“If we have data, let’s look at data. If all we have are opinions, let’s go with mine.”
This talk is going to be based on data and the real world.
No theoretical stories just data and action items on how to make your company better/faster/more secure in shipping software.
5. 22% YOY DEVOPS
BUDGET GROWTH
Through 2022
DEVOPS IS STILL GROWING
“...projections underestimate DevOps’ extended impact on IT.”
*DevOps: The New Heart of IT. Oppenheimer. 2018.
10. TOP PRIORITIES
Increase velocity of
code to production
Security
Increase cloud adoption
88
71
47
29
29
41
Revenue
Acceleration
Improved Agility
Cost Reduction
Better
Management of
Regulatory &
Compliance Risks
Increased Customer
Satisfaction
Other
11. WHERE IS THE FOCUS?
▪ Scaling / change management
▪ Legacy processes/apps
▪ Growing number of
microservices
▪ Build high quality
vs
Ship new features
28
27
20
19
6
Agility and Time to
Market
Quality of Services
Cost Efficiency
Security and Risk
Reduction
Other
14. WHY COST?
DOWNTIME IS EXPENSIVE
Downtime costs companies an
average of $336,000 an hour.
In (bigger) companies -->
$540,000 an hour.
- Gartner
15. WHY SPEED?
“In a world where everything
is moving so rapidly, simply
being fast isn't enough; you
have to be faster than all
your competitors”
RELEASE
FAST
OR DIE
17. REALITY:
50%
OF DEVOPS IS CLOUD NATIVE
“The future will be containerized and those containers
will run on serverless infrastructure.”
- Brendan Burns
95%
BY 2022
REALLY?
“Cloud Native is
something that
everyone defaults to
now.”
POWER USERS DEMO THAT CLOUD-NATIVE IS HERE
19. CONSENSUS: HYBRID IS AN INTENTIONAL DESTINATION
▪ 20% of enterprises with more than 1,000
employees plan to more than double their
public cloud spending.
▪ 71% of enterprises will increase their public
cloud spending by more than 20%
Workloads Distribution
in 2019 vs in 2022
26
25
49
25
23
52
% of Workloads
23. SECURITY VS VELOCITY:
WHERE ARE THE BOTTLENECKS?
Automate
pipeline
Deployment
automation
Test platform
management
24. SECURITY VS VELOCITY – TESTING?
“44% say that they
are only testing
about 0-30% of
their codebase.”
25. REALITY:
60%
NOT INTEGRATED INTO DEVOPS
PIPELINE
29%
FOCUSED ON THIRD-PARTY
VULNERABILITIES
“Security is
something we apply
after
development.”
REALLY?
SECURITY IS COMING INTO THE PIPELINE
26. Top Aspects - OSS LIBRARY GOVERNANCE
1. Quality
2. Activity on Source
Repository
3. Vulnerabilities
4. License
What do you take into consideration when deciding which OSS libraries to use?
- JFrog survey
27. SECURITY TOOL CRITERIA
1. Universal - Support
of many technologies
2. Integration with
other DevOps tools
3. Quality of Data
What were the top 3 decision-making factors that you considered when
selecting your software composition security analysis tool?
- JFrog survey