2018 DevOps Predictions - Part 1
December 18, 2017

The annual list of DevOps Predictions is now a DEVOPSdigest tradition, and one of the most popular series of content on DEVOPSdigest. Last year's predictions list was read by tens of thousands of professionals in the development, IT Ops, and DevOps arenas, and this year's list promises to be even more engaging, as DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, and sometimes controversial predictions on how DevOps and related technologies will evolve and impact business in 2018.

Some of these predictions may actually come true next year, while others may be just as valid but take several years to be realized. Still others may be wishful thinking or unnecessary fears. Some of the predictions even contradict each other. But taken collectively, this list of predictions offers an insider's look at what the DevOps experts are thinking about, planning, expecting and hoping for next year. No matter who ends of being right or wrong, these predictions are all thoughtful and serious visions of the future of DevOps.

On only the third annual list of predictions, DEVOPSdigest will be posting a massive number of predictions, posted in 8 parts over the next few weeks. This vibrant list of exciting predictions serves as an indicator for just how much DevOps is growing in importance, while constantly changing.

Traditionally, we start with a Big Picture look at DevOps, but this year we are jumping right into the topic that seems to be on everyone's DevOps mind for 2018 — security — and the buzzword that says it all: DevSecOps.


Security will become increasingly integrated with the DevOps way of thinking, as DevSecOps becomes less of a trend separate from DevOps itself. In essence, DevSecOps is what DevOps will become.
Jason Bloomberg
President, Intellyx

Security will remain top of mind for customers, but the software development lifecycle will now need to integrate security from start to finish in a seamless way. The need for speed and velocity with quality in development has created a "shift-left" movement that integrates security at development, which needs to be easy and accessible for developers as they write code. It also needs to morph and leverage the immense amounts of data generated by a business to protect data and mitigate risks. DevSecOps will become mainstream and security technologies designed for developers will dominate the security market.
Ayman Sayed
President and Chief Product Officer, CA Technologies

The term "DevOps" continues to be used in too many situations and descriptors. For me, it's a cultural pattern grounded by "Collaboration, Automation, Measurement, and Sharing" (CAMS). In 2018, I think we will begin to see DevSecOps become the new DevOps. Security truly needs to be seamlessly embedded into the systems development life cycle (SDLC) and CI/CD pipeline, instead of an afterthought and a barrier to deployment.
Mike Kail

DevSecOps will become commonplace. In 2017, few vendors have emerged and offered DevSecOps as a strategy to help enterprises secure their development projects. By 2018, this will become more commonplace. Instead of focusing on how to implement DevOps as an overall strategy, enterprises will begin to place a stronger emphasis on the importance of baking security throughout the DevOps lifecycle. By default, vendors will either offer this solution voluntarily or be asked to do so by customer request.
Mark Pundsack
Head of Product, GitLab


Digital security has become a boardroom-level issue — and it's only going to grow in importance as headline-worthy breaches alienate customers and draw government ire. But best-practices security requires more than just bolting better authentication and encryption onto your digital business after the fact. It requires that you build digital integrity directly into your code at every step along the way, from requirements through scrums and testing — DevSecOps. In fact, by using automation to build security checks into your DevOps pipeline earlier and more reliably, you can significantly reduce your organization's exposure to digital risk and reduce your total spending on late-stage application security mitigation tasks.
Aruna Ravichandran
VP of DevOps Solution Marketing and Management, CA Technologies

DevOps continues to grow in usage and importance for enterprises of all sizes. Security teams need to understand that DevOps is quickly changing how IT operates and need to partner with IT and application development teams much earlier in the planning and execution lifecycle, building security into the DevOps pipeline instead of bolting on after the fact, which will create successful DevSecOps programs for organizations. Security teams that try to enable DevSecOps by procuring point solutions that don't integrate with existing security technologies, processes, and reporting will actually create even more security silos and introduce blockers that slow down the speed, agility, and automation that DevOps delivers.
Chris Carlson
VP of Product Management, Qualys

In major data breaches, from Uber to Accenture, information security teams often take the blame for the event. DevOps is now a mainstream too, and in 2018 DevOps teams will no longer get a pass if security incidents result from weak DevOps practices. We may see keys or certificates left unguarded, or encryption not enabled in an open source framework, leaving customer privacy unprotected. Whatever the reason, DevOps is no longer immune to security issues. In 2018, DevOps will change the way it views security. But it's going to take some time.
Kevin Bocek
VP of Security Strategy and Threat Intelligence, Venafi

In 2018, the security teams will be included early in the DevOps process as the need to add this discipline is critical for today's enterprises.
Allan Leinwand
CTO, ServiceNow


Secure by Default takes precedence over ease of use in DevOps. DevSecOps — or the merging of security with DevOps — is rising in prominence to combat omnipresent security vulnerabilities by incorporating preventative measures in the initial development stages. While there was previous tension between easy-to-use and secure-by-default solutions, security has become top of mind again for developers due to GDPR compliance and increasing data regulations. As NoSQL gains prominence in the enterprise space and databases are filled with more customer data, built-in security will continue to become increasingly important.
Ravi Mayuram
SVP of Engineering and CTO, Couchbase


In 2018, the developer-security movement will focus on changes in the infrastructure, security operations and underline development tools, which will narrow down the options to mistakenly damage application security. This will allow better application security without changing the development process or slowing down TTM. We should not expect developers to be security experts, nor should we slow down the development process. Instead, we'll see security baked into developer tools to allow for rapid development, without violating application security.
Guy Peer
VP R&D and Co-Founder, Dyadic


In 2018 one major change we will see as it relates to Application Security (AppSec) is that there will be a reduction of organizations running their own dynamic application security testing (DAST). Many organizations will begin to leverage interactive application security testing (IAST), validating the results by running DAST-as-a-Service. Looking past 2018, the application security testing portfolio will continue to grow with an increase of statistic application security testing (SAS[[AA]] T) as part of the development environment. There will also be a stronger emphasis of security (Sec) into DevOps and will allow developers to take a more active role and ownership in identifying and remediating code vulnerabilities. The DevOps world will be the first to adapt IAST solutions that are able to leverage automation tests to deliver security analysis in real time.
Amit Ashbel
Director of Product Marketing & Cyber Security Evangelist, Checkmarx


New security considerations related to the increase of APIs and open, interconnected platforms will rise in prominence next year. An ecosystem of publicly accessible APIs creates a huge attack surface for hackers in terms of denial of service and ransom attacks, as well as the potential for data breaches and data exfiltration. Major IoT hacks this past year have shown the consequences of a poor security posture and lacking investment in security in IoT product design. Unless the organizations working on the standardization of open APIs do their due diligence and make security a primary component of their specifications and platforms, the API economy will go down the same road. Without proper security in place, the connected future will fail and revert to a connected nightmare where hacks become a daily occurrence.
Pascal Geenens
Security Evangelist, Radware

Read 2018 DevOps Predictions - Part 2, covering DevOps, BizDevOps, NoOps, and more.

Share this

Industry News

June 01, 2020

IT Revolution announced a full conference agenda for DevOps Enterprise Summit London, June 23-25, 2020.

June 01, 2020

Caltech CTME announced that Simplilearn, a global provider of digital skills training, will collaborate with CTME (Caltech's Center for Technology and Management Education) to offer a specialized Post Graduate Program in DevOps software engineering.

June 01, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced the introduction of its SKILup Playbook Library, a dynamic collective body of knowledge (cBok) that aligns thought leadership from industry experts with a set of dynamic, orchestrated artifacts, research and assets.

May 28, 2020

Docker has extended its strategic collaboration with Microsoft to simplify code to cloud application development for developers and development teams by more closely integrating with Azure Container Instances (ACI).

May 28, 2020

Eggplant announced updates to its Digital Automation Intelligence (DAI) platform.

May 28, 2020

Aptum launched its Managed DevOps Service in partnership with CloudOps, a cloud consulting and professional services company specializing in DevOps.

May 27, 2020

Red Hat announced an expansion of its application services portfolio with the addition of Quarkus as a fully supported framework in Red Hat Runtimes.

May 27, 2020

Couchbase has completed a $105 million all-equity Series G round of fundraising.

May 27, 2020

Aqua Security closed a Series D round of $30M led by Greenspring Associates.

May 26, 2020

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

May 26, 2020

Solo.io announced the availability of the Istio Developer Portal to streamline the developer onboarding process for improved developer experience and increased productivity with added security features.

May 26, 2020

WhiteHat Security will offer free application scanning services to any education institution to support secure online learning.

May 21, 2020

Exadel announced the Grand Prize winner of the “Appery.io COVID-19 Virtual Hackathon.”

May 21, 2020

CloudBees announced significant advances for its Software Delivery Management (SDM) platform – integrations with additional continuous integration and continuous delivery (CI/CD) engines, including Google Cloud Build and Tekton, and extension of the availability of CloudBees’ SDM Preview Program.

May 21, 2020

OutSystems is announcing over 70 development accelerators that ensure web and mobile applications created on the OutSystems low-code development platform can comply with the highest accessibility standards and regulations.