Software innovation is the core of every company's digital transformation; the strategic weapon by which modern organizations compete and win on a global playing field. This is why executives and shareholders at every company, in every industry, are placing intense pressure upon IT teams to accelerate innovation.
This insatiable demand for innovation has created a perfect storm which is wreaking havoc on many IT organizations around the world. To counter the effects of this storm, forward-leaning organizations have embraced DevOps as the preferred methodology for manufacturing quality software at scale and continuously delivering innovation.
Organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes. Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.
This realization is the reason why DevSecOps in suddenly strategic for anyone and everyone in software.
Yesterday's announcement by CA that they are acquiring Veracode for $615 million provides further evidence of this important trend within the software industry. Ayman Sayed from CA stated:
In today’s app economy, companies are aggressively moving to Agile and DevOps practices to speed delivery of new applications. From building and testing to deployment and operations, speed and quality is of the essence. And even more importantly, to effectively secure applications at the speed of DevOps, security needs to be completely integrated into the development process, from start to iteration to general availability and use.
Another reason why DevSecOps is strategic is the fact that 90% of security incidents result from exploits against defects in software. Furthermore, recent research from Gartner predicts that by 2019 more than half of enterprise DevOps initiatives will include automated application security testing; up from 10 percent in 2016.
In traditional Waterfall-native development, implementing software security controls has been cumbersome and difficult to scale. The sad truth is that within most companies, members of the "dev tribe" view members of the "sec tribe" as nothing more than friction and inhibitors to innovation.
Going forward, things must change. Modern teams must learn how to embrace the spirit of DevSecOps and find ways to develop software with one eye on security, one eye on quality, and both eyes on the prize of faster innovation.
Making DevSecOps a reality for your organization might sound like a daunting task. In reality, however, it's surprisingly easy. All you need to do is embrace software supply chain automation tools that infuse lightweight and contextual controls into every phase of your continuous delivery pipeline. You, your CEO, and your shareholders will be amazed at the productivity gains that can happen when your developers view security and governance controls not as inhibitors to innovation — but rather as enablers of innovation.