DevSecOps: Developers Gain Authority as Security Shifts Left
![](https://s33007.pcdn.co/wp-content/uploads/2020/12/devsecops-software-security.jpg)
We follow up on last year’s DevOps report with our next iteration, DevSecOps. DevSecOps serves as the next iteration of DevOps, addressing the last bottleneck by integrating security practices at every phase and embracing “continuous” principles.
COVID-19 has accelerated transformation efforts. Our survey shows healthy spending & more modernization initiatives at hand. We also see a trend of developers gaining greater budget authority, in part driven by new security workflows. Many public & private companies are well positioned to capitalize.
In May 2019, we published our inaugural DevOps report outlining how software development & delivery approaches were radically changing and how new market opportunities were emerging. Since then several companies have gone public, some have substantially shifted their product strategies towards DevOps, and lots of M&A took place. In this next installment of our analysis, we focus on DevSecOps.
Companies have leveraged DevOps methodologies to shorten their software innovation cycles and ship more code to production in order to accelerate digital initiatives. With that, more vulnerabilities have been exposed and security concerns are on the rise.
Historically, even if companies adopted new DevOps practices, security teams often still existed in silos and did not embrace “continuous” methodologies. With security becoming an increasing priority, bringing it into the automation fold is rising. DevSecOps is the natural stepping-stone in the digital transformation journey. In fact, 71% of respondents in our survey indicate they are embracing “shift left” initiatives.
Several factors are driving more security responsibility to developers, including
In addition, Kubernetes & containers are easing application configuration requirements and giving developers more innovation power. These trends are driving greater budget authority to developers. In line with this, we are seeing more DevOps vendors add security & other automation capabilities to their portfolios.
According to our survey, DevSecOps budgets have held up relatively well this year, up ~8% vs. Gartner’s forecast of -2.5% in total software spend. This implies DevSecOps is a high budget priority, with a ~10%+ market growth outlook in 2021. And based on our findings,we estimate a $14.4B TAM (2021). ITSM, CI/CD & Security are the top 3 areas of priority post COVID-19.