SANS DevSecOps Survey 2023

Keypoints

• The report typically consists of sections such as executive summary, technology overview, respondent demographics, cloud and multicloud environment insights, security practices, automation, compliance, container security, programming risks, and future trends, providing a comprehensive view of the cybersecurity landscape.
• It highlights key statistics, including over 75% of workloads running on cloud providers like AWS, Azure, and GCP, with a rising trend in multi-cloud usage and container orchestration.
• Major threats focus on securing diverse environments, with continual challenges in adopting and utilizing security tools such as CSPM and CWPP effectively across multicloud setups.
• Automation in security testing and compliance enforcement is increasingly prevalent, supporting faster threat detection and risk mitigation, with most organizations testing applications weekly or daily.
• Notable trends include growing integration of AI and data science in DevSecOps, as well as continued adoption of container orchestration tools like Kubernetes, often through cloud-managed services.
• The reports underscore recurring themes such as the importance of securing applications early (“shift-left” security), automating vulnerability management, and managing the complexities of multicloud security environments.
• Key insights reveal that organizations recognize DevSecOps as a vital business risk management function, emphasizing communication, skill development, and automation as critical success factors.