December 16 11:17
Today, up to 80–90% of enterprise software consists of third-party libraries and open-source components. This speeds up the output of digital solutions, but makes the external code a point of potential threat: it may contain vulnerabilities or hidden functionality. Therefore, large companies are moving towards secure development pipelines. These conclusions were formulated by analysts of the T1 IT holding in the report “IT Market in Russia 2025-2026: Impulses, Energy and Potential”.
In their opinion, there is a demand in the market for DevSecOps practices, which are being standardized, including by the state: GOSTs and methodological recommendations appear, and the implementation of such pipelines is carried out in tandem with integrators and departments.
Those companies that are not directly pressured by regulatory requirements chose to remain on foreign solutions without updates and support, while the rest gradually completed import substitution. Over the course of several years, many full-fledged development tools have appeared on the Russian market, which are not inferior to foreign analogues, and in some niches are superior to them in flexibility and adaptation to customer infrastructure.
Nevertheless, migration remains a complex and inertial process: corporate specialists are accustomed to the interfaces of Western tools, changing pipelines requires a deep reassembly of the architectural pipeline, and the effect of educational programs will only appear through a generation of young DevOps personnel for whom local products will be “native.”
According to T1, in 2025 AI will change the development architecture and become an everyday tool. Neural networks are implemented in corporate process pipelines and support specialists at all stages: from generating tests and documentation to recommendations for design and optimization of architectural solutions. This lowers the entry barrier for beginning developers and compensates for staff shortages, freeing up time for complex tasks. The future of DevSecOps solutions is hybrid platforms that do not limit development freedom, but recommend best practices, prevent errors in the early stages, help assess risks and choose optimal technology strategies.
At the same time, the demand for controllability of development efficiency is growing: companies realize that Time-to-Market and code quality have become metrics of business competition. There is a demand for tools for measuring team performance, but universal solutions that integrate DORA, SPACE and other methodologies into the daily processes of large companies do not yet exist.
Finally, the lack of trust in SaaS and cloud services makes enterprise development truly local: everything from CI/CD and DevOps tools to specialized AI must be deployed within the corporate perimeter. Business requires alienated systems that are trained and modified at the customer’s site, without transferring data outside. This forms a model comparable to the “automated airliner cockpit,” where routine activities are delegated to the system and the designer controls the direction and strategy. Such a universal intelligent “add-on” for DevSecOps platforms is a trend that will determine the structure of the IT market in the coming years.
“Security and AI will play the role of the main drivers of Russian DevOps in the coming years. Import substitution will become the background, and competition for efficiency, speed of innovation and the construction of intelligent platforms in which development management remains under the control of the corporate client will come to the fore,” notes Evgeny Kosinenko, director of the Sfera platform division from the T1 IT holding.
