Despite the issues being widespread, 80% of organisations planning to adopt DevSecOps are ignoring the necessary steps to change attitudes

Almost half of organisations (45%) working with DevSecOps said its practices are failing to work as hoped, undermining their efforts to improve security, quality, and consistency in software production, according to research commissioned by Capacitas surveying large UK businesses and public sector organisations.

Worryingly, over half (51%) of IT decision makers report outright resistance to change among their teams whilst 47% say there is insufficient cross-team collaboration. More than half of respondents (53%) at organisations where DevSecOps is already implemented say they fail to see high levels of engagement and ownership of application performance and security.

Despite these significant barriers, 80% of organisations currently planning their DevSecOps implementations are overlooking culture as a key area that requires attention.


Thomas Barns, Service Design Director, Capacitas said: “The research highlights a consistent failure to appreciate and prioritise the cultural aspects of DevSecOps, which is about people and processes, not just technology.

“More than half of organisations (57%) believe they can get DevSecOps embedded and operating as desired within six months. For some this might be possible, but corners should not be cut to make this happen if it’s taking longer. Time needs to be taken to embed the DevSecOps culture shift if the investment is going to work in a sustainable manner for the business and its people.”

The results indicate that training is a factor which is being neglected, acknowledged by one-third of respondents (33%) as one of their main challenges when seeking to get teams to embrace DevSecOps practices. However only 26% of those about to adopt DevSecOps had made plans to include internal training in their roadmap, highlighting how skills gaps and needs are being underestimated.

Most adopters are looking for DevSecOps to boost team productivity as well as quality and consistency. Whilst the research found that most organisations operating with DevSecOps have seen improvements in several areas, only 40% report significant improvements in deployment frequency or in lead time for change. Tackling the cultural and skills issues in adoption of DevSecOps is critical to realising the value that IT decision makers are looking for.