GitLab announced the general availability of GitLab Duo Chat.
As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020.
Start with 2020 DevOps Predictions
BIZDEVSECOPS 2020
2019 marked a year of record breaking losses due to over zealous digital transformation issues. Issues created by lack of communication and visibility across the silos being key contributors. 2020 will mark the year of the Digital Transformation winners like the NFL being shined a light on. The year the 70-80% of Fortune 2000 failing at digital transformation, their vendors, and advisors — will take pause to think outside the box. They will finally realize that doing the same thing over and over while expecting a different result is the very definition of insanity and their inherent failure. 2020 will be the pivotal year for the Business, Security, Dev and Ops teams to work together to overcome the visibility challenges across their organizations causing the mass losses in planning and predictions. Tools that enable data integration across licensing, cloud, costs, and resources will further consolidate and the real data platform vendors will start to solve the Digital Dilemma once and for all.
Jeanne Morain
Author and Strategist, iSpeak Cloud
SECURE BY DESIGN
In 2020, the principle of "secure by design" will attract greater attention, as it is a core cloud-native computing principle. DevSecOps will thus be less of a difficult combination of security and DevOps, and more of a business and architecture-driven approach that becomes an essential driver of appdev.
Jason Bloomberg
President, Intellyx
DEVOPS AND DEVSECOPS CONVERGENCE
DevOps will become part of every security discussion and security will become a part of every DevOps discussion. We will no longer need to use and explain the term DevSecOps.
Brian Dawson
DevOps Evangelist and Product Suite Marketing, CloudBees
CISO JOINS THE DEVOPS TEAM
The Chief Information Security Officer (CISO) will be part of the DevOps team, influencing a holistic approach to security within DevOps pipelines. Just as DevOps strives to deliver value quickly to the customer, it has the potential to unintentionally introduce security vulnerabilities quickly as well. This has spurred DevOps teams to embed security testing in the DevOps pipeline, increasing the sense of shared responsibility for security. Over the course of 2020, any remaining barriers between CISO staff and DevOps teams will be broken down, with CISO staff becoming full-fledged members of the DevOps team. Security will no longer be a bolt-on activity, and will become a standard component of any DevOps pipeline. Through closer cooperation with the CISO, DevOps security testing will go beyond static and dynamic application security testing (SAST and DAST) and adherence to corporate and regulatory policies. Acknowledging that no software is immune to attack, continuous testing will also include regular, proactive testing of security incident response and damage control protocols, to ensure that any breach can be contained immediately and its effects and costs limited.
Malcom Isaacs
Senior Solutions Manager, Application Delivery Management, Micro Focus
DEVSECOPS MERGES WITH ENGINEERING
At a high level, SaaS apps have highly tailored needs when it comes to information security and protecting customer data, and will require guidance and prioritization from product teams. Implementing these InfoSec needs will require the expertise of the security team, as well as resources of the engineering team, which are allocated by the product teams. Therefore, I predict that DevSecOps will merge into engineering and be guided by product. Currently, this is from an operational point of view due to the proximity to DevOps' technical capabilities. However, I see it as a strong business need that requires product and customer knowledge, to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.
Shahar Ben Hador
VP, Product Management, Exabeam
AIOPS UNIFIES SECURITY AND OPS
DevOps organizations continue to adopt AIOps solutions at a rapid clip. SIEM vendors are exploring how AI/ML technology can add operational intelligence to their security event-driven processes. 2020 will see these two parallel drives begin to intersect. AIOps tools will begin to unify IT Operations and Information Security against the explosion of next-generation zero-day threats. The challenges of modern IT environments (i.e. multi-cloud, serverless, etc.) and continued vendor innovation will both fuel this trend.
Richard Whitehead
Chief Evangelist, Moogsoft
SHARED SECURITY RESPONSIBILITY
Until the "shared security responsibility" among teams is complete, we will continue to face serious breaches. Now that a cultural shift has broken down the specialization between development and security teams, creating an environment of shared responsibility, infrastructure as code and orchestration has become more challenging. The truth is, it's not always clear what security responsibilities fall on Dev, Ops — or to both acting in concert. Until we see a re-balancing of security responsibilities explicitly into this shared model, we're going to see stuff fall through the cracks and result in serious breaches. Some organizations have focused on containers as a single point of control and means of addressing this complexity, but containers frequently don't provide the visibility and resolution to tackle security comprehensively.
Ernesto DiGiambattistaFounder, ZeroNorth
PRIORITIZATION
Security organizations will begin accepting that there is just too much to do, and not enough resources. Teams will start looking for methods to make the overall process less demanding as well as for new techniques to allocate resources most effectively. Vendors will start to focus more on making the process easier, while teams will start to lean more on defense in depth than perhaps they were previously. Prioritization techniques and frameworks will start having a seat at the front of the table. Asset management, discovery, and documentation will continue to be a challenge for enterprise organizations
Bryan Becker
Product Manager, WhiteHat Security
Industry News
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.