Data reveals almost 70% of operations professionals report that developers can provision their own environments, sign of shifting responsibilities
The rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and organization charts within developer, security and operations teams, according to GitLab’s fourth annual DevSecOps survey. The survey of over 3,650 respondents from 21 countries worldwide uncovered how roles across software development teams have changed as more teams adopt DevOps.
“This year’s survey shows that there are more successful DevOps practitioners than ever before and they report dramatically faster release times, truly continuous integration/deployment, and progress made toward shifting both test and security left,” said Sid Sijbrandij, CEO and co-founder at GitLab. “That said, there is still significant work to be done, particularly in the areas of testing and security. We look forward to seeing improvements in collaboration and testing across teams as they adjust to utilizing new technologies and job roles become more fluid.”
It’s a changing world for developer, operations and security teams and that holds true for roles and responsibilities as well as technology choices that improve DevOps practices and speed up release cycles. When done right, DevOps can go a long way to improve a business’s bottom line, but there are still obstacles to overcome to achieve true DevSecOps.
The Changing Role of the Developer
Every company is now a software company and to drive business results, it is even more critical for teams to understand how the role of the developer is evolving – and how it impacts security, operations and test teams’ responsibilities. GitLab found that the lines are blurring between developers and operations teams as 35% of developers say they define and/or create the infrastructure their app runs on and 14% actually monitor and respond to that infrastructure – a role traditionally held by operations. Additionally, over 18% of developers instrument code for production monitoring, while 12% serve as an escalation point when there are incidents.
DevOps adoption rates are also up – 25% of companies are in the DevOps “sweet spot” of three to five years of practice while another 37% are well on their way, with between one and three years of experience under their belts. As part of this implementation, many are also seeing the benefits of continuous deployment: nearly 60% deploy multiple times a day, once a day or once every few days (up from 45% last year). As more teams become more accustomed to using DevOps in their work, roles across software development teams are starting to shift as responsibilities begin to overlap. 70% of operations professionals report that developers can provision their own environments, which is a sign of shifting responsibilities brought on by new processes and changing technologies.
Security Teams Unclear About Responsibilities
There continues to be a clear disconnect between developers and security teams, with uncertainty about who should be responsible for security efforts. More than 25% of developers reported feeling solely responsible for security, compared to testers (23%) and operations professionals (21%).
For security teams, even more clarity is needed, with 33% of security team members saying they own security, while 29% (nearly as many) said they believe everyone should be responsible for security. Security teams continue to report that developers are not finding enough bugs at the earliest stages of development and are slow to prioritize fixing them – a finding consistent with last year’s survey. Over 42% said testing still happens too late in the life cycle, while 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritizing vulnerability remediation an uphill battle.
“Although there is an industry-wide push to shift left, our research shows that greater clarity is needed on how teams’ daily responsibilities are changing, because it impacts the entire organization’s security proficiency,” said Johnathan Hunt, vice president of security at GitLab. “Security teams need to implement concrete processes for the adoption of new tools and deployments in order to increase development efficiency and security capabilities.”
New Technologies Help with Faster Releases, Create Bottlenecks in Other Areas
For development teams, speed and faster software releases are key. GitLab found that nearly 83% of developers report being able to release code more quickly after adopting DevOps. Continuous integration and continuous delivery (CI/CD) is also proven to help reduce time for building and deploying applications – 38% said their DevOps implementations include CI/CD. An additional 29% said their DevOps implementations include test automation, 16% said DevSecOps, and nearly 9% use multi-cloud.
“Over the last year, Ubitech introduced CI/CD practices to multiple teams for new and existing projects within the organization,” said George Tsiolis, engineering lead at Ubitech and core contributor at GitLab. “So far, implementing CI/CD has led to an overall boost in test coverage efforts and more frequent deployments. It’s also given our team new insight we needed to spot potential vulnerabilities before and after deploying our applications.”
Despite this, testing has emerged as the top bottleneck for the second year in a row, according to 47% of respondents. Automated testing is on the rise, but only 12% claim to have full test automation. And, while 60% of companies report deploying multiple times a day, once a day or once every few days, over 42% said testing happens too late in the development lifecycle.
While strides toward implementing DevOps practices have been made, there is more work to be done when it comes to streamlining collaboration between security, developer and operations teams.