7 most common ways to fail at DevSecOps

DevSecOps initiatives are fraught with peril and require careful consideration of culture, learning, process and business needs. Here's how companies tend to fail in those areas.

Missed target arrows bullseye
Thinkstock

Organizations adopt DevSecOps for a variety of reasons: to enable digital transformation projects, deliver value faster, gain a competitive advantage, lower the cost of security remediations, and more. Despite the rush to adoption, organizations sometimes fail with their DevSecOps initiatives, and the reasons for those failures are avoidable. Here are the most common causes for DevSecOps efforts to fail.

1. Failure to establish a learning culture

A recent report from McKinsey identified that talent and cultural issues pose the greatest challenge to technology transformations, which includes DevSecOps. Organizations that embrace a culture of continuous learning and experimentation, then, will be more successful with DevSecOps. The seminal work “The DevOps Handbook” emphasizes that to be successful with DevSecOps and building on the success of high-performing organizations, a learning culture is key.

This is facilitated through daily learning, reserving time for organizational learning and improvement, and a concentrated investment in upskilling the workforce. This can be accomplished with investments in learning subscriptions, tuition assistance, and certification reimbursement. Brown bag sessions where subject matter experts from inside and outside the organization share expertise and lessons learned are also effective.

2. Neglecting cross-functional education

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.