How industries are evolving their DevOps and security practices

There’s significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet’s report based on nearly 3,000 responses.

DevOps security integration

“Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle,” said Alanna Brown, Sr. Director Community and Developer Relations at Puppet.

Industries were measured based on their overall DevOps maturation and current state of security integrations.


The technology industry leads the way for both DevOps maturation and security integration for requirements, design, building and testing. One interesting observation around this industry is that 35 percent of these companies view security as a shared responsibility by all teams, not just the security team — compared to the industry average of 31 percent.

It also had the highest degree of leadership support for DevOps initiatives. 28 percent of technology respondents say that leadership always supports DevOps initiatives.

Financial services and insurance

This sector has the largest number of organizations that are in the group characterized as Medium on the DevOps evolution journey. Conversely, they have the lowest number of organizations that are characterized as High.

This shows that the financial services and insurance industry have a solid foundation of DevOps practices to build upon, but advancing beyond the middle is challenging.

Audits also stand out in financial services and insurances and not in a good way. Only 17 percent of financial services and insurance industry respondents strongly agree with the statement “Our audit process helps minimize risk to the business.” This is the lowest of all the industries — the overall average is 24 percent.


The telecom industry has made significant progress to evolve its DevOps practices. The number of companies that scored in the High category of the DevOps evolution rose 42 percent since last year’s survey.

One glaring challenge with this industry is it has the highest level of friction between security and delivery teams — 19 percent of companies reported friction when collaborating together.

DevOps security integration


The retail industry has the highest percentage of firms that can and do deploy on demand — 57 percent are capable of deploying to production on demand and 28 percent say that they are actually deploying on demand. This industry also resolves their critical vulnerabilities the fastest with 53 percent reporting remediation in under one day.


Conversely to the retail sector, government agencies reported the slowest time to remediate critical vulnerabilities with three percent of respondents being able to remediate in less than one hour and 24 percent able to remediate in less than one day.

In terms of security integration, there’s no real middle ground in the industry, 43 percent of respondents report either significant integration or full integration while 42 percent have no or minimal integration.

Don't miss