2020 DevSecOps Predictions - Part 1
January 13, 2020

As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020.

Start with 2020 DevOps Predictions

BIZDEVSECOPS 2020

2019 marked a year of record breaking losses due to over zealous digital transformation issues. Issues created by lack of communication and visibility across the silos being key contributors. 2020 will mark the year of the Digital Transformation winners like the NFL being shined a light on. The year the 70-80% of Fortune 2000 failing at digital transformation, their vendors, and advisors — will take pause to think outside the box. They will finally realize that doing the same thing over and over while expecting a different result is the very definition of insanity and their inherent failure. 2020 will be the pivotal year for the Business, Security, Dev and Ops teams to work together to overcome the visibility challenges across their organizations causing the mass losses in planning and predictions. Tools that enable data integration across licensing, cloud, costs, and resources will further consolidate and the real data platform vendors will start to solve the Digital Dilemma once and for all.
Jeanne Morain
Author and Strategist, iSpeak Cloud

SECURE BY DESIGN

In 2020, the principle of "secure by design" will attract greater attention, as it is a core cloud-native computing principle. DevSecOps will thus be less of a difficult combination of security and DevOps, and more of a business and architecture-driven approach that becomes an essential driver of appdev.
Jason Bloomberg
President, Intellyx

DEVOPS AND DEVSECOPS CONVERGENCE

DevOps will become part of every security discussion and security will become a part of every DevOps discussion. We will no longer need to use and explain the term DevSecOps.
Brian Dawson
DevOps Evangelist and Product Suite Marketing, CloudBees

CISO JOINS THE DEVOPS TEAM

The Chief Information Security Officer (CISO) will be part of the DevOps team, influencing a holistic approach to security within DevOps pipelines. Just as DevOps strives to deliver value quickly to the customer, it has the potential to unintentionally introduce security vulnerabilities quickly as well. This has spurred DevOps teams to embed security testing in the DevOps pipeline, increasing the sense of shared responsibility for security. Over the course of 2020, any remaining barriers between CISO staff and DevOps teams will be broken down, with CISO staff becoming full-fledged members of the DevOps team. Security will no longer be a bolt-on activity, and will become a standard component of any DevOps pipeline. Through closer cooperation with the CISO, DevOps security testing will go beyond static and dynamic application security testing (SAST and DAST) and adherence to corporate and regulatory policies. Acknowledging that no software is immune to attack, continuous testing will also include regular, proactive testing of security incident response and damage control protocols, to ensure that any breach can be contained immediately and its effects and costs limited.
Malcom Isaacs
Senior Solutions Manager, Application Delivery Management, Micro Focus

DEVSECOPS MERGES WITH ENGINEERING

At a high level, SaaS apps have highly tailored needs when it comes to information security and protecting customer data, and will require guidance and prioritization from product teams. Implementing these InfoSec needs will require the expertise of the security team, as well as resources of the engineering team, which are allocated by the product teams. Therefore, I predict that DevSecOps will merge into engineering and be guided by product. Currently, this is from an operational point of view due to the proximity to DevOps' technical capabilities. However, I see it as a strong business need that requires product and customer knowledge, to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.
Shahar Ben Hador
VP, Product Management, Exabeam

AIOPS UNIFIES SECURITY AND OPS

DevOps organizations continue to adopt AIOps solutions at a rapid clip. SIEM vendors are exploring how AI/ML technology can add operational intelligence to their security event-driven processes. 2020 will see these two parallel drives begin to intersect. AIOps tools will begin to unify IT Operations and Information Security against the explosion of next-generation zero-day threats. The challenges of modern IT environments (i.e. multi-cloud, serverless, etc.) and continued vendor innovation will both fuel this trend.
Richard Whitehead
Chief Evangelist, Moogsoft

SHARED SECURITY RESPONSIBILITY

Until the "shared security responsibility" among teams is complete, we will continue to face serious breaches. Now that a cultural shift has broken down the specialization between development and security teams, creating an environment of shared responsibility, infrastructure as code and orchestration has become more challenging. The truth is, it's not always clear what security responsibilities fall on Dev, Ops — or to both acting in concert. Until we see a re-balancing of security responsibilities explicitly into this shared model, we're going to see stuff fall through the cracks and result in serious breaches. Some organizations have focused on containers as a single point of control and means of addressing this complexity, but containers frequently don't provide the visibility and resolution to tackle security comprehensively.
Ernesto DiGiambattistaFounder, ZeroNorth

PRIORITIZATION

Security organizations will begin accepting that there is just too much to do, and not enough resources. Teams will start looking for methods to make the overall process less demanding as well as for new techniques to allocate resources most effectively. Vendors will start to focus more on making the process easier, while teams will start to lean more on defense in depth than perhaps they were previously. Prioritization techniques and frameworks will start having a seat at the front of the table. Asset management, discovery, and documentation will continue to be a challenge for enterprise organizations
Bryan Becker
Product Manager, WhiteHat Security

Go to 2020 DevSecOps Predictions - Part 2

Share this

Industry News

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

November 23, 2020

Fugue announced the availability of its SaaS product in AWS Marketplace, further simplifying the process for Amazon Web Services customers to use Fugue to bring their environments into compliance quickly, demonstrate compliance at any time, and Shift Left on cloud security.

November 19, 2020

Rollbar announced AI-assisted workflows powered by its new automation-grade grouping engine.

November 19, 2020

Buildkite expanded its integration with GitHub and introduced a new onboarding experience.

November 19, 2020

Rancher Labs launched a new Partner Program for the OEM and embedded community.

November 18, 2020

Puppet announced its evolution to an integrated automation platform to enable key business initiatives such as scaling DevOps, risk reduction, policy as code, and evolving cloud strategies.

November 18, 2020

Adaptavist has joined the GitLab partner program as a Select partner.

November 18, 2020

Postman launched the beta version of public workspaces, a hub that makes it possible for both API producers and consumers to seamlessly communicate and collaborate in real time without team or organizational boundaries.

November 17, 2020

Red Hat introduced new capabilities for Red Hat Enterprise Linux and Red Hat OpenShift intended to help enterprises bring edge computing into hybrid cloud deployments.

November 17, 2020

Humio announced the availability of the Humio Operator.

November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.