As organisations across Asia accelerate digital transformation in 2025, the integration of DevSecOps—embedding security into every phase of the software development lifecycle—has become critical to managing escalating cyber threats.
Cezary Piekarski, Group Chief Information and Security Officer at Standard Chartered emphasises that successful DevSecOps is not merely about adding security checks but about creating a measurable impact on speed, accuracy, and collaboration within development processes.
The State of DevSecOps Integration in 2025
A recent Cloud Security Alliance report highlights how AI is revolutionising DevSecOps by enabling predictive analytics, intelligent automation, and continuous monitoring, which address the growing complexity of the modern software environment.
AI-driven tools empower development teams to identify vulnerabilities early, automate compliance checks, and respond to incidents in real-time, fostering more efficient and resilient DevSecOps practices.
This evolution is essential as organisations increasingly adopt cloud-native architectures, microservices, and agile methodologies, which introduce new security challenges.
Industry analyses and expert interviews highlight that security teams often spend a significant portion of their time managing repetitive tasks and false positives, which automation and AI can dramatically reduce, enabling teams to focus on genuine security issues and accelerate secure software delivery.
For example, integrating automated vulnerability scanning into CI/CD pipelines can reduce security bottlenecks by 60%, enabling faster and more secure software releases. DevOps Research (DORA) further reports that teams using automated CI/CD pipelines deploy 30% more frequently without compromising security.
These findings underscore the imperative to seamlessly embed security into development workflows, not as a gatekeeper but as an engine driving innovation.
Embedding security
Standard Chartered's Piekarski stresses that measuring DevSecOps success requires focusing on key indicators such as deployment frequency, early vulnerability detection, incident response times, and compliance with security policies.
He explains, "If security is truly integrated into the development lifecycle, teams should be able to release software faster—not slower. The goal is secure code at speed".
Automation plays a pivotal role in this, enabling proactive identification of security non-compliances often before code release, thereby reducing surprises downstream and accelerating upstream cycles.
He also highlights the importance of collaboration between development and security teams, stating that constant communication is highly required in this context.
"Both the development and security teams must align their goals constantly, involve all required teams at the planning stage, and have regular cross-functional meetings or even joint training sessions." Cezary Piekarski
This culture of shared responsibility helps break down silos, build trust, and embed security into daily workflows.
To address the DevSecOps skills gap, Piekarski advocates for a pragmatic approach that combines standardised workflows, automation, AI-assisted remediation, and continuous learning.
"Learning is embedded, not optional. Developers have access to targeted self-paced modules linked directly to the most common vulnerabilities we see in our environment," he says, emphasising the transformation of training from a compliance task into a shared pursuit of excellence.
This skills-based mindset extends beyond engineering to product teams and business stakeholders, enhancing organisational resilience.
The role of automation and ai in DevSecOps
Automation is a cornerstone of modern DevSecOps strategies, not to replace human expertise but to amplify it. Piekarski describes how Standard Chartered has embedded automation directly into its development pipelines to ensure security checks occur early and frequently, thereby preventing issues before production.
"We are using automation to streamline remediation, automatically resolving policy gaps, prioritising vulnerabilities based on business impact, and accelerating patching cycles," he explains.
The Cloud Security Alliance report complements this, noting that AI enhances DevSecOps by providing predictive analytics, anomaly detection, and natural language processing capabilities that enable proactive threat detection and real-time incident response.
This integration of AI and automation supports scalability, agility, and resilience, allowing organisations to keep pace with evolving threats while maintaining rapid development cycles.
From a business perspective, automation delivers a tangible return on investment (ROI). A fintech example cited in industry research showed that automating vulnerability scanning reduced release delays by 60% and cut breach-related costs by US$2 million annually.
Moreover, automation reduces manual overhead, saving hundreds of hours annually on compliance audits, and mitigates costly breaches by preventing misconfigurations and vulnerabilities early in the pipeline2. These benefits reinforce why DevSecOps automation is increasingly viewed as a strategic investment rather than a technical afterthought.
Aligning DevSecOps with IT strategy and compliance
Integrating DevSecOps into an organisation's broader IT strategy requires a unified view of risk across cloud, on-premises, and hybrid environments.
Piekarski highlights the importance of governance and continuous compliance, stating, "We have integrated a policy engine into our development pipelines to enforce control adherence, flag policy drift in real-time, and auto-correct deviations. This ensures regulatory compliance is maintained continuously, not just at release gates."
Automated assessments mapped to regulatory controls further help identify and close compliance gaps early. He warns against common pitfalls such as neglecting the cultural dimension of DevSecOps and failing to integrate security tools into CI/CD pipelines.
"One size really doesn't fit all when it comes to adoption, so it is essential to identify components and foster the creation of secure-by-design reusable components," he advises. These blueprints enable rapid, secure deployment and avoid inconsistent security postures across business units.
Key takeaway
As cyber threats escalate and development cycles accelerate, embedding DevSecOps with automation and AI is no longer optional; it is essential. The integration of security into every stage of software development, supported by continuous learning and cross-team collaboration, enables organisations to deliver secure software faster and more reliably.
Drawing from Piekarski's insights, by focusing on measurable outcomes, fostering a security-first culture, and leveraging automation and AI, we can transform DevSecOps from a compliance exercise into a strategic enabler of innovation and resilience.
One more thing to consider: as technology and security practices become the norm rather than the exception across the business, it becomes clear that DevSecOps practices need to be aligned with business objectives to ensure growth, innovation and resilience – among other things.