2020 DevSecOps Predictions - Part 1
January 13, 2020

As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020.

Start with 2020 DevOps Predictions

BIZDEVSECOPS 2020

2019 marked a year of record breaking losses due to over zealous digital transformation issues. Issues created by lack of communication and visibility across the silos being key contributors. 2020 will mark the year of the Digital Transformation winners like the NFL being shined a light on. The year the 70-80% of Fortune 2000 failing at digital transformation, their vendors, and advisors — will take pause to think outside the box. They will finally realize that doing the same thing over and over while expecting a different result is the very definition of insanity and their inherent failure. 2020 will be the pivotal year for the Business, Security, Dev and Ops teams to work together to overcome the visibility challenges across their organizations causing the mass losses in planning and predictions. Tools that enable data integration across licensing, cloud, costs, and resources will further consolidate and the real data platform vendors will start to solve the Digital Dilemma once and for all.
Jeanne Morain
Author and Strategist, iSpeak Cloud

SECURE BY DESIGN

In 2020, the principle of "secure by design" will attract greater attention, as it is a core cloud-native computing principle. DevSecOps will thus be less of a difficult combination of security and DevOps, and more of a business and architecture-driven approach that becomes an essential driver of appdev.
Jason Bloomberg
President, Intellyx

DEVOPS AND DEVSECOPS CONVERGENCE

DevOps will become part of every security discussion and security will become a part of every DevOps discussion. We will no longer need to use and explain the term DevSecOps.
Brian Dawson
DevOps Evangelist and Product Suite Marketing, CloudBees

CISO JOINS THE DEVOPS TEAM

The Chief Information Security Officer (CISO) will be part of the DevOps team, influencing a holistic approach to security within DevOps pipelines. Just as DevOps strives to deliver value quickly to the customer, it has the potential to unintentionally introduce security vulnerabilities quickly as well. This has spurred DevOps teams to embed security testing in the DevOps pipeline, increasing the sense of shared responsibility for security. Over the course of 2020, any remaining barriers between CISO staff and DevOps teams will be broken down, with CISO staff becoming full-fledged members of the DevOps team. Security will no longer be a bolt-on activity, and will become a standard component of any DevOps pipeline. Through closer cooperation with the CISO, DevOps security testing will go beyond static and dynamic application security testing (SAST and DAST) and adherence to corporate and regulatory policies. Acknowledging that no software is immune to attack, continuous testing will also include regular, proactive testing of security incident response and damage control protocols, to ensure that any breach can be contained immediately and its effects and costs limited.
Malcom Isaacs
Senior Solutions Manager, Application Delivery Management, Micro Focus

DEVSECOPS MERGES WITH ENGINEERING

At a high level, SaaS apps have highly tailored needs when it comes to information security and protecting customer data, and will require guidance and prioritization from product teams. Implementing these InfoSec needs will require the expertise of the security team, as well as resources of the engineering team, which are allocated by the product teams. Therefore, I predict that DevSecOps will merge into engineering and be guided by product. Currently, this is from an operational point of view due to the proximity to DevOps' technical capabilities. However, I see it as a strong business need that requires product and customer knowledge, to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.
Shahar Ben Hador
VP, Product Management, Exabeam

AIOPS UNIFIES SECURITY AND OPS

DevOps organizations continue to adopt AIOps solutions at a rapid clip. SIEM vendors are exploring how AI/ML technology can add operational intelligence to their security event-driven processes. 2020 will see these two parallel drives begin to intersect. AIOps tools will begin to unify IT Operations and Information Security against the explosion of next-generation zero-day threats. The challenges of modern IT environments (i.e. multi-cloud, serverless, etc.) and continued vendor innovation will both fuel this trend.
Richard Whitehead
Chief Evangelist, Moogsoft

SHARED SECURITY RESPONSIBILITY

Until the "shared security responsibility" among teams is complete, we will continue to face serious breaches. Now that a cultural shift has broken down the specialization between development and security teams, creating an environment of shared responsibility, infrastructure as code and orchestration has become more challenging. The truth is, it's not always clear what security responsibilities fall on Dev, Ops — or to both acting in concert. Until we see a re-balancing of security responsibilities explicitly into this shared model, we're going to see stuff fall through the cracks and result in serious breaches. Some organizations have focused on containers as a single point of control and means of addressing this complexity, but containers frequently don't provide the visibility and resolution to tackle security comprehensively.
Ernesto DiGiambattistaFounder, ZeroNorth

PRIORITIZATION

Security organizations will begin accepting that there is just too much to do, and not enough resources. Teams will start looking for methods to make the overall process less demanding as well as for new techniques to allocate resources most effectively. Vendors will start to focus more on making the process easier, while teams will start to lean more on defense in depth than perhaps they were previously. Prioritization techniques and frameworks will start having a seat at the front of the table. Asset management, discovery, and documentation will continue to be a challenge for enterprise organizations
Bryan Becker
Product Manager, WhiteHat Security

Go to 2020 DevSecOps Predictions - Part 2

Share this

Industry News

April 02, 2020

VMware announced the general availability of VMware vSphere 7, the biggest evolution of vSphere in over a decade.

April 02, 2020

Grafana Labs announced that Cortex v1.0 is generally available for production use.

April 02, 2020

IT Revolution announced new dates, extended pricing and its first round of confirmed speakers for DevOps Enterprise Summit Las Vegas 2020. Hosted at The Cosmopolitan of Las Vegas, DevOps Enterprise Summit will now take place November 9-11, 2020.

April 01, 2020

Compuware Corporation announced new capabilities that enable application development teams to automate performance tests early in the development lifecycle, helping large enterprises speed time to market and improve application performance—while decreasing the significant and unnecessary cost of wasted time.

April 01, 2020

PlanetScale released the newest version of PlanetScaleDB, a multi-cloud database.

April 01, 2020

Datawire announced the newest release of Ambassador Edge Stack that is designed to speed up the inner development loop.

March 31, 2020

Push Technology will provide Diffusion Cloud, Push Technology’s Real-Time API Management Cloud Platform, free for all existing customers and new customers developing systems in the cloud during these challenging times.

March 31, 2020

Rancher Labs announced the general availability of Rancher 2.4.

March 31, 2020

Kasten announced the general availability of Kasten K10 v2.5.

March 30, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced a new Open Testing program that removes the prerequisite of leveraging formal courseware to achieve certifications from DevOps Institute's extensive portfolio.

March 30, 2020

Oracle announced the general availability of Java 14 (Oracle JDK 14).

March 30, 2020

Akamai announced March 2020 updates to the Akamai Intelligent Edge Platform.

March 26, 2020

Redgate’s new SQL Monitor now ensures that DevOps teams can monitor and track deployments at all times.

March 26, 2020

Split Software announced a two-way data integration with Google Analytics that can instantly detect performance issues caused by new features.

March 26, 2020

Cloudreach earned the Kubernetes on Microsoft Azure advanced specialization.