For three years, developers, security team members, and operations professionals have suggested to us in our annual surveys that their responsibilities were shifting. But this year that “shift” became a tidal wave of change - and that change is towards DevSecOps.
In our 2022 Global DevSecOps Survey, more than 5,000 practitioners shared details of DevOps roles in a state of flux: devs taking on ops and security tasks, security working hand-in-hand with dev teams, and ops wearing an improbable number of hats.
These are big changes, but surprisingly not chaotic ones. In fact, at a time of great technical and macroeconomic upheaval, the evolution of DevOps jobs and responsibilities seems to be designed to bring teams more tightly together. DevOps is more than 14 years old at this point – an argument could be made that true collaboration is finally underway.
Whatever is at play, it’s clear substantive changes are happening. Here’s what our respondents told us about their new responsibilities.
DIY and developers
Today’s developers are literally DIYing all the (ops) things. This year, 38% reported instrumenting code they’ve written for production monitoring, up 12% from 2021 and more than double the percentage in 2020. The same percentage of devs monitor and respond to the infrastructure, up 13% from last year, and 36% are “on call” for app-in-production alerts. Some devs are now authoring runbooks for apps in production and even serving as a point-of-contact if something is escalated.
They’re also spending a lot more time on toolchains. Nearly 40% spend between one-quarter and one-half of their time maintaining or integrating toolchains (more than double last year’s percentage), while a full third of devs spend between half and all of their time on this task.
And, in any time left over, devs are digging into security, so much so that 53% said they are fully responsible for security in their organizations.
At the same time, devs are also opting out of tasks that have long been in their wheelhouse, including testing, manual testing, code review, documenting code changes, and planning.
Security is a team sport
No longer a siloed group, security team members are literally rolling up their sleeves and joining in. Almost 29% of those surveyed said they’re now part of a cross-functional team and 35% are more involved with teams and “hands on” with DevOps projects, an 11-point jump over 2021.
For the first time ever, 7% of security team respondents said they have more influence on engineering decisions; a small percentage, but it’s a start for a group traditionally viewed as not part of the “team.”
Nimble ops pros
While devs are busy with what have been traditional ops roles, ops pros are off-roading with responsibilities not really seen in DevOps teams before. For the past few years, ops has reported splitting time between managing infrastructure and managing the cloud, and that didn’t change dramatically in 2022. But when they’re not juggling the cloud and infrastructure, ops is taking on a number of new challenges, including DevOps coaching, responsibility for automation, overseeing all compliance efforts, and platform engineering.
And, as if that isn’t enough, 48% of ops pros said they feel fully responsible for security in their organizations.
Want to know more about how DevOps roles are changing? Read our 2022 Global DevSecOps Survey.