DevSecOps adoption is low but packing a punch in user organizations

By Esther Shein on TechRepublic

Only 22% of respondent organizations have developed a formal DevSecOps strategy integrating security into software development life cycle processes, a newly released report finds. But of those, an overwhelming percentage reported a positive impact on accelerating incident detection (95%) and response (96%) efforts, according to observability data platform provider Mezmo.

Although adoption is low for now, the study also confirms potential growth in the industry with 62% of respondents saying their organization is actively evaluating use cases or has plans to implement DevSecOps.

“DevSecOps has been a challenge because, with cloud-native development, developers can provision and deploy their own applications to the cloud without the help of other teams,’’ explained Melinda Marks, senior analyst at ESG, which conducted the survey on behalf of Mezmo. “It is difficult for security teams to incorporate security testing or processes into development because if it’s disruptive, developers may skip certain security processes if it seems to take too much time, or if it will generate too many alerts for them to fix.”

The other issue is that developers may be using testing tools to test and fix issues in their code, but security teams don’t have visibility into what they are doing, Marks added. The security products that many organizations have in place monitor the applications when they are running in the cloud for misconfigurations—but at that point, the issues are much harder to fix and are exposed to customers and hackers because the applications are live, according to Marks.

Of the 200 DevOps and IT/information security professional respondent organizations, the study found that more than half using DevSecOps tools and processes experienced a significant reduction in incidents that occur in production. The greatest impact reported was on accelerating incident detection efforts, and nearly half reported significant improvements in incident response and remediation times.

Factors limiting DevSecOps adoption and success

According to the research, there are distinct differences between the perceived and actual challenges of implementation. Companies believe that establishing a culture of collaboration and encouraging developers to leverage security best practices are nearly equal in importance to adopting DevSecOps tools, Mezmo said. While it is common to expect cultural transformation to be a roadblock prior to adoption, those practicing DevSecOps report that technical limitations, such as data capture and analysis, are actually greater barriers to success.

Eighty-four percent of respondents believe that getting the right data and tools to developers is key for enabling success. But, as organizations increase the speed and volume of releases to serve more customers, they are collecting huge volumes of data. Organizations surveyed capture several (54%) or even hundreds (32%) of terabytes per month, with 6% capturing a petabyte or more per month.

This amount of data is costly to collect and store and parsing through it for incident triage and response is time-consuming. In fact, 17.5 person-hours is the average time it takes to triage and understand security incidents—an amount that 82% of companies would like to reduce. Most organizations (69%) do not capture certain data sources because of the high cost of storage/retention, which is problematic if there is an incident and the organization has incomplete data for a thorough analysis and/or timely response.

How to make the most of data with observability

The study shows that 91% of organizations are using multiple tools to get the most value out of their data, which makes it difficult for multiple groups to have access to the data they need to do their jobs. Not having a “single source of truth” is reported as the greatest challenge holding back teams.

Modern software development is all about speed and efficiency, Marks said. “DevSecOps has been a challenge because traditional security methods are too disruptive to processes; organizations need solutions that work within developer workflows and tools along with their cloud-native tech stack.”

When observability data is utilized, it can help drive efficiency because it provides insight for better security processes, policies, and faster incident response, she said.

“To move fast and build secure applications, companies need solutions that help them to fully harness the value of their data to drive better results,” said Tucker Callaway, CEO of Mezmo, in a statement. “To achieve this, teams are looking for observability solutions that are flexible and scalable, with automation features to help improve data collection and analysis.”

Right now, most companies (87%) are using open source tools as part or all of their observability stack because they are more customizable. But 84% believe it will become challenging to manage, adopt and scale with these tools.

Nearly all survey respondents (98%), with titles ranging from application developers to IT and security professionals, said they will likely investigate a managed observability solution over the next 12 months, according to Mezmo.

Get the full story
Next news
You're viewing our latest news item.
Previous news
You're viewing our oldest news item.
The Importance of Context Engineering in the AI Era
VIEW
Mezmo: Named One of The Top 50 Software Companies of 2025
VIEW
Why Synthetic Tracing Delivers Better Data, Not Just More Data
VIEW
Why Agentic SREs Require Active Telemetry in Kubernetes
VIEW
5 Startups Defining AI SRE
VIEW
Mezmo Launches AI SRE Agent for Root Cause Analysis
VIEW
AI-Driven Observability with Tucker Callaway | The Software With Podcast
VIEW
Mezmo CEO Tucker Callaway on Active Telemetry, Context Engineering, and the Fastest AI SRE for Kubernetes | 10KMedia Podcast
VIEW
Mezmo Launches Fast & Precise AI SRE for Kubernetes Ahead of KubeCon
VIEW
Mezmo Wins 2025 Digital Innovator Award from Intellyx
VIEW
Mezmo Announces Cost Optimization Workflow to Reduce Observability Spend for Datadog Users
VIEW
Mezmo Disrupts Market by Reducing Observability Cost Structure by 90%
VIEW
Building trust in telemetry data [Q&A]
VIEW
2025 Observability Predictions - Part 1
VIEW
Mezmo Simplifies Management of Telemetry Data to Reduce Observability Costs
VIEW
At KubeCon/CloudNativeCon 2024, AI hype gives way to real application concerns
VIEW
Mezmo Unveils Mezmo Flow for Guided Data Onboarding and One-Click Log Volume Optimization
VIEW
Mezmo Flow Released
VIEW
What’s new from KubeCon + Cloud Native Con North America 2024
VIEW
Mezmo Unveils Mezmo Flow for Guided Data Onboarding and One-Click Log Volume Optimization - Yahoo Finance
VIEW
Real-time Analytics News for the Week Ending November 16
VIEW
Analytics and Data Science News for the Week of November 15; Updates from Alteryx, DataRobot, ThoughtSpot & More
VIEW
Modern Observability Through Application Development
VIEW
Mezmo Unveils Mezmo Flow for Guided Data Onboarding and One-Click Log Volume Optimization
VIEW
Mezmo CEO Tucker Callaway Shares Observability Insights and KubeCon + CloudNativeCon 2024 Plans
VIEW
Telemetry Data: The Puzzle Pieces of Observability
VIEW
Q&A with Tucker Callaway, CEO of Mezmo
VIEW
Mezmo Makes Inc. 5000’s List of Fastest Growing Companies in the Nation for Third Consecutive Year
VIEW
7 Ways Telemetry Pipelines Unlock Data Confidence
VIEW
The 2024 SD Times 100: 'Best in Show' in Software Development
VIEW
Mezmo Hires Former StackHawk, New Relic Leader as Vice President of Product
VIEW
Inside the VP of Sales' Journey: Financial Software to AI Startups - Craig McAndrews Spills it all!
VIEW
Mezmo: Adding In-Stream Alert Capabilities to Telemetry Pipeline Platform
VIEW
An IT Manager's (Re)View of the RSA Conference
VIEW
Real-time Analytics News for the Week Ending May 11
VIEW
Mezmo Adds Industry-First Stateful Processing in Telemetry Pipelines
VIEW
SalesTechStar Interview with Craig McAndrews, Vice President of Sales at Mezmo
VIEW
Mezmo Ranks No. 82 on Inc. Magazine’s List of the Pacific Region’s Fastest-Growing Private Companies
VIEW
How To Break Down Silos To Get More Benefit From Your Data
VIEW
Mezmo Bolsters Sales Leadership With New Hires From Chef and Apptio
VIEW
How Metric Normalization Enhances Data Observability
VIEW
KubeCon 2023: Telemetry and Data Management
VIEW
Telemetry Data’s Role in Cybersecurity – Tucker Callaway – Enterprise Security Weekly
VIEW
Breaking data silos between observability and security empowers organizations
VIEW
2024 Application Performance Management Predictions - Part 3: Observability
VIEW
Data Management News for the Week of November 10; Updates from AWS, Monte Carlo, Satori & More
VIEW
Real-time Analytics News for the Week Ending November 11
VIEW
At KubeCon NA 2023, finding cloud independence on the edges of Kubernetes
VIEW
Mezmo Introduces Data Profiling and Responsive Telemetry Pipelines for Kubernetes
VIEW
Data Profiling & Responsive Telemetry Pipelines For Kubernetes | Mezmo
VIEW
KubeCon: GKE Enterprise gets release date, Mezmo adds data profiling feature, and more
VIEW
Data Profiling & Responsive Telemetry Pipelines For Kubernetes | Mezmo
VIEW
Data Profiling & Responsive Telemetry Pipelines For Kubernetes | Mezmo
VIEW
Optimize Your Observability Spending in 5 Steps
VIEW
Take Control of Your Kubernetes Telemetry Data
VIEW
The Role of Observability Engineers in Managing Complex IT Systems
VIEW
Mezmo Launches Welcome Pipeline to Unlock Kubernetes Insights Faster
VIEW
Mezmo Ranks #1,386 on Inc. 5000’s List of Fastest Growing Companies in the Nation
VIEW
Mezmo Simplifies Management of DevOps Telemetry Data
VIEW
Mezmo Empowers Enterprises to Extract Business Insights from Telemetry Data
VIEW
How DevOps Teams Can Manage Telemetry Data Complexity
VIEW
Mezmo Wins the 2023 Digital Innovator Award from Intellyx
VIEW
Tucker Callaway, Mezmo | RSA Conference 2023
VIEW
Mezmo: Cloud Native Telemetry Pipeline
VIEW
Mezmo Adds Free Community Plan for Managing Observability Data
VIEW
Mezmo Announces Free Access to Telemetry Pipeline
VIEW
Tame Telemetry Data With Mezmo Observability Pipeline
VIEW
Mezmo Named 2023 Log Analytics Solution of the Year In Data Breakthrough Awards
VIEW
Down the Observability Pipeline with Mezmo
VIEW
How Developers, SRE Teams, and Security Engineers Use Telemetry Data
VIEW
Data Pipeline Feeds IT's Observability Beast
VIEW
How to Maximize Telemetry Data Value With Observability Pipelines
VIEW
Mezmo Ranks #53 on Inc. Magazine’s List of Fastest-Growing Companies in the Pacific Region
VIEW
Mezmo 2023 Predictions: More Organizations Adopt OpenTelemetry
VIEW
Understanding Observability Data's Impact Across an Organization
VIEW
Solutions Review Names 6 Data Observability Vendors to Watch, 2023
VIEW
DevSecOps Accelerates Incident Detection, Response Efforts
VIEW
2023 Application Performance Management Predictions - Part 3
VIEW
Mezmo-Harris Poll Report Explores the Impact of Observability Data
VIEW
Mezmo Wins Intellyx 2022 Digital Innovator Award
VIEW
Mezmo Ranked No. 164 on Deloitte Technology Fast 500
VIEW
Mezmo Wins 2022 Reworked IMPACT Award
VIEW
Mezmo Unveils Observability Pipeline to Enhance the Value of Data
VIEW
Launching a podcast? Try these 14 tips for greater exposure
VIEW
DevSecOps Expedites Incident Detection and Response Time
VIEW
Mezmo Named A Fastest Growing Company On Inc. 5000
VIEW
DevSecOps Adoption Lags Despite Incident Detection Impact
VIEW
Implementing DevSecOps Means Fewer Incidents
VIEW
DevSecOps Reduces Security Incidents Research Finds
VIEW
What is challenging successful DevSecOps adoption?
VIEW
Fewer than one-quarter of organizations have a DevSecOps strategy
VIEW
DevSecOps delivers significant results but take up remains low
VIEW
DevSecOps adoption is low but packing a punch in user organizations
VIEW
DevSecOps Drives Results, ESG Research Finds
VIEW
101 Most Innovative Information Systems Startups
VIEW
Protocol Enterprise Newsletter: Enterprise Moves
VIEW
Headcount: Firings, Hirings, and Retirings — July 2022
VIEW
“Above the Trend Line” – Your Industry Rumor Central for 8/8/2022
VIEW
Strategies for successful rebranding
VIEW
Key Areas In The IT Performance Vendor Landscape
VIEW
Platform
Agentic SRE
Telemetry Pipeline
Log Analysis
Edge
Integrations
Ingestion
Destinations
Pricing
Pricing
Solutions
AI SRE for root cause
AI-ready context engineering
Reduce log volume
Accelerate resolution times
OTel Migrations
Optimize Datadog costs
Amplify Dynatrace
Modernize observability
Manage data compliance
For developers
For SREs
For AI agents
Resources
Tech documentation
Interactive demos
Blog
Customer case studies
Events
Resource library
Support
Learn
About
Company
News
Careers
Culture
Partners
Legal
Security & compliance
Privacy policy
Terms of service
Cookie policy
Manage your cookie
AI policy
SLA
DPA
BAA
MSA
@2025 Copyright Mezmo Inc.