Telco Innovation Requires Accelerating Secure Software Development with DevSecOps

Telecommunications providers are under unprecedented pressure to innovate while maintaining robust and resilient supply chains.

PwC estimates that global data consumption over telecom networks could triple by 2027 due to surging demand for high-speed connectivity, advanced telecom services such as streaming, and immersive applications such as VR and gaming. Only by creating smarter, more agile networks and streamlining software development processes can telecoms accelerate time to market while securing sensitive customer data from cyber attacks.

Telcos can integrate data-driven decision-making throughout their organisations by adopting DevSecOps practices that unify development, operations, and security across the software development lifecycle while optimising supply chain operations, enhancing customer experiences, and reducing costs.

Streamlining secure software development

The recent enforcement of the UK Product Security and Telecommunications Infrastructure (PSTI) Act makes cyber security a legislative requirement for all digitally connected products and telecommunications infrastructure in the UK.

DevSecOps is a practice and methodology that integrates security into every stage of the DevOps process. It emphasises collaboration, communication, and integration between software development, security, and IT operations teams for faster, higher-quality software delivery that is secure from the start.

DevSecOps adoption has increased in recent years as telcos look to new ways of working to increase the velocity of building and delivering secure applications and services. According to GitLab’s Global DevSecOps Report, more than half (58%) of telcos use DevOps or DevSecOps methodologies to build software.

Modern software contains many dependencies, such as relationships between different components in which one relies on the other to work effectively. To avoid the risk of vulnerabilities that cybercriminals could exploit, development teams must ensure that each of these components—and their dependencies—is secure.

However, security isn’t the only benefit. Deutsche Telekom, one of the world's leading integrated telecommunications companies, has evolved from a classic phone company to a software company that sells telecommunications services by adopting DevSecOps methodologies. The company has improved its time to market for new products and services by 6X while building security into every aspect of its software development lifecycle.

Simplifying your toolchain

Many organisations have integrated various DevOps point solutions, but these tools are often time- and resource-intensive to maintain, ultimately working against their business-critical mission and halting innovation.

Our research found that seven out of ten developers spent a quarter of their time maintaining their DevOps toolchains. What’s more, many toolchains are built on open-source packages that may contain vulnerabilities, which can leave organisations open to exploitation and inject further vulnerabilities into a vendor’s software development program.

For telcos, providing value depends on delivering smart and agile services to customers, thus making time spent maintaining toolchains time wasted. Managing a single platform instead of multiple tools makes it easier for developers to create efficient and trustworthy software. DevSecOps aims to integrate development, security, and IT teams to increase productivity and identify bottlenecks with shared visibility into the behavior of their applications and workflows. It can provide organisations with an end-to-end view of value delivery to create a shared, collaborative context, remove organisational silos, and ultimately free up developers to focus on creating the best software possible.

For example, FullSave, a telecommunications infrastructure operator, has leveraged DevSecOps practices to improve communication, collaboration, and efficiencies by simplifying software development processes and reducing integration issues and errors. Using automated capabilities within a DevSecOps platform has eased the company’s entire software development lifecycle and increased the speed of development and deployment from months to days.

Telcos must innovate to drive new services, gain a competitive advantage, and position themselves for long-term success in today's dynamic business environment. DevSecOps allows them to deliver software quickly and securely and contribute to the industry's ongoing evolution.

Michel Isnard, VP for GitLab EMEA, has more than 30 years experience as a technology leader at top global and French technology companies. He lives and works in France.