Hello everyone and welcome back to the Cognixia podcast! Every week we gather here to explore something new from the world of emerging digital technologies, from cloud computing to DevOps, IT service management to project management, and much more.
This week, we are back with another very interesting topic that we are sure you are going to enjoy – security, artificial intelligence, and DevOps. Everybody knows that artificial intelligence is transforming how we do business and the world as we know it at large. It is also transforming the roles and responsibilities inside organizations. It is helping replace the manual effort required for tedious monotonous repetitive tasks and making such operations error-free and more efficient. This also frees up the human bandwidth for more important tasks that essentially require human intervention.
One such area where artificial intelligence is making quite a mark is DevSecOps. We are going to take a quick minute here to tell everybody what is DevSecOps. DevSecOps is the practice of integrating security testing at every stage of the software development process. This would include the tools & processes which facilitate collaboration among developers, security specialists, operations team members, etc. to ensure that the final product, the software, or the application is both efficient and secure. To put it in a very simplified form, DevSecOps adds the element of security to the DevOps culture, weaving it into the process itself, instead of adding measures as an afterthought after the software or the application has been produced.
Going back to our topic for the day, how is artificial intelligence reshaping the roles of a developer in the DevSecOps environment?
The recent Seventh Annual Global DevSecOps Report by GitLab has found that artificial intelligence and machine learning in the software development workflow have found promise but challenges like the complexity of the toolchain and concerns about security continue to remain. According to this research, about 65% of the developers are not using artificial intelligence and machine learning in their code-testing efforts or have plans to do this in the next three years. This is quite a huge step in the automation of the software development process.
This survey by GitLab covers over 5,000 IT leaders, CISOs, and developers across various sectors including financial services, automotive, healthcare, telecommunications, and information technology. The survey focused on understanding the successes, challenges, and priorities for the DevSecOps implementation.
One of the very interesting things this report found, as we mentioned just now, was how artificial intelligence and machine learning is being adopted in the software development process. In 2022, only 55% of the developers were using AI/ML to check their code, while this number is now up to 62%. Also, last year, only 39% of the developers were using bots in the testing process; this number is up to 53% this year.
One thing that is striking is that this report finds that organizations are increasingly incorporating security much earlier in the software development lifecycle. It has also indicated that organizations are finding artificial intelligence and machine learning to be quite useful in identifying vulnerabilities in the code. One more interesting finding is that developers using a DevSecOps platform for their work are more likely to embrace automation and AI/ML for the testing phase than those without.
As interesting and promising as these findings are, we’d say, take it with a pinch of salt, maybe?
While artificial intelligence and machine learning are surely fueling a revolution in the way we build software and applications, no doubts there, but it is not all a glossy picture. Ushering in automation comes with some bumps and challenges too. They can be overcome, sure, we do not deny the potential of amazing technologies like AI and ML, but what we are saying is, there are also some bumps on the way, so it would be good to be aware of them.
The first challenge that developers and security professionals face is toolchain complexity. Developers and security professionals, by default, use a host of tools and applications in their day-to-day work. Managing all these tools and applications can sometimes become a challenge. Toolchain management is an especially big issue for security professionals. The GitLab report finds that 57% of security professionals, 48% of developers, and 50% of operations professionals use six or more tools daily. Not just this, in 2022, for the same report, 54% of security professionals said that they use at least two to five tools in their workflows, while 35% reported using six to ten. These numbers have gone up to 42% and 43% respectively. That can be quite overwhelming and challenging, for sure.
The second challenge that developers and security professionals face is maintaining consistent security monitoring. In this survey, about 26% of the professionals identify it as an issue. 26% of the respondents have also said they face challenges in drawing cohesive insights from all the integrated tools they use. 66% of the respondents would prefer to consolidate their toolchains, which would make things easier for them.
One thing we cannot deny is that there is a growing awareness that security is not just one individual or one team’s responsibility. Instead, it is a shared responsibility among all in the DevSecOps team. In this direction, the GitLab report finds that about 71% of security professionals opine that the developers in their team are now capturing more than 25% of the security vulnerabilities. In 2022, this number was only 53% so that is a good, healthy rise.
There is also a growing trend of cross-functional collaboration. More and more security professionals are being aligned with teams whose core focus is building & maintaining security. This is quite likely a direct result of another trend – security being weaved in and addressed at a much earlier stage in the software development lifecycle. This has been at the center of the evolution of DevOps into DevSecOps. Silos are breaking down not just between development and operations teams but between development, operations, and security teams, facilitating better coordination, collaboration, and increased effectiveness as well as efficiency. This has also helped the leadership to better secure & consolidate the fragmented & disparate toolchains as well as reduce spending. Moreover, this trend has helped free up the developer’s bandwidth, allowing them to focus on mission-critical tasks & responsibilities, build innovative solutions, and fulfill roles that require their expertise & attention.
As an increasing number of organizations embrace the capabilities of artificial intelligence and machine learning, there is a growing need for professionals and resources who would be trained and skilled security professionals possessing the right skills & tools to help the organization establish and uplift the DevSecOps culture.
Interestingly, we think it is worthy of mentioning that in some spaces artificial intelligence and machine learning have been found competing, especially in high-impact areas as the security professionals go about shuffling and redefining their professional goals.
Some of the top skills, Git Lab reports are considered essential for security professionals are:
- Artificial intelligence and machine learning
- Soft skills
- Subject matter expertise
- Metrics & quantitative insights
This definitely indicates that all-round expertise and skill set are essential for a successful career in security and overcoming security challenges they would encounter in their work.
To make the most of emerging technologies like artificial intelligence and machine learning in the security and DevSecOps space, enterprises must invest in the right training and tools for their teams to leverage the potential of these technologies in the software development and security workflow processes. Enterprises also need to support and encourage cross-functional collaboration among the development, operations, and security teams. Such a collaborative environment would lead to building a more streamlined and efficient software development lifecycle which ensures that security is weaved into the product and the process from the very beginning and not added in as an afterthought. Based on the GitLab survey, it can also be said that there is an urgent need to consolidate and streamline the toolchain. Security professionals are commonly required to juggle multiple tools and this increases the complexity manifold. However, if toolchains are simplified and consolidated well then it would go a long way in improving efficiency, bringing down the friction and the costs incurred, and opening the bandwidth of the security team to focus on issues and tasks that require their attention.
And that’s how artificial intelligence and machine learning are reshaping the roles of developers and security professionals in a DevSecOps environment.
With that, we come to the end of this week’s episode. We hope you enjoyed listening to us and found something useful for it. Also, this is a great time to sharpen your skills and add a new certification plus new skills in your repertoire, and of course, your resume so does check out our website at www.cognixia.com to learn more about all our live online instructor-led courses in the latest emerging technologies like Microsoft Azure, AWS, Docker & Kubernetes, DevOps, Project Management, CISSP, ITIL 4 Foundation, Certified Scrum Master, and many more.
Until next week then.