Optimise Performance of your IT Organisation | Enterprise Technology & Perfomance


Optimise Performance of your IT Organisation: A Guide to Assess and Improve DevSecOps Maturity

Software Delivery Lifecycle and Deloitte DevSecOps maturity assessment

Is your organisation’s software delivery process experiencing hiccups? Is your organisation struggling to keep up with developments in the market and you do not know where to start to improve your organisation’s IT capabilities? The Deloitte DevSecOps maturity assessment helps your organisation gain insight into where your organisation currently stands in terms of DevSecOps maturity and provides actionable recommendations for acceleration and further growth. But why would you want to assess if your organization is DevSecOps mature? What is the Deloitte approach? This blog post elaborates on why and how to assess your organisation’s DevSecOps maturity by introducing the Deloitte DevSecOps maturity assessment.

By Marlies Quekel & Koen Meijer

Why assess an organisation’s DevSecOps maturity?

In today’s rapidly evolving digital landscape, companies must keep pace with the demands of a highly competitive market by delivering high-quality software solutions quickly, efficiently, and securely. Enter DevSecOps – a cultural and technical approach that seamlessly consolidates development and operations teams, while integrating security into every stage of the software delivery process. Companies that correctly embrace DevSecOps as part of their software delivery strategy are poised to gain a competitive advantage, reduce risk, and deliver greater value to their customers.

Therefore, assessing an organisation’s DevSecOps maturity is crucial – allowing an organisation to mature their capabilities and Software Delivery Lifecycle. The DevSecOps assessment provides clear insights into the current maturity levels in the Software Delivery Lifecycle – while aligning the organisation with best practices, industry standards, latest trends, and technologies. By evaluating an organisation’s strengths and weaknesses, they can identify areas for improvements and prioritize these improvement areas which will have the largest impact on improving the Software Delivery Lifecycle. Finally, the assessment serves as a baseline for tracking an organisation’s transformation progress towards its desired DevSecOps end-state – further maturing the service delivery from ideation to operation.

How to assess and improve DevSecOps maturity using the Deloitte DevSecOps maturity assessment?

At the base of the Deloitte DevSecOps maturity assessment, stands the Software Delivery Lifecycle and its DevSecOps practices. The Software Delivery Lifecycle phases consist of Plan, Code, Build, Test, Release, Deploy, Operate, Monitor and Flow Optimization. Each of these phases are crucial when delivering software and each of these phases should be optimised to accelerate software delivery. DevSecOps practices apply continuous automation cycles throughout software development and operations processes.

The continuous automation cycles in the Software Delivery Lifecycle process are continuous planning, continuous integration, continuous delivery, continuous testing, continuous operations, and continuous security. Each continuous automation cycle plays an important role in DevSecOps maturity and the adoption of DevSecOps into your organisation, since they are the glue that combine the different phases in the Software Delivery Lifecycle and help accelerate software delivery.

The Deloitte DevSecOps maturity assessment gives insights into the maturity levels of DevSecOps & CI/CD capabilities in the different phases of the Software Delivery Lifecycle. Deloitte performs qualitative interviews to further deep dive into the maturity levels of the Software Delivery Lifecycle phases, its capabilities and continuous automation cycles. The goal of these qualitative interviews is to identify any bottlenecks and dependencies that lie in the Software Delivery Lifecycle. The qualitative interviews in combination with the quantitative assessment provide a holistic overview of the organisations DevSecOps maturity. As a result, Deloitte provides the organisation with a thorough rapport highlighting the organisations’ maturity levels in the Software Delivery Lifecycle and their capabilities.

As a next step, Deloitte determines an organisation’s ambition in adopting DevSecOps. During a workshop, Deloitte elaborates on the organisations’ current maturity levels in the Software Delivery Lifecycle and their capabilities. Per capability, Deloitte provides actionable recommendations for further growth. These recommendations for further growth are discussed and prioritized on a prioritization matrix together with the stakeholders in the organisation.

To summarize, after completing the Deloitte DevSecOps assessment, the organisation receives: 

  • A thorough report highlighting the organisations’ maturity levels in the Software Delivery Lifecycle and their capabilities
  • Per capability, an overview of actionable recommendations for further growth prioritized on a prioritisation matrix.

Afterwards, the organisation has a map with which they continue their journey in reaching the desired level of DevSecOps maturity and to (continuously) succeed in a world that is increasingly competing in speed, stability, and security. 

What are the best practices and lessons learned at Deloitte’s clients?

Having performed the Deloitte DevSecOps maturity assessment at clients, there are several best practices and lessons learned that have proven to be effective. When conducting the quantitative survey, interviews, and workshops, these aspects should be taken into consideration:

  • Combine quantitative & qualitative methods: Quantitative assessments show the maturity levels and growth areas, while qualitative interviews reveal challenges within an organisation.
  • Involve a variety of key stakeholders: Consider multiple perspectives and viewpoints during the questionnaire, interviews, and workshops by including key stakeholders from varying roles – ultimately leading to a more effective assessment and improvements roadmap.
  • Make room for innovation and avoid bottleneck-only focus: While identifying improvement items is a vital step, it is equally important to ensure space for innovation and ideation within an organisation to ultimately improve the software delivery process. Solely fixing bottlenecks in the Software Delivery Lifecycle restricts room for innovation and hinders growth in the DevSecOps maturity levels.
  • Define clear business objectives: Having a clear understanding of what an organisation wants to achieve, they can more easily prioritize efforts and make informed decisions about which improvement item to tackle first – ultimately helping with minimizing waste, maximizing resources, and achieving better results.

Want to learn more?

Want to learn more about DevSecOps maturity and how to create DevSecOps mature teams, please feel free to reach out to the Deloitte DevSecOps practitioners mentioned at the bottom of this blog post.

Did you find this useful?