The 2018 DevOps Pulse Survey Results

Who Took This Survey?

This year, over 1,000 IT pros took the DevOps Pulse survey coming from all over the world. Over 50% have over 10 years of experience under their belt.

Key Findings: Security

• DevOps professionals are taking on security on behalf of their organizations. 54% of respondents shared that their DevOps department handles security incidents in their organizations. Only 41% employ dedicated security operations personnel.
• Despite this, most DevOps professionals are ill-equipped to handle security. 76% of those surveyed either do not practice DevSecOps or are still in the process of implementation. 71% do not feel their team has adequate knowledge of DevSecOps best practices.
• The security skills gap is a real concern. Half the organizations surveyed have trouble finding the talent to fill roles on their security analyst teams.
• Despite being two months into GDPR, a significant number of organizations are not yet ready. 39% are not yet GDPR ready or are still working on it.
• Organizations are not adopting SIEM tools as quickly as expected. Only 29% of respondents have a SIEM system in place and ELK is the most popular SIEM tool.
• DDoS is the most feared form of cyber attack. Concern over DDoS is more than double any other type of security incident.

Security Talent and Implementation

54% of organizations use DevOps personnel to handle security incidents. This is closely followed by specialized Security Operations.

However, more than half of respondents have trouble recruiting talent for security roles, revealing a major skills gap affecting many technical organizations.

Security Strategies, Tools, and Best Practices

Despite the fact that DevOps teams handle security, it seems that there is still a tremendous learning curve in implementing DevOps security best practices.

53% do not practice DevSecOps, and the vast majority do not have a good understanding of DevSecOps best practices or the toolset to help its implementation.

Compliance and Exploit Readiness

GDPR is already enforceable and the majority of DevOps Pulse respondents (54%) are most concerned about GDPR. Despite that, 39% are not yet GDPR ready or are still working on it.

Notable DevOps Trends

• Open source is overwhelmingly preferred over proprietary software. 63% of those surveyed say half of their technology or more is based on open source and over 60% contribute to the open source community.
• Diversity is not where it should be. While 78% of respondents believe their organizations are diverse and 90% believe there are equal opportunities for all genders, the overwhelming majority of respondents (more than 94%) were male.
• Serverless is steadily growing in popularity. Today, 42% of DevOps Pulse respondents use serverless technology, rising 12% from 2017 where only 30% had adopted the technology.

DevOps Culture and Diversity

As many have noted, the industry still has work to do with regards to diversity. 94% of our respondents are male, yet the overwhelming majority of those surveyed believe their company has equal opportunities for all genders.

DevOps Tools and Evolving Trends

Use of Serverless (2017-2018)

Although most DevOps teams are still not using serverless architecture, the technology is certainly growing in popularity, jumping from 30% to 42% from 2017 to 2018.

Use of Container Orchestration (2016-2018)

Container orchestration has grown dramatically in the past two years. In 2016, 72% of DevOps Pulse respondents did not use container orchestration services.

Today the number of respondents using Kubernetes has increased tremendously to almost 34%, while Docker Swarm remains a solid alternative at close to 15%.

Open Source Goes Mainstream (2016, 2018)

In 2016, 57% of DevOps teams surveyed had a strong preference for open source technology. Today, 63% responded that half the technology they use or more is open source, with 61% contributing at least somewhat to open source technology.

CI/CD (2016-2018)

In 2016, more than 80% of DevOps Pulse respondents had a CI/CD strategy, were in the process of implementing one, or were considering the possibility.

By 2018, the numbers increased with 91% already in the process or thinking about implementing CI and 85% already in the process or thinking about implementing CD. At this point, about 67% have fully implemented CI, and about 53% have fully implemented CD.

Continuous integration:

Continuous deployment:

Use Case for Log Analytics (2016-2018)

Troubleshooting and forensics have consistently been the most popular use case for log analytics. However, more and more DevOps teams are using log analytics for alerting. In addition, security has been a growing logging use case as well.

Conclusion

DevOps teams are still struggling to bring security into the mix. The majority of DevOps professionals report that they are not practicing DevSecOps and that there is a lack of knowledge and tools to help in this area.

We believe this will change in the near future.

As organizations begin to understand the growing impact security has on the application release cycle, as well as on compliance, a larger focus will be placed on adding the “sec” into the “dev” and the “ops.”

To facilitate this, these organizations will be able to make use of a growing number of DevSecOps best practices, as well as specified tooling. Automated security, code dependency scanning, threat assessments and developer training are just some of the methodologies that we expect to see increasingly in practice by the end of 2018.