New Webinar: Modernising Without Destabilising: How Bread Financial Is Building Confidence Through Change

Learn more

New webinar with Bread Financial

Learn more
Contact us

Blogs

Thought of the Week: The Expectation vs The Reality of Adopting DevSecOps Practices

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Thought of the Week: The Expectation vs The Reality of Adopting DevSecOps Practices</span>

Date 08 November 2023

Author Team Capacitas

The idea of DevSecOps is to take traditional DevOps further – making software development more agile, more secure and promoting better cooperation between development and IT operations teams.

This evolving methodology requires expertise to handle the increased requirements and greater complexity of software as all organisations face a global shortage of developer skills. And with no one-size-fits-all solution to choose from when it comes to DevSecOps, every organisation is doing it differently, and few are getting what they want from it.

This raises the question: are IT leaders seeing DevSecOps practices deliver the expected results? 

To answer it, we spoke to 200 IT decision-makers from large UK businesses and public sector organisations. The findings highlight the responses on both sides of the coin – those in the planning phase of DevSecOps, and those that have already adopted the practice.

 

Key insights include:

  • A resounding 99% have seen marked improvements in both consistency and quality since adopting DevSecOps practises.
  • And whilst 74% of those in the planning phase feel they will be able to provide return on their DevSecOps investment, the reality is 97% of current adopters can confidently report ROI (Return on Investment).

 

Yet, there is a flip side:

  • 74% have experienced a rise in critical P1 incidents after implementing DevSecOps.
  • And culture challenges are greater than expected – resistance for teams to change is cited as the number one barrier when it comes to delivery teams taking ownership of DevSecOps practices.

Our own experience shows quality is the most worrying challenge for teams that are also under pressure to achieve speed and value. Organisations need to embed premium DevSecOps practice from the outset, employing engineering that improves product, quality, and speed, while delivering value for money.

One organisation which has met their DevSecOps expectations is the UKHSA (United Kingdom Health Security Agency), which used automation to achieve significant efficiencies and reduced costs to support the scaling of healthcare systems that processed Covid-19 results. Automation captured four key DevSecOps metrics, pinpointing where bottlenecks were occurring, along with their root causes, allowing for adjustments of processes and pipelines across the delivery team. Delivery speed was improved by 60% and production incidents reduced by a massive 89%, while saving £1m through optimisations.

This is all achievable and founded on a culture of ownership, continuous delivery, security, quality, and extensive automation. A four-stage discovery-realise-transform-protect model will fully optimise DevSecOps performance, locking in long-term gains and providing continuous benchmarking of teams.

Whether you are considering adopting DevSecOps or are already on the journey, our findings offer invaluable insights to guide your strategy with a distinct and proven methodology.

Download the report now and get in touch for a more informed and effective DevSecOps journey. 

capacitas-devsecops-report-2023

 

Your business will be able to drive process improvements to increase overall capability and organisational maturity supporting the technology growth. Your teams will improve their collaboration with the right visibility while reducing costs and using automation to speed up development cycles without sacrificing quality and security.

For more information or to ask for more practical advice, please reach out to us via our website or via email at contact@capacitas.co.uk

About the Author

Thomas Barns

Thomas brings his hands-on experience in developing structured capacity and performance models for diverse IT systems in e-commerce, banking and telecommunications. Thomas is Capacitas Service Design Director. Has developed operational capacity management and reporting tools that have helped many of Capacitas clients.

Team Capacitas
About the author

Team Capacitas

Capacitas is a cloud and AI value partner. We translate rapid technological change into enduring commercial advantage by converting every unit of compute into enterprise value.

FinOps and AI: Building the Financial Discipline for the Next Wave of Enterprise Intelligence

AI FinOps represents an evolution rather than a replacement of traditional FinOps. It extends the model into a domain where financial, technical, and product decisions are tightly interconnected.

Read insight

Confidence Under Load: How We Verified AKS Readiness for Peak

How Capacitas verified AKS readiness for peak demand by validating workload performance, autoscaling, cluster capacity, monitoring, and incident response.

Read insight

Building Cloud Resilience: Lessons from the AWS Outage

Learning from the Latest Outage. Events like this week’s AWS disruption highlight one clear truth: resilience must be designed, not assumed.

Read insight

Bringing Order to Chaos: A Practical Guide to Chaos Testing in the Cloud

In today’s cloud-native environments, resilience is not optional—it’s critical. Chaos testing has emerged as a key practice for validating system behaviour under failure conditions.

Read insight