Jay Lyman, Senior Research Analyst, S&P Global Market Intelligence 451 Research
This blog is the third in our series, “Effective platform engineering: Priorities, pitfalls and success in taming complexity and managing today’s enterprise infrastructure and applications” (read the first blog and second blog) and a companion to the analyst report, “Cost, Productivity, Security Shape Today’s Platform Engineering.”
The evolution of DevSecOps
DevSecOps, the collaboration among security and software development/DevOps/platform engineering teams, continues to evolve as practices and tools mature. However, many organizations remain stuck in siloed approaches that pose problems due to competing demands for speed, efficiency and risk reduction. Enterprises that effectively integrate security into software development and deployment—both through platforms and tools, and via cross-team collaboration— are better positioned to drive velocity, quality and innovation while maintaining and even improving security.
Security represents a significant challenge for DevOps and platform engineering teams as they seek to “shift left” and integrate security earlier in the software development process and through deployment. While security elements, such as vulnerability assessment, application security testing and source code analysis, are increasingly integrated into software development and deployment, our survey results indicate that more than a third of enterprises still lack collaboration among security and DevOps/platform engineering teams.
DevSecOps collaboration entails both organizational and technical hurdles as security initiatives are increasingly driven by non-security teams. Platforms and tools must be integrated and automated to avoid constraining developers and other stakeholders. In addition, today’s enterprise IT environment demands multi-layered security measures that can help boost software quality while also reducing risk.
Overcoming DevSecOps hurdles
The most common DevSecOps pain points cited by survey respondents are rapidly evolving regulatory and compliance requirements (37%), an excessive volume of security alerts (35%) and security validation causing too much friction in the development process (33%) (see figure below).
Current pain points in DevSecOps
Q: What are the current pain points in DevSecOps? Please select all that apply.
Base: Respondents whose organization has DevOps in use or in discovery/proof of concept (n=403).
Source: 451 Research’s Voice of the Enterprise: DevOps, DevSecOps 2025.
Effective collaboration between security and platform engineering teams requires integrated, automated tools and a process with shared objectives and incentives. Additional challenges center on lack of clarity or trust in AI-based security tools and difficulty maintaining visibility and consistency across multi-cloud/ hybrid environments. These obstacles to cross-team collaboration are significant, but as we have seen with developers and IT operations teams in DevOps, aligned tools, platforms and strategy can help.
Key drivers for investment in DevSecOps include the need for compliance with emerging AI and privacy regulations, as well as organizational desire—and client demand—for secure code and applications. Additional factors include preventing software supply chain attacks and business championing of secure operations, with high-profile security incidents and outages highlighting the need to strengthen security stance.
Looking ahead
Use of platforms such as Kubernetes, which continues to gain enterprise adoption across verticals and use cases, can enable benefits while helping to address enterprise needs, including security. Kubernetes holds the potential for better protection of modern workloads against faults and cyber threats. However, given the array of tools and personas involved, organizations must contend with complexity, staffing and other hurdles in addition to cost, security and integration issues. Thus, it is critical to leverage a single platform that integrates the many open-source components of an effective Kubernetes deployment and supports the different personas (e.g., cloud admins, platform engineers and security teams) involved.
About the Author
Jay Lyman is a senior research analyst with the 451 Research Cloud Native and Applied Infrastructure & DevOps channels at S&P Global Market Intelligence. He covers software development, hybrid and multi-cloud infrastructure management and orchestration, and enterprise use cases that focus on the confluence of software development and IT operations known as DevOps. Jay’s analysis encompasses evolving software release and IT operations models, including generative AI’s role in both, and the technology used to create, deploy and support infrastructure and applications in today’s enterprise and service provider markets. This research includes data and analysis from the Voice of the Enterprise: DevOps survey of both IT decision-makers and practitioners. Other key areas of research include cloud native, open-source software and enterprise end users. Jay arrived at S&P Global Market Intelligence through its 2019 acquisition of 451 Research. Prior to 451 Research, Jay worked as a journalist for various media firms and publications including CMP Media, LinuxInsider, NewsForge, Time Magazine and the Associated Press. Jay has been a speaker at numerous industry events, including IC3, DevOps Days, LinuxCon and OSCON, covering topics such as cloud computing, DevOps, open-source software and enterprise case studies.
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
