One area where speed is becoming increasingly important is in the development process. Forrester predicts that generative AI chatbots and tools will become more prevalent in software development, boosting developer productivity by 20 to 50%. These tools not only increase productivity but also enhance efficiency and accuracy for all members of product teams. This trend is supported by a recent survey from BairesDev, which found that 72% of software engineers are already using gen AI in their development process.
The need for speed in DevOps is driven by the competitive advantage of delivering apps faster than competitors. High-performing DevOps teams deploy code 208 times more often than low performers. To keep up with this pace, the adoption of gen AI-based DevOps tools is growing. However, this focus on speed also exposes gaps in governance, risk, and security.
The productivity gains from gen AI-based chatbots and apps highlight the growing gaps in governance, risk, and security. Forrester’s report reveals that security, risk, and governance are the biggest challenges when moving to an agile/DevOps development and delivery model. The iterative and incremental approach of agile/DevOps leaves limited time for software validation, further exacerbating these challenges.
To address these gaps, Forrester offers five key insights. Firstly, despite economic headwinds, cybersecurity spending continues to increase, with 64% of security decision-makers reporting an increase in their application security budget. Secondly, organizations need to commit to Secure-by-Design principles, which hold software suppliers accountable for the quality and security of their products. Over 183 companies, including industry leaders, have already signed the Secure by Design pledge.
Thirdly, organizations need to prioritize API security, especially if they have experienced external attacks that started as web application exploits. With many APIs being overlooked or left open, organizations need a collaborative approach to bring together DevOps, IT, and security to harden API security.
Fourthly, security needs to be integrated into the development lifecycle through DevSecOps, which ensures security as a shared responsibility throughout the entire IT and CI/CD lifecycles. Lastly, organizations need to define and continue hardening software supply chain security, as 91% of enterprises have fallen victim to software supply chain incidents in just a year.
Ultimately, organizations need to prioritize security and integrate it into every phase of the system development lifecycle. Collaboration between security, development, and operations is essential for successfully securing applications and their data. As the pace of coding accelerates, better approaches to managing systemic risk, governance, and security challenges are needed. By addressing these issues, organizations can ensure the speed and efficiency of their development process without sacrificing security.
