DevOps teams are increasingly required to handle security incidents for their organizations, but many are unprepared to do so adequately, according to a Thursday report from Logz.io.
Some 54% of the 1,000 DevOps engineers, sysadmins, developers, and IT professionals surveyed said that their DevOps department handles security for their company, the report found. But 76% said they either do not practice DevSecOps or are still in the process of implementation. Additionally, 71% said they do not feel their team has adequate knowledge of DevSecOps best practices.
This is especially concerning due to GDPR going into full effect, the report noted: 39% of respondents said that their organization is not yet GDPR ready.
SEE: IT leader’s guide to making DevOps work (Tech Pro Research)
“As GDPR was the most discussed topic over the last few years, we wanted to use this year’s DevOps Pulse to examine how DevOps teams are tackling security issues and identify trends and opportunities for improvement,” Logz.io CEO Tomer Levy said in a press release. “The results showed us that although DevOps teams are by and large responsible for at least a portion of their organization’s security operations, DevOps teams have yet to fully integrate security into their regimen.”
The security skills gap remains a concern, as half of the organizations surveyed said they have trouble finding the talent to fill roles on their security analyst teams. One reason for this may be a lack of diversity in the candidates they are seeking: While 91% of respondents said that their organization has fair opportunities for both genders, 94% of those respondents were male.
In terms of cybersecurity concerns, DDoS attacks top the list for DevOps practitioners (37%), followed by phishing (16%), and malware (16%).
To learn more about the skills DevOps managers need to be successful, click here.
The big takeaways for tech leaders:
- 54% of DevOps practitioners said that their DevOps department handles security for their company. — Logz.io, 2018
- 71% of DevOps practitioners say their team does not have adequate knowledge of DevSecOps best practices. — Logz.io, 2018