The GitLab 2023 State of DevSecOps Report is Full of Goodness
The two reports, "Productivity and Efficiency within Reach" and "Security without Sacrifices," reveal insights into our new reality where continuous deployments many times per week are the norm and security-focused "shift-left" strategies are taking hold.
For 2023, IT leaders focus on two critical themes: "how to become more secure" and "how to increase release velocity."
The GitLab survey is a mirror image reflecting what's happening in 5,000 organizations worldwide.
Here are a few fascinating statistics and trends:
- 70% of organizations expect developer productivity and business agility improvements from implementing a DevOps strategy.
- More than half of organizations report it takes more than 2 months to get a new developer productive.
- 60% decrease in time consumed by manual tasks due to DevSecOps automation.
- 54% of organizations will implement an integrated DevSecOps Platform.
- Organizations using CI/CD, automation, and monitoring are 4x more likely to deploy multiple times per day
Configuration and secrets management is a cross-cutting concern underlying the "increase security" and "increase productivity" initiatives.
CloudTruth's Dynamic Secrets and Config is an example of a new generation of DevSecOps tooling in the Second Wave of DevOps and is a key component to support releasing multiple times per week and remediating leaked secrets quickly.
In the first wave, infrastructure as Code was the transformative shift that revolutionized how we manage systems. However, as the IT ecosystem grows more complex, there's an escalating need to increase release velocity and security.
The second wave builds on the prior tooling stack and ushers in a new config and secret management paradigm.
DevOps teams face one of the most challenging daily tasks: generating consistent config for every deployment. Every release requires thousands of configuration and secret settings to be set correctly for the system to work.
However generating a perfect, consistent config file is challenging due to config sprawl, static config anti-patterns, and poor coordination between application developers and the operations team.
75% of outages and security breaches are traced back to a misconfiguration.
It's time to manage config and secrets at scale better. Replace crufty scripts and hard-to-troubleshoot internal DIY tools with a robust offering that includes templating, change tracking, SSO, SAML, RBAC, and compliance audit reporting.
Many teams experience hidden release velocity friction because of messy config hand-offs from dev to ops. CloudTruth reduces this toil and increases release velocity by 50%.
The "second wave" of DevOps is fast approaching. CloudTruth's Dynamic Secret and Config Engine is critical in helping automate generating perfect, consistent config for every deployment.
At the end of the day, a consistent, trusted config is crucial for releasing faster with no downtime.