A new survey of 506 cybersecurity leaders underscores persistent divides between DevOps and security teams, even as shared tools proliferate. While 80% of respondents report using common observability platforms, only 45% describe their workflows as “very aligned,” with 43% opting for “somewhat aligned.” This misalignment persists amid exploding tool counts—93% manage at least three security operations tools, and 45% juggle six or more—fueling complaints of excessive point solutions from 55% of participants. Conducted by UserEvidence for Security Boulevard and detailed in Sumo Logic’s 2026 Security Operations Insights report, the findings highlight a sector straining under complexity.
“The survey makes it clear that there is still significant room for improvement when it comes to collaboration between DevOps and cybersecurity teams even though many of them are now finally using the same observability tools and platforms,” said Chas Clawson, vice president of security strategy at Sumo Logic, in the Sumo Logic press release . All 100% of respondents endorsed unified platforms for logs, metrics, and traces as valuable, with 87% agreeing such integration boosts efficiency and 89% prioritizing real-time threat detection.
Application complexity (56%) and DevOps acceleration (51%) drive tooling updates, yet confidence lags. Only 37% strongly agree their security tools suit modern environments. SIEM platforms draw mixed reviews: 92% deem them effective for reducing mean time to detect and respond, but just 51% call them “very effective,” and 52% express strong future scalability confidence despite 90% viewing it as crucial. Respondents average 4.14 data sources per SIEM, with 36% at five or more—a tally poised to surge with AI, Clawson noted.
Tool Proliferation Fuels Efficiency Drains
Cloud adoption reshapes stacks: 48% mix cloud and on-premises, 37% pursue multi-cloud. Fully 75% credit cloud shifts for modernization needs, and 88% find cloud-native platforms simplify operations. Automation advances—70% report mostly or fully automated threat detection/response, including 25% fully automated—yet pain points endure. High costs top concerns at 63%, echoing the surfeit of point solutions.
AI garners enthusiasm: 90% rate it extremely or very valuable for curbing alert fatigue and honing accuracy, with 96% deploying it somewhat. Still, adoption skews basic, like threat detection, not advanced workflows. “Our report finds that security leaders are continually investing in more and more security and cloud operations tools, but sprawling security tech stacks create additional challenges,” Clawson added in the Sumo Logic release.
“Managing multiple disconnected security tools, and our SIEM in particular, was our biggest headache,” shared Clark Pichon, Security Operations Center Manager at Battelle. “Sumo Logic gives us a single platform to unify everything, helping us address the challenges of integrating AI into our security workflows and respond faster to threats.”
Broader Industry Echoes Persistent Challenges
GitLab’s ninth annual Global DevSecOps Survey of 3,266 professionals spotlights AI’s role in reshaping roles, urging skills in human-AI splits and inefficient process losses for 2026. Meanwhile, Datadog’s State of DevSecOps reveals 15% of services vulnerable to known exploits, hitting 30% of organizations, with Java services at 44%. “Without context, severity is just noise. True security comes not from patching everything, but from knowing what actually matters,” said Jean Burellier, Principal Software Engineer at Sanofi, in the Datadog report .
Spacelift’s 2026 DevOps stats note DevSecOps adoption climbing from 27% in 2020 to 36%, amid a market ballooning toward $41.66 billion by 2030 at 30.76% CAGR. Yet 37% of IT leaders flag DevOps/DevSecOps skills shortages as prime gaps. StrongDM’s tally shows DevSecOps streamlining pipelines but battling implementation hurdles, while Practical DevSecOps stresses breaking silos for shared responsibility.
Checkmarx surveys echo tensions: speed versus security, tool integration woes, poor collaboration. ZeroNorth’s older poll found security champions boosting AppSec and ties, with 84% affirming gains. Gartner data via Malware News ties 27% security outcome improvements to strong dev-sec collaboration, achieved by just 29%.
Cloud and AI Amplify Integration Pressures
Nearly half of Sumo Logic respondents blend cloud/on-premises, with 90% stressing multi/hybrid data for SIEM. Legacy SIEMs falter: 92% say they scale currently, but future doubts loom. X discussions, including Sumo Logic’s posts, amplify calls for unified platforms as single truths for DevSecOps.
Datadog flags dependency lags—median 215 days behind major versions, JVM at 401—with 50% services using unmaintained libraries. IaC dominates at 80% adoption (59% Terraform), but 38% mix ClickOps, risking errors. Container shifts to minimal images cut vulnerabilities: under 100MB average three severe (median zero) versus 20 for larger.
Forrester via JFrog on X estimates $5.4 million benefits from consolidation, slashing fixes 80% and licenses 71%, reclaiming 20% developer time. Black Duck’s 2023 report (still cited) notes 53% weekly AppSec testing for critical apps, 31% daily.
Path Forward: Unification and Upskilling
Surveys converge on unified tooling as antidote. Sumo Logic pushes platforms bridging silos for real-time visibility. GitLab eyes AI redefining roles, demanding new skills. Datadog urges context-driven prioritization, OIDC over IAM, frequent deploys.
Practical steps emerge: policy-as-code, shift-left, security champions. As Clawson observed, AI data influx challenges legacy SIEMs. “The number of data sources is likely to exponentially increase in the age of artificial intelligence (AI) which suggests that many legacy SIEM platforms will not be able to keep pace,” he told Security Boulevard.
Enterprise leaders face imperative: align teams, consolidate stacks, harness AI proactively. With threats evolving and velocity unrelenting, bridging DevSecOps gaps determines resilience in 2026’s high-stakes arena.
Leave a Reply
Your email address will not be published.