Making security a part of applications from their inception, known as Development, Security and Operations — or DevSecOps, is an approach quickly gaining steam in the enterprise world.

At today’s AppDev Done Right Summit, DevSecOps was the star of the show, as experts and industry professionals discussed how incorporating security in their continuous integration/continuous delivery pipelines has led to better value and faster software delivery.

“What I’m really focused on in this summit is how DevSecOps is woven throughout the entire ecosystem and emphasizing the need to shift security left, enabling it in every stage of the CI/CD pipeline, from code to cloud,” said Paul Nashawaty (pictured), principal analyst for theCUBE Research. “This also applies to securing software supply chains, policy as code, real-time threat detection and cloud-native environments. In this era, security isn’t just a gate, it’s a continuous threat of trust.”

Nashawaty spoke with theCUBE’s Dave Vellante at the AppDev Done Right Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the growing impact of DevSecOps and what is changing in app development.

DevSecOps comes in three cycles

The summit centered on the three stages of DevSecOps: Day Zero, the planning cycle, Day One, the building and release cycle, and Day Two, which covers the operational side, including observability and incidence response. Incorporating security into each stage has proven difficult for some. A recent survey from theCUBE Research revealed that of the 847 respondents, 24% wanted to ship code on an hourly basis but only 8% were able to do so.

“The goal here is to build the systems that don’t just work, they evolve, learn and recover in real time,” Nashawaty explained. “That ties back to [AI] … but also, observability applies across the entire ecosystem, so you can have actionable insights. What we find is it is very fragmented — in our research, we find 75% of respondents indicate they’re using six to 15 different tools to measure observability.”

Because of the tool sprawl, many want a full-stack observability solution, DevSecOps needs to be a shared responsibility, a collaborative effort to create reliable and trusted software, according to Nashawaty.

“What we’re seeing is a pivot point in the market right now in Day Two that is showing that we can see the unified approach across things,” he said. “Not just monitoring, but logging, tracing, all the [metrics, events, logs and traces] metrics that are in place. These actionable insights are important in the CI/CD pipeline and the SDLC in order to take action across delivering your applications faster.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of theCUBE Research’s AppDev Done Right Summit:

Photo: SiliconANGLE