very different demands of on-premises hosting.
The survey questions investigate topics such as the DevSecOps landscape, application hosting in the cloud, methods of securing multiple cloud environments at scale, container security, and the automation of compliance functions. We also look at DevSecOps practices and tools, along with challenges and success factors.
The final section, “Moving Forward,” summarizes the key takeaways of each preceding section and advises organizations to continue to promote DevSecOps practices (such as conducting blameless retrospectives), to leverage technologies (such as Cloud Security Posture Management and Cloud Workload Protection Platforms) in order to cope with scale, and to monitor or experiment with new, trending technologies (such as developer security, artificial intelligence, data science, and GitOps) that show promise for improving DevSecOps.