Authored by: Stephen McNulty, President Asia Pacific and Japan, Micro Focus
In 2020, COVID-19 not only shook the world with widespread devastation of economies, healthcare systems and livelihoods, but also amplified digital transformation to historic levels on an unprecedented scale.
A poll of 265 IT decision-makers across the Asia-Pacific region revealed that more than half are equipping their firms to take advantage of new and emerging opportunities, while also planning for greater investments in DevOps in 2021. As a set of practices that combines software development and IT operations, DevOps aims to shorten the systems development life cycle and provide continuous delivery with high software quality. In the post-COVID world, with its burgeoning remote commerce climate and an uncertainty about the future, DevOps equips businesses with greater resilience, agility, and ability to respond faster to changing market needs, which empower businesses to leverage new opportunities for growth that are centred around innovation initiatives and digital transformation.
But following a year marked by the erosion of digital trust, with a staggering rise in cyberattacks and cybercrime from which even the likes of Twitter, Zoom, and the U.S. government have not been spared, security and digitalisation initiatives go hand in hand, especially when it comes to software innovations.
To effectively navigate the post-pandemic economic recovery that will continue well beyond 2021, it is imperative for APAC businesses to build stronger relationships and boost digital trust with both consumers and employees alike. This is the critical juncture at which organisations must pivot toward the adoption of DevSecOps—the integration of DevOps and security—to survive and thrive in this climate of uncertainty and constant change.
Struggles to Adopt DevSecOps Despite Growing Consumer Security Concerns
In the post-pandemic ‘new normal’, businesses and consumers alike are forced to interact more via digital platforms. However, the sentiment among APAC consumers in doing so is mixed.
Notably, there is a significant lack of trust in digital companies. Since COVID-19, over half (55 per cent) of consumers in APAC expressed increased levels of concern about online activities, against the expectation that businesses should provide increased levels of security and data protection. Those statistics, coupled with the 40 per cent of APAC consumers having reported breaches of their personal data by someone who did not have prior consent, underlie the ongoing mistrust.
If software is the main vehicle allowing businesses to interact with and meet consumer expectations, then a focus on improving software development processes via DevSecOps would be critical in helping businesses stay the course to economic recovery. However, this is proving to be a struggle. On a regional scale, only four in 10 APAC leaders say they have united their DevOps and security teams, with India (53 per cent) and China (51 per cent) leading integration efforts, and Korea (29 per cent) and Japan (30 per cent) still in the preliminary stages.
The key reason for this struggle is organisational in nature. DevOps teams are often still primarily responsible for application security testing, with security teams getting involved only in the later stages of the development cycle. Yet late-stage security testing in software development is untenable in today’s fast-expanding digital economy. The integration of development and operations teams under a DevOps model has enabled companies to release code within shorter timeframes, but this has also increased the rate at which vulnerabilities are created. Addressing security needs only in the later stages of software development is essentially too little, too late.
Building a DevSecOps Culture Within Your Organisation
A big part of building digital trust today lies with the adoption of a consistent DevSecOps mindset, which involves augmenting each stage of the software development supply chain with continuous security and automated testing. Developing the necessary capabilities for this organisational overhaul requires the transformation of culture, processes, and tools.
Cultivating an organisational culture that is consistently proactive about security necessitates buy-in across the different functions. For instance, helping developers to understand the needs of security specialists and vice versa, or reteaming and involving external experts and consultants as required, can reduce incompatibilities between both functions in the pursuit of software development that is both efficient and secure. Fostering a culture of learning and experimentation will also allow security to become a collaborative process that evolves over time to meet changing needs.
Continuous testing makes it possible for security to be incorporated into DevOps processes in a way that develops in a reiterative manner, ensuring that security features can stay current and effective in an environment of constant change. This is because focusing on continuous testing empowers businesses to spot problems as early in the cycle as possible and allows for timely improvements in security features as circumstances evolve.
Businesses should aim for 100 per cent automation and look to the right DevSecOps-friendly tools and platforms that promote this goal. To empower stakeholders to collectively drive the creation of automated tests and policies, it is important to ensure that they share a deep understanding of workstreams and raw materials (such as source code, components, and packages), and appreciation of their common ground in the push toward analysing and securing these elements.
It may be a long road ahead before more APAC businesses find success in developing consistent and effective practices for the adoption of DevSecOps. However, this journey also presents new opportunities to deepen relationship and digital trust building, while fuelling cultural and organisational changes for greater innovations in the longer-term.