Zscaler Data Protection von CRN als Produkt des Jahres 2023 ausgezeichnet

Zscaler Blog

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Produkte & Lösungen

The Top Challenges Faced by Organizations Implementing DevSecOps

MAHESH NAWALE - Product Marketing Manager
Mai 18, 2022 - 5 Lesezeit: Min

DevSecOps stands for development, security, and operations. DevSecOps emerged in response to observations that many DevOps processes failed to integrate security properly. The idea is to identify and fix security issues as early as possible in the development lifecycle, helping to reduce risk while maintaining agility and speed. DevSecOps is as much about cross-team collaboration as it is about technology, as it makes application and infrastructure security a joint responsibility of production, security, and operations teams.


Challenges associated with DevSecOps implementation

Implementing DevSecops comes with several challenges. In this blog, we will focus on some of the key challenges in implementing DevSecOps. Here are some of them: 

Infrastructure Challenges: 

Complexity in the cloud

According to the 2021 Flexera State of the Cloud Report, 92% of organizations are using multiple public clouds. These multi-cloud deployments typically use a wide range of cloud services, and heavily leverage automation, both of which make it difficult for security to keep up. Continuous infrastructure security, compliance assurance, and data security pose big challenges. 

Tool sprawl and alert fatigue

Along with a rapidly-expanding set of cloud services, the industry has responded with a rapidly-expanding set of cloud security services. The result? Security professionals are flooded with high volumes of alerts from each tool, making it difficult to focus on the most important fixes. Without risk-based prioritization, developers and security teams might spend time on issues that might not even represent risk to the organization. 

Compatibility issues

The DevOps team uses many open source tools that include a repository of frameworks, codes, libraries, and templates. While these tools boost productivity, they can also introduce security issues if they are not audited or used properly. Common challenges include continuous access to a variety of tools, induce continuous and consistent security mechanisms compatible with the tools and techniques used in DevOps process to prevent and mitigate security issues as they emerge across the development process.

Identifying and fixing vulnerabilities

As per this report from Security Boulevard, 50% of apps are always vulnerable to attack at organizations that have not adopted DevSecOps, as opposed to 22% at organizations with a mature DevSecOps approach. With security testing typically taking place at the end of the development cycle, developers end up patching or rewriting code very late in the process, causing costly rework and delays. 

Balancing speed and security

DevOps is all about speed and agility, and every team, including security, needs to keep pace in order to keep the innovation engine humming. Keeping up with DevOps means creating a security foundation that’s agile, adaptable, and fast. Legacy security tools and processes aren’t up to the challenge of securing deployments and negatively impact the pace of development and deployment. 

Regulatory compliance and audit mandates

Organizations are subjected to a stringent, evolving compliance landscape and time consuming audits. The risk of not following compliance and regulatory standards can lead to financial loss as well as reputational damage. Audit readiness and a constant state of compliance is challenging in a dynamic DevOps environment. 


Organization Culture

Security is considered a bottleneck

According to Gartner, “71% of CISOs say their DevOps stakeholders still view security as an impediment to speed-to-market.” A common myth or perception among the Dev and DevOps teams is that security slows things down. Security checks are considered a bottleneck. 

Lack of resources and knowledge gap 

Recent stats show that 70% of organizations lack adequate working knowledge of DevSecOps practices. With limited staff, tools, and budget allocations, the other challenge includes bridging the knowledge gap. Developers lack security and compliance expertise which is one of the most common DevSecOps challenges. Similarly, security and operations teams are not familiar with both infrastructure and software development environments. The knowledge gap and common platform to share knowledge are barriers to successful DevSecOps implementation. 

Friction among cross-functional teams

Developers aren’t usually security experts and predominantly focus on development and faster deployment based on tight delivery timelines. Security teams, however, are primarily concerned with ensuring that the environment, as well as code, is safe. Often these cross-functional teams work in silos. Their goals and agendas are dissimilar which leads to operational friction. It is challenging to force common goals and practices and mitigate tension between cross-functional teams so that they can function as one team. 

Roles and responsibility alignment 

It is challenging to align roles and responsibilities as the DevOps environment is dynamic, and teams are constantly changing. Developers often think the security team is responsible for security and risk mitigation, but practically, the security team’s role is to create security policies, guide developers and operators to understand security requirements and best practices to deliver secure codes and serve as advisors. The people and organizational structure may be the hardest part when it comes to adopting DevSecOps.


Guidelines to Successful DevSecOps Implementation

Implementing DevSecOps differs with each organization's domain and requirements. What's common? Teamwork is critical when implementing DevSecOps. It needs buy-in from different stakeholders and organization-wide acceptance. The strategies below can help with the successful implementation of a DevSecOps culture:

  • Knowledge sharing: All stakeholders need to understand security challenges, risks, implications, and the importance of addressing them. Continuous knowledge sharing through online forums, training, guidelines, documentation, and more can help bridge the knowledge gap. 
  • Collaboration: Building an effective collaboration between cross-functional teams will ensure effective communication and efficient response. 
  • Guardrails enforcement: Continuous monitoring, compliance checks, and implementation of guardrails will help streamline the overall DevSecOps process.
  • Automation: Formulating a DevSecOps strategy, implementing a comprehensive yet developer-friendly platform like Zscaler Posture Control (ZPC), and a best-practices approach can make security integration with DevOps easier. 



DevSecOps can be extremely beneficial, improving both security and organizational efficiency. But, the most challenging part of DevSecOps adoption is to make security complement existing business processes, culture, and people. Security leaders need to develop cross-functional collaboration and unite developer, security, and operations teams around the culture of security as a shared responsibility. 

With a successful DevSecOps strategy and automated cloud security platform, teams practicing a DevSecOps methodology can overcome the above-mentioned challenges and work together to improve security across any cloud, reducing risk, complexity, and cost while achieving secure, faster deployment.

Zscaler can help organizations close culture gaps and accelerate DevSecOps adoption. Learn more here.

form submtited
Danke fürs Lesen

War dieser Beitrag nützlich?

Weitere Zscaler-Blogs erkunden

Erstklassige Kundenerfahrungen beginnen im Homeoffice
Erstklassige Kundenerfahrungen beginnen im Homeoffice
Blog lesen
The Power of Zscaler Intelligence: Generative AI and Holistic View of Risk
The Power of Zscaler Intelligence: Generative AI and Holistic View of Risk
Blog lesen
Take Cloud Native Security to the Next Level with Integrated DLP and Threat Intel
Take Cloud Native Security to the Next Level with Integrated DLP and Threat Intel
Blog lesen
Cloud Compliance
The Impact of Public Cloud Across Your Organization
Blog lesen
01 / 02
dots pattern

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Mit dem Absenden des Formulars stimmen Sie unserer Datenschutzrichtlinie zu.