DevSecOps Accelerates Incident Detection, Response Efforts


Organizations should leverage observability data to succeed with their DevSecOps strategy. Tucker Callaway, CEO at Mezmo, discusses how observability data helps teams quickly gain insights from their systems and respond to security issues.

DevSecOps (development, security, operations) is the practice of introducing security processes earlier in the software development life cycle. Development and operations teams are trained to implement the proper security standards, or in other cases, security professionals are added to these teams to ensure the proper security protocols are included with the automated testing of applications for common vulnerabilities.

Leaving software vulnerabilities unpatched is one of the common causes of data breaches. If development and operations teams add a formal set of security procedures to the testing automation process, it can help discover any vulnerabilities in the code before it is accessible to the public, so developers aren’t left scrambling to remediate a vulnerability that has become a threat.

In addition to discovering vulnerabilities, a DevSecOps approach has other benefits. It helps developers understand how applications can be hacked so they can write code with fewer bugs and risks. And it can meet compliance standards, as testing, patching, and monitoring applications are components of cybersecurity requirements.

DevSecOps Is Expected to Gain Market Traction

A Mezmo and Enterprise Strategy Group reportOpens a new window shows that DevSecOps accelerates detecting and responding to attacks in an organization’s infrastructure. Based on a survey of 200 DevOps and IT/information security professionals, the report reveals that organizations leveraging DevSecOps cite improvements in incident detection (95%) and response (96%) efforts and reducing the number of incidents that occur in production (95%).

The key to successful DevSecOps is ensuring developers have the information needed to integrate securing their code into their workflow preemptively. Instead of waiting for security teams to find, sort through, and route issues to the right people, DevSecOps helps developers shorten the feedback loop between when they find a problem and how quickly they can correct the code. Think of it as DevOps shifting operations left to developers to provide the infrastructure to build and ship more secure applications.

According to the survey, only 22% of organizations have implemented DevSecOps. However, adoption is expected to surge, with 62% of organizations saying they have plans to use the strategy in the future.

See More: API Security: Why It’s Unique and Where We’re Going Wrong

Barriers to DevSecOps Success

One of the most significant barriers to DevSecOps success is enabling security teams to get the centralized visibility and control they need to roll out consistent tools and processes to developers.

Many organizations (84%) don’t want to overburden developers with too much education on security processes. They believe a more effective approach is to provide developers with the right tools and data to help them create clean code absent of logic flaws, defects, and bugs.

Developers also face challenges regarding the speed and volume of cloud-native development. Organizations need efficient and accurate tools, so developers don’t become bogged down with work on false positives or non-urgent code fixes.

According to the survey, organizations that have adopted DevSecOps have struggled the most with observability data capture and analysis. As they increasingly roll out more software releases to serve customers, they collect vast amounts of observability data. Organizations report capturing hundreds of terabytes (32%) and even petabytes (6%) of monthly data.

Of this observability data, organizations revealed that log data (35%) is the more prominent component of data produced by volume. Metrics (29%), traces (22%), and other types of machine-generated data (14%) are the next most common types of data gathered.

Most organizations (69%) don’t capture specific observability data sources, as processing and storing this amount of data is costly. Neglecting this creates a more significant issue if there’s an incident and the organization has incomplete observability data for a comprehensive analysis and quick response. Also, this scale of data is time-consuming to analyze, especially if developers don’t have the right tools to parse and route it. An average of 17.5 person-hours is the time it takes to triage and understand security incidents—an amount that 82% of companies would like to reduce.

Some other top challenges organizations report include enforcing consistency across development projects, implementing many different tools/controls, finding the right tools/controls to implement, using manual processes, avoiding team conflict when collaborating, and shifting the mindset of security and development teams to be conscious of each other’s outcomes.

How Insights from Observability Data Can Help

Organizations need to find a way to analyze and use their observability data, which can provide insight for better troubleshooting, debugging, and incident response and detection. They use dedicated log analysis tools (66%) to store and analyze application observability data. And to get the most out of their data, most organizations (91%) use multiple tools, such as a cloud-hosted (64%) or on-premises data lake (55%), or a SIEM solution (59%). This makes it difficult for various groups to get their hands on the data needed to perform specific tasks. As a result, 55% of organizations believe their teams struggle with DevSecOps because they don’t have a single location that aggregates all the data from the many solutions and is available to everyone.

Organizations often look to open-source tools to build customized solutions to leverage observability data but struggle to scale with these tools, as they are hard to integrate and manage. Over the next year, 98% of organizations stated they would research managed observability solutions as an option to overcome these issues.

The Right Tools for the Future

Organizations must choose the right usable tools that optimize speed and efficiency for developers, operations, and security teams. Keeping up with cloud-native development and moving to DevSecOps has been a challenge. 

Traditional security methods don’t apply because they can’t keep up with continuous integration deployment (CI/CD). These solutions need to seamlessly fit within the teams’ routines and integrate within their cloud-native technology stack. The solutions need to leverage observability data, which can deliver insights to help teams gain more knowledge of their systems and respond to security issues swiftly.

How are you updating your DevSecOps strategy to improve security and incident response? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock