2018 DevOps Predictions - Part 1
December 18, 2017

The annual list of DevOps Predictions is now a DEVOPSdigest tradition, and one of the most popular series of content on DEVOPSdigest. Last year's predictions list was read by tens of thousands of professionals in the development, IT Ops, and DevOps arenas, and this year's list promises to be even more engaging, as DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, and sometimes controversial predictions on how DevOps and related technologies will evolve and impact business in 2018.

Some of these predictions may actually come true next year, while others may be just as valid but take several years to be realized. Still others may be wishful thinking or unnecessary fears. Some of the predictions even contradict each other. But taken collectively, this list of predictions offers an insider's look at what the DevOps experts are thinking about, planning, expecting and hoping for next year. No matter who ends of being right or wrong, these predictions are all thoughtful and serious visions of the future of DevOps.

On only the third annual list of predictions, DEVOPSdigest will be posting a massive number of predictions, posted in 8 parts over the next few weeks. This vibrant list of exciting predictions serves as an indicator for just how much DevOps is growing in importance, while constantly changing.

Traditionally, we start with a Big Picture look at DevOps, but this year we are jumping right into the topic that seems to be on everyone's DevOps mind for 2018 — security — and the buzzword that says it all: DevSecOps.


Security will become increasingly integrated with the DevOps way of thinking, as DevSecOps becomes less of a trend separate from DevOps itself. In essence, DevSecOps is what DevOps will become.
Jason Bloomberg
President, Intellyx

Security will remain top of mind for customers, but the software development lifecycle will now need to integrate security from start to finish in a seamless way. The need for speed and velocity with quality in development has created a "shift-left" movement that integrates security at development, which needs to be easy and accessible for developers as they write code. It also needs to morph and leverage the immense amounts of data generated by a business to protect data and mitigate risks. DevSecOps will become mainstream and security technologies designed for developers will dominate the security market.
Ayman Sayed
President and Chief Product Officer, CA Technologies

The term "DevOps" continues to be used in too many situations and descriptors. For me, it's a cultural pattern grounded by "Collaboration, Automation, Measurement, and Sharing" (CAMS). In 2018, I think we will begin to see DevSecOps become the new DevOps. Security truly needs to be seamlessly embedded into the systems development life cycle (SDLC) and CI/CD pipeline, instead of an afterthought and a barrier to deployment.
Mike Kail

DevSecOps will become commonplace. In 2017, few vendors have emerged and offered DevSecOps as a strategy to help enterprises secure their development projects. By 2018, this will become more commonplace. Instead of focusing on how to implement DevOps as an overall strategy, enterprises will begin to place a stronger emphasis on the importance of baking security throughout the DevOps lifecycle. By default, vendors will either offer this solution voluntarily or be asked to do so by customer request.
Mark Pundsack
Head of Product, GitLab


Digital security has become a boardroom-level issue — and it's only going to grow in importance as headline-worthy breaches alienate customers and draw government ire. But best-practices security requires more than just bolting better authentication and encryption onto your digital business after the fact. It requires that you build digital integrity directly into your code at every step along the way, from requirements through scrums and testing — DevSecOps. In fact, by using automation to build security checks into your DevOps pipeline earlier and more reliably, you can significantly reduce your organization's exposure to digital risk and reduce your total spending on late-stage application security mitigation tasks.
Aruna Ravichandran
VP of DevOps Solution Marketing and Management, CA Technologies

DevOps continues to grow in usage and importance for enterprises of all sizes. Security teams need to understand that DevOps is quickly changing how IT operates and need to partner with IT and application development teams much earlier in the planning and execution lifecycle, building security into the DevOps pipeline instead of bolting on after the fact, which will create successful DevSecOps programs for organizations. Security teams that try to enable DevSecOps by procuring point solutions that don't integrate with existing security technologies, processes, and reporting will actually create even more security silos and introduce blockers that slow down the speed, agility, and automation that DevOps delivers.
Chris Carlson
VP of Product Management, Qualys

In major data breaches, from Uber to Accenture, information security teams often take the blame for the event. DevOps is now a mainstream too, and in 2018 DevOps teams will no longer get a pass if security incidents result from weak DevOps practices. We may see keys or certificates left unguarded, or encryption not enabled in an open source framework, leaving customer privacy unprotected. Whatever the reason, DevOps is no longer immune to security issues. In 2018, DevOps will change the way it views security. But it's going to take some time.
Kevin Bocek
VP of Security Strategy and Threat Intelligence, Venafi

In 2018, the security teams will be included early in the DevOps process as the need to add this discipline is critical for today's enterprises.
Allan Leinwand
CTO, ServiceNow


Secure by Default takes precedence over ease of use in DevOps. DevSecOps — or the merging of security with DevOps — is rising in prominence to combat omnipresent security vulnerabilities by incorporating preventative measures in the initial development stages. While there was previous tension between easy-to-use and secure-by-default solutions, security has become top of mind again for developers due to GDPR compliance and increasing data regulations. As NoSQL gains prominence in the enterprise space and databases are filled with more customer data, built-in security will continue to become increasingly important.
Ravi Mayuram
SVP of Engineering and CTO, Couchbase


In 2018, the developer-security movement will focus on changes in the infrastructure, security operations and underline development tools, which will narrow down the options to mistakenly damage application security. This will allow better application security without changing the development process or slowing down TTM. We should not expect developers to be security experts, nor should we slow down the development process. Instead, we'll see security baked into developer tools to allow for rapid development, without violating application security.
Guy Peer
VP R&D and Co-Founder, Dyadic


In 2018 one major change we will see as it relates to Application Security (AppSec) is that there will be a reduction of organizations running their own dynamic application security testing (DAST). Many organizations will begin to leverage interactive application security testing (IAST), validating the results by running DAST-as-a-Service. Looking past 2018, the application security testing portfolio will continue to grow with an increase of statistic application security testing (SAS[[AA]] T) as part of the development environment. There will also be a stronger emphasis of security (Sec) into DevOps and will allow developers to take a more active role and ownership in identifying and remediating code vulnerabilities. The DevOps world will be the first to adapt IAST solutions that are able to leverage automation tests to deliver security analysis in real time.
Amit Ashbel
Director of Product Marketing & Cyber Security Evangelist, Checkmarx


New security considerations related to the increase of APIs and open, interconnected platforms will rise in prominence next year. An ecosystem of publicly accessible APIs creates a huge attack surface for hackers in terms of denial of service and ransom attacks, as well as the potential for data breaches and data exfiltration. Major IoT hacks this past year have shown the consequences of a poor security posture and lacking investment in security in IoT product design. Unless the organizations working on the standardization of open APIs do their due diligence and make security a primary component of their specifications and platforms, the API economy will go down the same road. Without proper security in place, the connected future will fail and revert to a connected nightmare where hacks become a daily occurrence.
Pascal Geenens
Security Evangelist, Radware

Read 2018 DevOps Predictions - Part 2, covering DevOps, BizDevOps, NoOps, and more.

Share this

Industry News

February 06, 2023

Red Hat announced the availability of Red Hat Ansible Automation Platform on Google Cloud, providing a common and flexible IT automation solution that extends from the cloud, to the datacenter and out to the edge without additional complexity or required skills.

February 06, 2023

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

February 06, 2023

Netlify has acquired Gatsby Inc.

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.