Check Point® Software Technologies Ltd.(link is external) announced that U.S. News & World Report has named the company among its 2025-2026 list of Best Companies to Work For(link is external).
2020 DevSecOps Predictions - Part 2
January 14, 2020
As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 2 offers predictions about shifting left, automation and more.
Start with 2020 DevSecOps Predictions - Part 1
Start with 2020 DevOps Predictions
SHIFTING LEFT
It's time for DevSecOps to really start catching on. The increase in cyber incidents should be enough warning for organizations that they have to start doing a better job with cybersecurity and AppSec. DevSecOps means getting security to permeate your entire process and organization. Part of this is testing early and often, which is achieved with technologies like service virtualization and modern test automation tools. Organizations that are serious about security will shift even further left by building code and systems that are more secure in the first place. This will be done like other industries by relying on known best practices as embodied in proven quality, safety, and security coding standards like MISRA, UL 2900, and CERT.
Arthur Hicken
Evangelist, Parasoft(link is external)
Security will continue to "Shift Left" (with a little help from the cloud). The rise of cloud infrastructure will be a positive force in driving this change. DevOps will help — ensuring the value of security is front and center. As security is tackled early in the development process, companies will no longer be able to sidestep or delay security processes and procedures, let alone question if they're affordable.
Tim Armandpour
SVP of Engineering, PagerDuty(link is external)
DevSecOps will shift left as enterprises prioritize security and employee privacy: A reported 53% of online users are currently more concerned about their online privacy compared to a year ago. With heightened privacy concerns, there will be an increased focus on addressing both corporate security and user privacy concerns much earlier in the development cycle. Dev teams will start investigating tech that provides granular controls that address both security and privacy, such as app level security. In parallel, teams will also investigate how to automate security integration into the development lifecycle. Cybersecurity programming skills are in short supply and there is no cost effective way for teams to address the growing dev demands through solely manual coding. Having security automatically integrated addresses the mundane nature of certain repeatable processes, freeing up developer time. More importantly, automation that brings in security tech early in the lifecycle allows the entire solution to be tested at once, again saving dev cycles. If security isn't shifted left (i.e., brought into the dev cycle early) testing will have to be repeated once security is added in.
Nikfar Khaleeli
VP of Products, Blue Cedar(link is external)
THINKING RIGHT
There are more apps in production than before, and the risk of apps being breached at this stage is at an all-time high. Apps in production are most vulnerable, with a higher time to fix and window of exposure. Plus, with most development teams short on resources, it's often hard for them to focus on the security aspect. Therefore, these apps are easy for hackers to exploit. In fact, an average of more than 50% of apps are always vulnerable for organizations that don't have the right secure development practices in place. When you "think right" you are: starting with highest-risk apps in production to find and fix vulnerabilities; incorporating security measures at the most critical points in the software lifecycle (SLC), starting with production ; integrating security throughout the SLC from production all the way to development. In 2020, we will see this approach being adopted more widely.
Setu Kulkarni
VP, Strategy and Business Development, WhiteHat Security(link is external)
AUTOMATION OF SECURITY
We're going to see security engineering — DevSecOps — become actual practice. Teams will be writing more code that automates security controls and compliance requirements. The need here is inevitable and urgent: because so much of this cloud-native world is highly dynamic, with so many moving parts, we can no longer get by with people manually doing security or compliance checks. Security and compliance controls must be automated if we are going to truly realize the time-to-market promise of containerization.
Tim Hinrichs
CTO and Co-Founder, Styra(link is external)
In 2020, we will see organizations automating enforcement, remediation, and response as it relates to cybersecurity. Trying to "Shift Left," cover the middle, and respond to runtime attacks is simply too much to handle without tapping into the power of automation. At the same time, security automation is risky. What if you disrupt services and cause an outage? Now that we have automated most every other piece in the development lifecycle, it's time to figure out how to take security automation to the next level. Just as technology and automation has empowered developers and applications, it too will empower security. In 2020, we will see the difficult and complex security issues addressed with automation. This will extend from early enforcement before deployment, to continuous security of infrastructure, to automating incident response at run-time.
James Condon
Director of Research, Lacework(link is external)
Security "policy as code" — and overall, easier security automation — will change how DevOps (and DevSecOps) teams approach container security in 2020. Kubernetes ConfigMaps and Custom Resource Definitions (CRDs) are making it possible for configurations and rules to be automated right into the CI/CD and DevOps pipeline. Because of this, DevOps teams in 2020 will be much better equipped to analyze application behavior and set security policies for any and all workload deployments via YAML files. Expect this evolution of more efficient and automated security integration processes to be a particularly welcome change for DevOps.
Gary Duan
CTO, NeuVector(link is external)
DEVSECOPS BUILT INTO CI
With the rising number of data breaches and increased emphasis on data privacy regulations such as PSD2 and GDPR both in the US and globally, DevOps-savvy organizations will be forced to prioritize diligence in security measures over time to market in the year ahead. As new regulations are put into place, more application developers will be mandated to build strict security policies directly within code. There will be an uptick in DevOps tools that cater to automating more compliance-related tasks within infosec teams, thus incorporating security and compliance measures into every day CI (continuous integration) workflows.
Sid Phadkar
Senior Product Manager, Akamai(link is external)
DEVSECOPS UNLOCKS POWER OF THE CLOUD
As enterprises realize the necessity and opportunity of integrating security into the CI/CD pipeline in 2020, they will simultaneously unlock the promise of the cloud for extreme agility while improving overall security and compliance. As a bonus, doing this well can eliminate the historical conflict between application/development and security and turn it into a positive, beneficial collaboration.
Reuven Harrison
CTO and Co-founder, Tufin(link is external)
Industry News
June 05, 2025
June 05, 2025
Postman announced new capabilities that make it dramatically easier to design, test, deploy, and monitor AI agents and the APIs they rely on.
June 05, 2025
Opsera announced the expansion of its partnership with Databricks.
June 04, 2025
Postman announced Agent Mode, an AI-native assistant that delivers real productivity gains across the entire API lifecycle.
June 04, 2025
Progress Software announced the Q2 2025 release of Progress® Telerik® and Progress® Kendo UI®, the .NET and JavaScript UI libraries for modern application development.
June 04, 2025
Voltage Park announced the launch of its managed Kubernetes service.
June 04, 2025
Cobalt announced a set of powerful product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control.
June 03, 2025
LambdaTest announced its partnership with Assembla, a cloud-based platform for version control and project management.
June 03, 2025
Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security.
June 03, 2025
Workday announced a new unified, AI developer toolset to bring the power of Workday Illuminate directly into the hands of customer and partner developers, enabling them to easily customize and connect AI apps and agents on the Workday platform.
June 02, 2025
Pegasystems introduced Pega Agentic Process Fabric™, a service that orchestrates all AI agents and systems across an open agentic network for more reliable and accurate automation.
June 02, 2025
Fivetran announced that its Connector SDK now supports custom connectors for any data source.
June 02, 2025
Copado announced that Copado Robotic Testing is available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
May 29, 2025
Check Point® Software Technologies Ltd.(link is external) announced major advancements to its family of Quantum Force Security Gateways(link is external).
May 29, 2025
Sauce Labs announced the general availability of iOS 18 testing on its Virtual Device Cloud (VDC).
