The annual list of DevOps Predictions is now a DEVOPSdigest tradition, and one of the most popular series of content on DEVOPSdigest. Last year's predictions list was read by tens of thousands of professionals in the development, IT Ops, and DevOps arenas, and this year's list promises to be even more engaging, as DevOps experts — analysts and consultants, users and the top vendors — offer thoughtful, insightful, and sometimes controversial predictions on how DevOps and related technologies will evolve and impact business in 2018.
Some of these predictions may actually come true next year, while others may be just as valid but take several years to be realized. Still others may be wishful thinking or unnecessary fears. Some of the predictions even contradict each other. But taken collectively, this list of predictions offers an insider's look at what the DevOps experts are thinking about, planning, expecting and hoping for next year. No matter who ends of being right or wrong, these predictions are all thoughtful and serious visions of the future of DevOps.
On only the third annual list of predictions, DEVOPSdigest will be posting a massive number of predictions, posted in 8 parts over the next few weeks. This vibrant list of exciting predictions serves as an indicator for just how much DevOps is growing in importance, while constantly changing.
Traditionally, we start with a Big Picture look at DevOps, but this year we are jumping right into the topic that seems to be on everyone's DevOps mind for 2018 — security — and the buzzword that says it all: DevSecOps.
DEVOPS BECOMES DEVSECOPS
Security will become increasingly integrated with the DevOps way of thinking, as DevSecOps becomes less of a trend separate from DevOps itself. In essence, DevSecOps is what DevOps will become.
Security will remain top of mind for customers, but the software development lifecycle will now need to integrate security from start to finish in a seamless way. The need for speed and velocity with quality in development has created a "shift-left" movement that integrates security at development, which needs to be easy and accessible for developers as they write code. It also needs to morph and leverage the immense amounts of data generated by a business to protect data and mitigate risks. DevSecOps will become mainstream and security technologies designed for developers will dominate the security market.
President and Chief Product Officer, CA Technologies
The term "DevOps" continues to be used in too many situations and descriptors. For me, it's a cultural pattern grounded by "Collaboration, Automation, Measurement, and Sharing" (CAMS). In 2018, I think we will begin to see DevSecOps become the new DevOps. Security truly needs to be seamlessly embedded into the systems development life cycle (SDLC) and CI/CD pipeline, instead of an afterthought and a barrier to deployment.
DevSecOps will become commonplace. In 2017, few vendors have emerged and offered DevSecOps as a strategy to help enterprises secure their development projects. By 2018, this will become more commonplace. Instead of focusing on how to implement DevOps as an overall strategy, enterprises will begin to place a stronger emphasis on the importance of baking security throughout the DevOps lifecycle. By default, vendors will either offer this solution voluntarily or be asked to do so by customer request.
Head of Product, GitLab
DIGITAL SECURITY SHIFT LEFT
Digital security has become a boardroom-level issue — and it's only going to grow in importance as headline-worthy breaches alienate customers and draw government ire. But best-practices security requires more than just bolting better authentication and encryption onto your digital business after the fact. It requires that you build digital integrity directly into your code at every step along the way, from requirements through scrums and testing — DevSecOps. In fact, by using automation to build security checks into your DevOps pipeline earlier and more reliably, you can significantly reduce your organization's exposure to digital risk and reduce your total spending on late-stage application security mitigation tasks.
VP of DevOps Solution Marketing and Management, CA Technologies
DevOps continues to grow in usage and importance for enterprises of all sizes. Security teams need to understand that DevOps is quickly changing how IT operates and need to partner with IT and application development teams much earlier in the planning and execution lifecycle, building security into the DevOps pipeline instead of bolting on after the fact, which will create successful DevSecOps programs for organizations. Security teams that try to enable DevSecOps by procuring point solutions that don't integrate with existing security technologies, processes, and reporting will actually create even more security silos and introduce blockers that slow down the speed, agility, and automation that DevOps delivers.
VP of Product Management, Qualys
In major data breaches, from Uber to Accenture, information security teams often take the blame for the event. DevOps is now a mainstream too, and in 2018 DevOps teams will no longer get a pass if security incidents result from weak DevOps practices. We may see keys or certificates left unguarded, or encryption not enabled in an open source framework, leaving customer privacy unprotected. Whatever the reason, DevOps is no longer immune to security issues. In 2018, DevOps will change the way it views security. But it's going to take some time.
VP of Security Strategy and Threat Intelligence, Venafi
In 2018, the security teams will be included early in the DevOps process as the need to add this discipline is critical for today's enterprises.
SECURE BY DEFAULT
Secure by Default takes precedence over ease of use in DevOps. DevSecOps — or the merging of security with DevOps — is rising in prominence to combat omnipresent security vulnerabilities by incorporating preventative measures in the initial development stages. While there was previous tension between easy-to-use and secure-by-default solutions, security has become top of mind again for developers due to GDPR compliance and increasing data regulations. As NoSQL gains prominence in the enterprise space and databases are filled with more customer data, built-in security will continue to become increasingly important.
SVP of Engineering and CTO, Couchbase
SECURITY BAKED INTO DEVELOPER TOOLS
In 2018, the developer-security movement will focus on changes in the infrastructure, security operations and underline development tools, which will narrow down the options to mistakenly damage application security. This will allow better application security without changing the development process or slowing down TTM. We should not expect developers to be security experts, nor should we slow down the development process. Instead, we'll see security baked into developer tools to allow for rapid development, without violating application security.
VP R&D and Co-Founder, Dyadic
INTERACTIVE APPLICATION SECURITY TESTING (IAST)
In 2018 one major change we will see as it relates to Application Security (AppSec) is that there will be a reduction of organizations running their own dynamic application security testing (DAST). Many organizations will begin to leverage interactive application security testing (IAST), validating the results by running DAST-as-a-Service. Looking past 2018, the application security testing portfolio will continue to grow with an increase of statistic application security testing (SAS[[AA]] T) as part of the development environment. There will also be a stronger emphasis of security (Sec) into DevOps and will allow developers to take a more active role and ownership in identifying and remediating code vulnerabilities. The DevOps world will be the first to adapt IAST solutions that are able to leverage automation tests to deliver security analysis in real time.
Director of Product Marketing & Cyber Security Evangelist, Checkmarx
API SECURITY RISK
New security considerations related to the increase of APIs and open, interconnected platforms will rise in prominence next year. An ecosystem of publicly accessible APIs creates a huge attack surface for hackers in terms of denial of service and ransom attacks, as well as the potential for data breaches and data exfiltration. Major IoT hacks this past year have shown the consequences of a poor security posture and lacking investment in security in IoT product design. Unless the organizations working on the standardization of open APIs do their due diligence and make security a primary component of their specifications and platforms, the API economy will go down the same road. Without proper security in place, the connected future will fail and revert to a connected nightmare where hacks become a daily occurrence.
Security Evangelist, Radware
Read 2018 DevOps Predictions - Part 2, covering DevOps, BizDevOps, NoOps, and more.