A global survey of 1,300 CIOs and DevOps managers working for organizations with more than 1,000 employees published today finds more than three-quarters of respondents work for organizations (78%) that deploy software updates into production every 12 hours or less, with more than half (54%) say they do so at least once every two hours. A total of 20% report they are deploying updates every minute or less.
Conducted by the market research firm Coleman Parkes on behalf of Dynatrace, the survey also finds 90% of respondents reporting that the pace of digital transformation within their organization has accelerated in the past 12 months. More than a quarter (26%) expect the pace of digital transformation to continue to accelerate, the survey found.
However, 55% of respondents work for organizations that make tradeoffs between quality, security and user experience to meet the need for rapid transformation. A total of 41% of respondents said they must sacrifice code quality and user experience due to meet demands for faster innovation, while more third (34%) also need to sacrifice code security.
Overall, DevOps teams, on average, spend nearly a third (31%) of their time on manual tasks involving detecting code quality issues and vulnerabilities that conspire to slow the pace of innovation, the survey found.
To address these issues, organizations plan to increase their spending on automation across development, security and operations by 35% by 2024, as they invest more in continuously testing software quality (54%) and securing production environments (49%), automatic vulnerability detection and blocking (41%) and automating release validation (35%). The average budget allocated to these activities in these large organizations is $9.1 million, the survey finds.
A full 88% of CIOs said the convergence of observability and security practices will be critical to building a DevSecOps culture, with 94% noting that extending a DevSecOps culture to more teams is key to accelerating digital transformation. Only 27% of respondents claimed to fully adhere to a DevSecOps culture today. The biggest obstacles to achieving that goal are that security teams don’t trust developers (55%), developers perceive security teams to be blockers of innovation (49%) and the silos that exist between teams (36%).
Organizations expect to increase their annual investment in DevSecOps automation by 2024 an average of 35%, but only a quarter (25%) said applying artificial intelligence to security was a priority. At the same time, only 28% of respondents said they are fully confident applications are fully tested for vulnerabilities before they are deployed.
A total of 90% said increasing the use of AI for IT operations (AIOps) will be key to scaling up these practices. However, 70% of respondents said they need to improve their trust in the accuracy of AI’s decisions before they can automate more of their continuous integration/continuous delivery (CI/CD) pipeline.
Bob Wambach, vice president of product marketing for Dynatrace, said there is a clear correlation between that accelerated pace of digital transformation and a need to deliver more frequent software updates that is driving those investments. Most organizations, however, are going to find it difficult to achieve all their goals unless they break down the silos that prevent them from automating and observing modern DevSevOps workflows, he added. Achieving that goal will also require DevOps teams to reevaluate which platforms they are employing as they move to reduce the current level of friction encountered when building and deploying applications, he added.
It’s too early to say just how soon DevSevOps workflows will define the next era of software development. One way or another, it’s certain that every organization that embraces DevOps will need to address lingering application security issues.