DevOps is a popular development process in the tech industry. Its effectiveness in speeding up production and deployment means it’s often a primary choice for organizations. One thing has always been missing, though: security. Enter DevSecOps—DevOps’ more protective brother, the updated and hyper-secure version of DevOps.
What Exactly Is DevSecOps?
DevSecOps is an evolution of DevOps. It is a newer, more security-focused practice that ensures the entire DevOps process unfolds safely. DevSecOps is part of cybersecurity, while cybersecurity is part of DevSecOps. It’s a symbiotic relationship that combines all the benefits of DevOps with added security measures.
DevSecOps allows developers to receive automated outputs of a project’s security status throughout the development process. This provides consistent peace of mind and confidence for those using DevSecOps for their projects.
With so many steps involved in your average project, knowing that security measures can keep up with the pace of development is a great advantage for organizations.
In this article, we look at some important DevSecOps statistics that should help you understand any pros and cons of this practice, help you differentiate DevSecOps and DevOps, and give you a better understanding of why DevSecOps is becoming the more popular option.
DevSecOps Market Statistics
DevSecOps is rapidly becoming a staple development process for many businesses. Market statistics for the coming years show us that DevSecOps is likely here to stay. We know just how popular DevOps is among organizations, so when something like DevSecOps—with its added security measures—comes along, it’s easy to see why it is such an attractive option.
As security breaches increase among organizations, more and more companies want to make the security phase of development not only easier but also faster. Also, with the rise of popularity in AI, cloud technologies, and automation, DevSecOps is more beneficial than ever before. These factors alone bolster the market growth statistics you’re about to see.
• The global DevSecOps market is expected to grow at a CAGR of 33.7% during the forecast period 2017–2023. [1]
• The DevSecOps market size was valued at USD 3.73 billion in 2021. [2]
• The DevSecOps market size is projected to reach USD 41.66 billion by 2030, growing at a CAGR of 30.76% from 2022 to 2030. [2]
• In 2021, the rise in cybercrime from various sources was anticipated to cost the world more than USD 6 trillion. [2]
DevSecOps Regional Statistics
DevSecOps is rapidly spreading throughout the world as its reputation grows. It’s no surprise that the world’s tech giant nations are utilizing this development practice–it’s revolutionary and, of course, practical. In the modern world, security is in high demand, yet old cybersecurity systems are slowly being left behind as new technologies arise.
Enter DevSecOps. Security can now be slotted into the DevOps pipeline to keep developer, company, and customer information and technologies safe from malicious entities. These statistics demonstrate the implementation of DevSecOps around the globe.
North America is the leading DevSecOps region with the largest revenue share in 2020. [3]
Geographically, DevSecOps is most prominent in the North American, European, and Asia Pacific regions. [2]
DevSecOps Security and Cloud Statistics
As the use of cloud technology—whether through storage or computing—gains popularity, many organizations require higher security measures. Even if your development pipeline doesn’t involve cloud technology, many possible points of entry for intrusion still exist in containers, microservices, or even Kubernetes.
These DevSecOps security statistics suggest that DevSecOps will gain popularity in the coming years as organizations face increasing security concerns.
Note: While some of these statistics are not directly applicable to DevSecOps, they will likely contribute to its adoption.
• 72% of security pros rated their organizations’ security efforts as either “good” or “strong.” [4]
• DevOps teams are running more security scans than ever before: over half run SAST scans, 44% run DAST, and around 50% scan containers and dependencies. [4]
• 70% of security team members say security has shifted left. [4]
• 2021 was a record year for zero-day exploits; 770 vulnerabilities were detected in the first six months—more than in any other year on record. [5]
• Gartner predicts that global cloud services spending will reach over $482 billion before the end of 2022, a 54% increase from 2020. With increased investment and usership, cybercriminals are sure to migrate their attacks to the cloud. [8]
DevSecOps User Statistics
DevSecOps increases development speed and efficiency. Vulnerabilities among CI/CD (continuous integration/continuous development) pipelines tend to be left unresolved due to time pressures from project due dates and deadlines.
When the pressure is on, DevOps engineers tend to release code that isn’t secure. This, of course, is a suboptimal way of implementing code and is something that software engineers try to avoid by using some form of cybersecurity.
With DevSecOps, security is slotted into the CI/CD pipeline where it’s needed, meaning security measures are in place throughout the entire development process. This eliminates the risks you’re about to see in the below statistics.
• 36% of respondents currently develop software using DevSecOps, compared with only 27% in 2020. [4]
• 96% of respondents said their organization would benefit from automating security and compliance processes, a key principle of DevSecOps. [6]
• DevOps practices have led to 60% of developers releasing code twice as quickly. But increased speed creates a tradeoff: Nearly half of organizations consciously deploy vulnerable code because of time pressure. [9]
• Almost 25% of respondents claimed to have full test automation–up 13% from 2021. [4]
DevSecOps Obstacles Statistics
Developers always face obstacles. If software development was a simple process, things such as DevOps and DevSecOps may not exist. But due to the many nuances involved with development, organizations have to use third-party tactics and practices to hopefully make the entire process that little bit easier.
For experienced engineers, implementing DevSecOps can be simple. However, echnical issues exist that some respondents find worth mentioning. This isn’t to say that DevSecOps is difficult overall. But many DevSecOps engineers were previously DevOps engineers, with minimal to no experience in cybersecurity itself. Engineers with cybersecurity experience are less likely to report facing challenges with DevSecOps.
If you have any experience working with DevSecOps, you may agree with some of these.
• 60% of respondents find DevSecOps technically challenging. [6]
• 40% find that DevSecOps is expensive to implement. [6]
• 39% find they don’t have sufficient time to implement DevSecOps. [6]
• 38% report a lack of education around DevSecOps. [6]
• 36% feel they don’t haven’t acquired adequate DevSecOps skills. [6]
• 35% agree that organizational inertia can be an issue when it comes to DevSecOps. [6]
DevSecOps Implementation Statistics
As people learn about the advantages of DevSecOps, more respondents report interest in its implementation. Some misconceptions surrounding DevSecOps exist, however; one is the concern that DevSecOps may slow down application development and deployment.
Why choose DevSecOps as your primary development approach? These statistics demonstrate why organizations are choosing to implement DevSecOps to the development pipeline.
• 54% of respondents say that the reasoning for embracing DevSecOps best practices was to improve security, quality, and/or resilience. [6]
• 30% believe the primary reason for implementing DevSecOps is to bring applications to market faster. [6]
• 73% of respondents noted that manual security and compliance processes slow down code releases. [6]
• 96% said their organization would benefit from the automation of security and compliance processes. [6]
The slow pace of manual security and compliance processes is a common concern. DevSecOps helps to eliminate time-consuming cybersecurity tasks by seamlessly integrating them into the organization’s CI/CD pipeline.
Just like automated testing speeds up development time, automated security measures greatly improve development speed. Less time is spent worrying about holes in your code, holes in your cloud, or missed security measures as a whole.
DevSecOps Jobs and Engineer Statistics
DevOps engineers are part of a strong job market, but what about DevSecOps engineers? You may be surprised how rare DevSecOps engineers there are. We expect a significant increase in these numbers, as you’re about to see. However, with DevSecOps being a relatively new practice, it may take some time still until DevSecOps becomes a more popular profession.
However, if you’re skilled in DevSecOps—or you wish to learn DevSecOps—you could land yourself a very well-paid job. There are plenty of opportunities, and minimal job saturation has yet to make its way into this field. If there was ever a time to be one of these sought-after engineers, it’s now. (Note: This could change depending on the economic situation.)
• Last year dev, sec, and ops said they needed better communication and collaboration skills for their future careers. This year, after an intense period of enforced soft skills, their priorities have shifted dramatically to AI/ML (devs), subject matter expertise (sec), and advanced programming (ops). [4]
• The average annual DevSecOps engineer salary in the US is $140,000. [7]
• Entry-level engineers earn around $119,629. This is a very generous entry-level salary. [7]
DevSecOps Team Statistics
Something that is often questioned is whether a specific new DevSecOps team needs to be taken on board an organization, or if an existing DevOps team should learn the fundamentals of DevSecOps.
The latter seems to be a more appealing option if an organization already has a DevOps team, and a separate cybersecurity team in place. CEOs are demanding high security measures, so these engineers—whether DevOps, DevSecOps, or cybersecurity—will have plenty of work in the coming years. The DevSecOps team statistics below help us see the high demand for added security in development teams.
• 60% of rapid development teams had embedded DevSecOps practices in 2021, as opposed to 20% in 2019. [4]
• 56% of ops team members said they are “fully” or mostly automated–up 10% from 2021. [4]
• 75% of teams are either using AI/ML or bots for test/code review, or they’re planning to–up from 41% from 2021. [4]
Conclusion
This article should help you understand what DevSecOps is and why it appeals CEOs and engineers. These 30+ DevSecOps statistics demonstrate that DevSecOps is here to stay, providing a strong career path for engineers, and increased speed and security for organizations.
If you can have the best of DevOps: speed, functionality, ease of use, and organization with the added benefits of cybersecurity, it may be time to start a DevSecOps team of you own.
References
DevSecOps Market Statistics
DevSecOps Market Size and Forecast
Global DevSecOps Statistics
2021 Global DevSecOps Survey
Attacks From All Angles: 2021 Midyear Cybersecurity Report
DevSecOps Progress in Larger Organizations
DevSecOps Engineer Salary
The 5 Biggest Cloud Computing Trends In 2022
GitLab’s Fifth Annual Global DevSecOps Survey
About the Author
Jeff Smith, Lead Technical Write
__________________________________________________________________
About the Author
Jeff Smith, Lead Technical Writer, has led projects and teams working on documentation in access and security for more than six years. Learning these technologies and helping other people do the same is his passion. Jeff contributes occasionally to various technical blogs and publications and sometimes writes on non-software topics such as productivity, project management, and tech news.
