2018 DevOps Predictions - Part 1
December 18, 2017

The annual list of DevOps Predictions is now a DEVOPSdigest tradition, and one of the most popular series of content on DEVOPSdigest. Last year's predictions list was read by tens of thousands of professionals in the development, IT Ops, and DevOps arenas, and this year's list promises to be even more engaging, as DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, and sometimes controversial predictions on how DevOps and related technologies will evolve and impact business in 2018.

Some of these predictions may actually come true next year, while others may be just as valid but take several years to be realized. Still others may be wishful thinking or unnecessary fears. Some of the predictions even contradict each other. But taken collectively, this list of predictions offers an insider's look at what the DevOps experts are thinking about, planning, expecting and hoping for next year. No matter who ends of being right or wrong, these predictions are all thoughtful and serious visions of the future of DevOps.

On only the third annual list of predictions, DEVOPSdigest will be posting a massive number of predictions, posted in 8 parts over the next few weeks. This vibrant list of exciting predictions serves as an indicator for just how much DevOps is growing in importance, while constantly changing.

Traditionally, we start with a Big Picture look at DevOps, but this year we are jumping right into the topic that seems to be on everyone's DevOps mind for 2018 — security — and the buzzword that says it all: DevSecOps.

DEVOPS BECOMES DEVSECOPS

Security will become increasingly integrated with the DevOps way of thinking, as DevSecOps becomes less of a trend separate from DevOps itself. In essence, DevSecOps is what DevOps will become.
Jason Bloomberg
President, Intellyx

Security will remain top of mind for customers, but the software development lifecycle will now need to integrate security from start to finish in a seamless way. The need for speed and velocity with quality in development has created a "shift-left" movement that integrates security at development, which needs to be easy and accessible for developers as they write code. It also needs to morph and leverage the immense amounts of data generated by a business to protect data and mitigate risks. DevSecOps will become mainstream and security technologies designed for developers will dominate the security market.
Ayman Sayed
President and Chief Product Officer, CA Technologies

The term "DevOps" continues to be used in too many situations and descriptors. For me, it's a cultural pattern grounded by "Collaboration, Automation, Measurement, and Sharing" (CAMS). In 2018, I think we will begin to see DevSecOps become the new DevOps. Security truly needs to be seamlessly embedded into the systems development life cycle (SDLC) and CI/CD pipeline, instead of an afterthought and a barrier to deployment.
Mike Kail
CTO, CYBRIC

DevSecOps will become commonplace. In 2017, few vendors have emerged and offered DevSecOps as a strategy to help enterprises secure their development projects. By 2018, this will become more commonplace. Instead of focusing on how to implement DevOps as an overall strategy, enterprises will begin to place a stronger emphasis on the importance of baking security throughout the DevOps lifecycle. By default, vendors will either offer this solution voluntarily or be asked to do so by customer request.
Mark Pundsack
Head of Product, GitLab

DIGITAL SECURITY SHIFT LEFT

Digital security has become a boardroom-level issue — and it's only going to grow in importance as headline-worthy breaches alienate customers and draw government ire. But best-practices security requires more than just bolting better authentication and encryption onto your digital business after the fact. It requires that you build digital integrity directly into your code at every step along the way, from requirements through scrums and testing — DevSecOps. In fact, by using automation to build security checks into your DevOps pipeline earlier and more reliably, you can significantly reduce your organization's exposure to digital risk and reduce your total spending on late-stage application security mitigation tasks.
Aruna Ravichandran
VP of DevOps Solution Marketing and Management, CA Technologies

DevOps continues to grow in usage and importance for enterprises of all sizes. Security teams need to understand that DevOps is quickly changing how IT operates and need to partner with IT and application development teams much earlier in the planning and execution lifecycle, building security into the DevOps pipeline instead of bolting on after the fact, which will create successful DevSecOps programs for organizations. Security teams that try to enable DevSecOps by procuring point solutions that don't integrate with existing security technologies, processes, and reporting will actually create even more security silos and introduce blockers that slow down the speed, agility, and automation that DevOps delivers.
Chris Carlson
VP of Product Management, Qualys

In major data breaches, from Uber to Accenture, information security teams often take the blame for the event. DevOps is now a mainstream too, and in 2018 DevOps teams will no longer get a pass if security incidents result from weak DevOps practices. We may see keys or certificates left unguarded, or encryption not enabled in an open source framework, leaving customer privacy unprotected. Whatever the reason, DevOps is no longer immune to security issues. In 2018, DevOps will change the way it views security. But it's going to take some time.
Kevin Bocek
VP of Security Strategy and Threat Intelligence, Venafi

In 2018, the security teams will be included early in the DevOps process as the need to add this discipline is critical for today's enterprises.
Allan Leinwand
CTO, ServiceNow

SECURE BY DEFAULT

Secure by Default takes precedence over ease of use in DevOps. DevSecOps — or the merging of security with DevOps — is rising in prominence to combat omnipresent security vulnerabilities by incorporating preventative measures in the initial development stages. While there was previous tension between easy-to-use and secure-by-default solutions, security has become top of mind again for developers due to GDPR compliance and increasing data regulations. As NoSQL gains prominence in the enterprise space and databases are filled with more customer data, built-in security will continue to become increasingly important.
Ravi Mayuram
SVP of Engineering and CTO, Couchbase

SECURITY BAKED INTO DEVELOPER TOOLS

In 2018, the developer-security movement will focus on changes in the infrastructure, security operations and underline development tools, which will narrow down the options to mistakenly damage application security. This will allow better application security without changing the development process or slowing down TTM. We should not expect developers to be security experts, nor should we slow down the development process. Instead, we'll see security baked into developer tools to allow for rapid development, without violating application security.
Guy Peer
VP R&D and Co-Founder, Dyadic

INTERACTIVE APPLICATION SECURITY TESTING (IAST)

In 2018 one major change we will see as it relates to Application Security (AppSec) is that there will be a reduction of organizations running their own dynamic application security testing (DAST). Many organizations will begin to leverage interactive application security testing (IAST), validating the results by running DAST-as-a-Service. Looking past 2018, the application security testing portfolio will continue to grow with an increase of statistic application security testing (SAS[[AA]] T) as part of the development environment. There will also be a stronger emphasis of security (Sec) into DevOps and will allow developers to take a more active role and ownership in identifying and remediating code vulnerabilities. The DevOps world will be the first to adapt IAST solutions that are able to leverage automation tests to deliver security analysis in real time.
Amit Ashbel
Director of Product Marketing & Cyber Security Evangelist, Checkmarx

API SECURITY RISK

New security considerations related to the increase of APIs and open, interconnected platforms will rise in prominence next year. An ecosystem of publicly accessible APIs creates a huge attack surface for hackers in terms of denial of service and ransom attacks, as well as the potential for data breaches and data exfiltration. Major IoT hacks this past year have shown the consequences of a poor security posture and lacking investment in security in IoT product design. Unless the organizations working on the standardization of open APIs do their due diligence and make security a primary component of their specifications and platforms, the API economy will go down the same road. Without proper security in place, the connected future will fail and revert to a connected nightmare where hacks become a daily occurrence.
Pascal Geenens
Security Evangelist, Radware

Read 2018 DevOps Predictions - Part 2, covering DevOps, BizDevOps, NoOps, and more.

Share this

Industry News

September 24, 2020

NetApp announced the availability of Elastigroup for Microsoft Azure Spot Virtual Machines (VMs).

September 24, 2020

CloudBees announced a robust new set of DevSecOps capabilities for CloudBees CI and CloudBees CD. The new capabilities enable customers to perform early and frequent security checks and ensure that security is an integral part of the whole software delivery pipeline workflow, without sacrificing speed or increasing risk.

September 24, 2020

Pulumi announced the release of a Pulumi-native provider for Microsoft Azure that provides 100% coverage of Azure Resource Manager (ARM), the deployment and management service for Azure that enables users to create, update and delete resources in their Azure accounts.

September 23, 2020

Puppet announced new Windows services, integrations and enhancements aimed at making it easier to automate and manage infrastructure using tools Windows admins rely on. The latest updates include services around Group Policy Migration and Chocolatey, as well as enhancements to the Puppet VS Code Extension, and a new Puppet PowerShell DSC Builder module.

September 23, 2020

Red Hat announced the release of Red Hat OpenShift Container Storage 4.5, delivering Kubernetes-based data services for modern, cloud-native applications across the open hybrid cloud.

September 23, 2020

Copado, a native DevOps platform for Salesforce, has acquired ClickDeploy.

September 22, 2020

CloudBees announced general availability of the first two modules of its Software Delivery Management solution.

September 22, 2020

Applause announced the availability of its Bring Your Own Testers (BYOT) feature that enables clients to manage their internal teams – employees, friends, family members and existing customers – and invite them to test cycles in the Applause Platform alongside Applause’s vetted and expert community of testers.

September 22, 2020

Kasten announced the integration of the K10 data management platform with VMware vSphere and Tanzu Kubernetes Grid Service.

September 21, 2020

PagerDuty entered into a definitive agreement to acquire Rundeck, a provider of DevOps automation for enterprise.

September 21, 2020

Grafana Labs announced the release of Grafana Metrics Enterprise, a modern Prometheus-as-a-Service solution designed for the scale, architecture, and security needs of enterprises as they expand their observability initiatives.

September 21, 2020

Portshift's Cloud Workload Protection platform is now available through the Red Hat Marketplace.

September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.