The 2018
DevOps Pulse

Insights based on over 1,000 IT Professionals.

What is the DevOps Pulse?

The DevOps Pulse is Logz.io’s annual analysis of the DevOps industry highlighting key trends, points of interest, and challenges that DevOps and IT Operations professionals experience on a daily basis.

This year, over 1,000 IT professionals across the globe provided their insights on how DevOps is changing and expanding on an international level throughout various industries.

Who are we?

Logz.io is an intelligent log analytics platform that combines ELK as a cloud service and sophisticated machine learning to derive new insights from machine data.

If you have any questions, we invite you to e-mail us at: info@logz.io

2018 area of focus: security

Each year, the DevOps Pulse homes in on an area of particular concern to the DevOps community. With GDPR now enforceable and worldwide organizational concerns over security and data privacy, there is no better time to focus on security.

That’s why this year’s DevOps Pulse Survey explores the usual trends in DevOps along with a dedicated section devoted to security and its implementation in DevOps organizations.

Noteworthy Insights
The tech industry is not ready for GDPR, leaving companies vulnerable to tremendous liabilities and risks.
DevOps professionals are responsible for security operations in their organizations, yet they lack the tools and strategies to handle it effectively.
Despite the fact that it is clearly a male-dominated industry, tech organizations fail to recognize their own diversity problem.
Kubernetes has taken over DevOps, growing exponentially in adoption over the past two years.
CI/CD strategy plays a crucial role in DevOps teams today.
Serverless technology has grown tremendously in just one year’s time.

Who took this survey?

This year, over 1,000 IT pros took this survey coming from all over the world. Over 50% have over 10 years of experience under their belt.
What is your role in the company?
What is your experience level?

Key findings: security

  • DevOps professionals are taking on security on behalf of their organizations. 54% of respondents shared that their DevOps department handles security incidents in their organizations. Only 41% employ dedicated security operations personnel.
  • Despite this, most DevOps professionals are ill-equipped to handle security. 76% of those surveyed either do not practice DevSecOps or are still in the process of implementation. 71% do not feel their team has adequate knowledge of DevSecOps best practices.
  • The security skills gap is a real concern. Half the organizations surveyed have trouble finding the talent to fill roles on their security analyst teams.
  • Despite being two months into GDPR, a significant number of organizations are not yet ready. 39% are not yet GDPR ready or are still working on it.
  • Organizations are not adopting SIEM tools as quickly as expected. Only 29% of respondents have a SIEM system in place and ELK is the most popular SIEM tool.
  • DDoS is the most feared form of cyber attack. Concern over DDoS is more than double any other type of security incident.

Security talent and implementation

54% of organizations use DevOps personnel to handle security incidents. This is closely followed by specialized Security Operations.

However, more than half of respondents have trouble recruiting talent for security roles, revealing a major skills gap affecting many technical organizations.

Who implements security and handles security incidents in your organization?

Security strategies, tools, and best practices

Despite the fact that DevOps teams handle security, it seems that there is still a tremendous learning curve in implementing DevOps security best practices.

53% do not practice DevSecOps, and the vast majority do not have a good understanding of DevSecOps best practices or the tool set to help its implementation.

Does your organization practice DevSecOps?
Does your organization use any of the following DevSecOps strategies?
Do you feel your team has adequate knowledge of DevSecOps best practices?
Do you have a SIEM system in place?
Do you feel there are enough tools available to successfully implement DevSecOps?

Compliance and exploit readiness

GDPR is already enforceable and the majority of DevOps Pulse respondents (54%) are most concerned about GDPR. Despite that, 39% are not yet GDPR ready or are still working on it.
Are you GDPR ready?
Which of the following compliance certifications are important to your organization?
Which types of attacks do you feel most concerned about?

Notable DevOps trends

  • Open source is overwhelmingly preferred over proprietary software. 63% of those surveyed say half of their technology or more is based on open source and over 60% contribute to the open source community.
  • Diversity is not where it should be. While 78% of respondents believe their organizations are diverse and 90% believe there are equal opportunities for all genders, the overwhelming majority of respondents (more than 94%) were male.
  • Serverless is steadily growing in popularity. Today, 42% of DevOps Pulse respondents use serverless technology, rising 12% from 2017 where only 30% had adopted the technology.

DevOps culture and diversity

As many have noted, the industry still has work to do with regards to diversity. 94% of our respondents are male, yet the overwhelming majority of those surveyed believe their company has equal opportunities for all genders.
Do you feel your company has fair opportunities for all genders?
What is your gender?

DevOps tools and evolving trends

Use of serverless (2017-2018)

Although most DevOps teams are still not using serverless architecture, the technology is certainly growing in popularity, jumping from 30% to 42% from 2017 to 2018.
Are you using serverless in your application logic?

Use of container orchestration (2016-2018)

Container orchestration has grown dramatically in the past two years. In 2016, 72% of DevOps Pulse respondents did not use container orchestration services.

Today the number of respondents using Kubernetes has increased tremendously to almost 34%, while Docker Swarm remains a solid alternative at close to 15%.

Do you use container orchestration services, and if so, which?

Open source goes mainstream (2016, 2018)

In 2016, 57% of DevOps teams surveyed had a strong preference for open source technology. Today, 63% responded that half the technology they use or more is open source, with 61% contributing at least somewhat to open source technology.
Does your company rely on open source technology, and if so, how heavily?

CI/CD (2016-2018)

In 2016, more than 80% of DevOps Pulse respondents had a CI/CD strategy, were in the process of implementing one, or were considering the possibility.

By 2018, the numbers increased with 91% already in the process or thinking about implementing CI and 85% already in the process or thinking about implementing CD. At this point, about 67% have fully implemented CI, and about 53% have fully implemented CD.

Do you have a continuous integration (CI) strategy in place?
Do you have a continuous deployment (CD) strategy in place?

Use case for log analytics (2016-2018)

Troubleshooting and forensics have consistently been the most popular use case for log analytics. However, more and more DevOps teams are using log analytics for alerting. In addition, security has been a growing logging use case as well.

Conclusion

DevOps teams are still struggling to bring security into the mix. The majority of DevOps professionals report that they are not practicing DevSecOps and that there is a lack of knowledge and tools to help in this area.

We believe this will change in the near future.

As organizations begin to understand the growing impact security has on the application release cycle, as well as on compliance, a larger focus will be placed on adding the “sec” into the “dev” and the “ops”.

To facilitate this, these organizations will be able to make use of a growing number of DevSecOps best practices, as well as specified tooling. Automated security, code dependency scanning, threat assessments and developer training are just some of the methodologies that we expect to see increasingly in practice by the end of 2018.

Get the full report
Thank you for signing up, the results will be delivered to your email shortly...