Abstract

As digital transformation accelerates, organizations increasingly turn to agile software development and deployment practices like DevOps. However, incorporating security into these processes through DevSecOps presents significant challenges, particularly in cultural adaptation and alignment with IT governance. This study explores the challenges of adopting DevSecOps from two crucial perspectives: organizational culture and IT governance. Through a thorough literature review and the development of a conceptual framework, we identify human-related barriers such as resistance to change, lack of awareness, and communication gaps, along with governance-related constraints such as inadequate policies, misalignment of risks, and compliance issues. To tackle these challenges, we propose a Plan-Do-Check-Act (PDCA) implementation model that provides a practical approach for transforming organizational culture and improving IT governance. This approach aims to bridge the gap between development, security, and operations while aligning with strategic business objectives. Future research in this field could include empirically validating the model through case studies.

Download

Share

COinS