DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. Top 5 Challenges of DevSecOps and How to Overcome Them

Top 5 Challenges of DevSecOps and How to Overcome Them

While adopting DevOps with integrated and continuous security is appealing to most organizations, such a radical change comes with challenges.

Chaitanya Gatreddi user avatar by
Chaitanya Gatreddi
·
Aug. 26, 19 · Analysis
Like (8)
Save
Tweet
Share
20.71K Views

Join the DZone community and get the full member experience.

Join For Free

DevSecOps emphasizes the need for better collaboration between development, operations, and security. It is the constant integration of efforts of all teams at every step of the process. The ultimate goal is to move into a world that is automated and synced, making most of the manual tasks obsolete.

But to get there, there are changes to be made not just to the process but to the behavior as well. However, according to a survey by Threat Stack, 68% of companies state that their CEO demands security and DevOps teams not do anything that slows down the business. This is one of the biggest challenges of DevSecOps and why many quit the transition halfway.

Let’s take a look at the top challenges faced while implementing DevSecOps and how we can overcome them.

Top 5 Challenges of DevSecOps

1) Reluctance to Integrate

The core of DevSecOps lies in the integration of teams — enabling teams to work in tandem with each other rather than independent of each other. But not everybody is ready to jump on board and change overnight.

The process happens gradually and one of the biggest challenges faced is the people itself. As people have already become deeply accustomed to current development processes, it can be hard to break the system and adopt new methods of working. Comfort tends to triumph over exploring the unfamiliar. For this, the right processes and tools are required and time needs to be permitted for people to make the transition.

2) Clash of the Tools

Considering the three teams have been working apart for a long time now, it’s understandable that they have different metrics and tools they use. Unifying the three, coming to a mutual agreement of where it makes sense to integrate and where it doesn’t, and keeping in mind the goals of the company can be an uphill battle.

There are plenty of tools available in the market now to implement DevSecOps. The first challenge lies in choosing ones that fit well. The second challenge is to properly integrate them in order to build, deploy, and test in a continuous manner. It’s not an easy task to bring together tools from various departments and sync them on one platform.

3) Implementing Security in CI/CD

Security has always been seen as something that comes at the end of development. But with DevSecOps, security becomes a part of continuous integration and continuous development (CI/CD). Getting security to adapt to the DevOps process and not the other way around can be challenging. But in order for DevSecOps to be successful, one cannot expect new DevOps processes and tools to adapt to old methods of security.

4) Chasing Perfection

It is impossible to have a completely smooth process right off the bat. Many organizations give up because time is wasted in trying to make things work perfectly. Adopting DevSecOps is a long-drawn process, but once done, it can significantly improve the entire operation. Trying to get perfect security at every stage of development will only hamper the work of the developers.

5) Understanding Each Other

There is a general rift between security and development.

57% percent of companies say their operations team pushes back on security best practices.

Developers need to be trained on basic security in order to collaborate more efficiently. Without DevSecOps, both teams work independently of each other, which results in an expensive and time-consuming handover between the teams.

Franklin Mosley of PagerDuty says, “To make security a priority, both security and development teams must learn from each other. The security professional needs to walk in the developer’s shoes and learn how software is made and the issues that are faced. It’s best to work with developers to come up with solutions that allow them to do the right thing when it comes to security.”

While there are challenges in DevSecOps, they are not unconquerable. Implementing DevSecOps can be done right if we recognize that it is not just a new process but a new culture that requires organizations to become better each day. With that in mind, it becomes much easier to embrace.

security Continuous Integration/Deployment teams

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • The Future of Cloud Engineering Evolves
  • Secrets Management
  • Connecting Your Devs' Work to the Business
  • How and Why You Should Start Automating DevOps

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: