Survey Surfaces Lots of Room for DevSecOps Improvement

The survey underscores a growing but uneven convergence of DevOps and security functions. Shared observability platforms are now commonplace, yet less than half of respondents report strong alignment on workflows, suggesting cultural and process silos still impede true DevSecOps maturity. Industry analysts note that without cohesive governance, organizations risk duplicated effort and slower incident response, especially as development velocity accelerates and multi‑cloud environments become the norm.

Tool fragmentation remains a pain point, with 93% of firms deploying three or more security‑operations solutions and many ingesting over four data sources into their SIEMs. While 92% rate their SIEM as effective at reducing mean time to detect, only half are very confident in its future scalability—a concern amplified by the exponential rise in AI‑generated data streams. AI/ML adoption is high, yet organizations must balance alert fatigue reduction against the need for robust, integrated platforms that can handle diverse telemetry without overwhelming analysts.

Strategic leaders are turning to unified, cloud‑native platforms that combine logs, metrics, and traces to streamline operations and cut costs. Automation is gaining traction, with 70% of teams automating threat detection and response to varying degrees, but full automation remains limited. Companies that consolidate point solutions, invest in scalable SIEM architectures, and embed AI/ML responsibly are better positioned to achieve faster, more reliable security outcomes while supporting rapid development cycles. The path forward hinges on aligning tooling, processes, and culture across DevOps and security teams.