DevOps has dramatically changed the way IT businesses operate and innovate. It enabled them to develop and deliver products at a speed and scale. Amid this paradigm shift, the business realized that the traditional "bolt-on" security techniques and manual controls that are reliant on legacy practices are not keeping pace with high-velocity, continuous delivery software development. Indeed, in the DevOps ecosystem, the security aspect was tackled by a separate security team and quality assurance teams at the end of the software development cycle (as an afterthought), which created an unacceptable bottleneck. And DevSecOps seeks to solve this security conundrum by integrating security practices and controls throughout the software development lifecycle (SDLC).
DevSecOps addresses security issues as they emerge before they're pushed into production, when they're easier and less expensive to fix. Moreover, it makes the application and infrastructure security a shared responsibility of the development, security, and IT operations teams, rather than the sole responsibility of the security engineers. As security is backed into every phase of the DevOps lifecycle, the business can now build more secure, high-quality software at speed and scale.