2020 DevSecOps Predictions - Part 3
January 15, 2020

As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 3 covers Kubernetes, APIs and more.

Start with 2020 DevSecOps Predictions - Part 1

Start with 2020 DevSecOps Predictions - Part 2

Start with 2020 DevOps Predictions

KUBERNETES ENHANCES SECURITY

While the initial adoption of Kuberentes has to do largely with enabling business innovation, the technology offers powerful opportunities to build security directly into the development process. Developers are realizing that if security isn't built in, they will suffer from undetected vulnerabilities, misconfigurations, or other factors out of their control.
Ali Golshan
CTO and Co-Founder, StackRox

DevOps and security teams are now understanding that the dynamic and ephemeral nature of cloud-native applications requires specialized capabilities to understand the moment-to-moment architecture of applications. As such, expect to see distributed tracing and Kubernetes audit log analysis to become standard requirements to manage vulnerabilities and misuse in K8s for DevOps in the upcoming months.
Gadi Naor
Founder and CTO, Alcide

Kubernetes continues to eat the CI/CD worlds. This means more and more companies are seeing the benefits of both containerization as their unit of deployment and Kubernetes as a means of orchestrating those units. These two things can be used to simplify the building, testing, and deployment of applications because they can be implemented in all three steps, as opposed to traditional methods with separate technologies and infrastructures. This trend will continue through 2020, even as FaaS takes off. An opportunity accompanies this — security initiatives will focus on integrating static scanning technologies (e.g. SAST, SCA, as well as configuration and secrets checkers) into these software-defined containers and build and deployment pipelines. Increased sophistication in operating Kubernetes will result in firms "baking in" more hardening and other security-enhancing actions into the packaging, deployment and service mesh creation. And, because these security controls are essentially embedded into orchestration, rather than conducted manually by operators, they are automatically and consistently applied, without fear of operator mistake or attrition.
Ernesto DiGiambattista
Founder, ZeroNorth

API SECURITY

Attacks on application programming interfaces (APIs) will increase in 2020, and business spend to secure them will spike as a result. Unsecure APIs can lead to exposure of massive information loads, from airline ticketing to online ordering. For example, two years ago, a large food retailer leaked nearly 37 million customer records due to unsecure access to its backend server and sequentially numbering customer records. This allowed for easy enumeration of the retailer's entire customer base. Further, just last year, more than 140 airlines had customer information compromised because the booking system allowed anyone to access passenger records just by changing an identifier in the URL. Expect to see an increase in business spend to secure APIs in the coming year to prevent these damaging attacks.
Jonathan DiVincenzo
VP of Product Management, Signal Sciences

API management is ripe for automation with new AI capabilities that protect and control APIs in an intelligent way. This might include API policies that reconfigure dynamically based on traffic, security threats, and identified patterns.
Ann Marie Bond
Senior Manager, Product Management, Software AG

SECURITY FOR SERVERLESS ENVIRONMENTS

Expect serverless adoption to increase — even more than it already has — throughout 2020. The advantages of serverless for reducing operational complexity, enabling greater DevOps efficiency and agility, and delivering better cost efficiencies are becoming (rightfully) too tempting for enterprises to pass up. But DevOps teams in 2020 will also need to develop security strategies that match serverless' specific requirements. I predict many DevOps will find out the hard way that serverless deployments differ considerably from traditional server or containerized deployments. More specifically, serverless architecture does not allow for firewalls, instrumentation agents, IDS or IPS solutions, or other more traditional server security tools. Therefore, implementing an effective and dedicated security solution will become a vital concern for any organization deploying serverless environments in 2020.
Gary Duan
CTO, NeuVector

APPLICATION SECURITY TESTING (AST)

With very high level breaches and hacks happening across industries, application security testing (AST) has become a critical topic of concern. This is giving a high impetus to implementation of practices such as DevSecOps. To keep the complex applications safe, and yet meet the tight go-to-market deadlines, organizations must continuously accelerate efforts to integrate and automate AST across SDLC.
Rajesh Sarangapani
AVP, Cigniti Technologies

DEVSECOPS TOOLS: ZERO VULNERABILITIES

Based on IT Central Station user reviews of DevSecOps solutions, we can expect to see continued improvements in security and code quality next year. Developers and architects reviewing the solution would like the solution to go a step further. They would like their DevSecOps solutions to have zero vulnerabilities with minimal false positives, and the vendors who can build these features into their solutions will likely gain the support of more technical users in 2020.
Russell Rothstein
Founder and CEO, IT Central Station

SECURITY BOTS

The next level of security control is bots that sit in your network, constantly monitoring behavior and use machine learning to determine patterns that are threats.
Ann Marie Bond
Senior Manager, Product Management, Software AG

Share this

Industry News

July 01, 2020

JFrog announced the launch of ChartCenter, a free, security-focused central repository of Helm charts for the community.

July 01, 2020

Kong announced a significant upgrade to open source Kuma, Kuma 0.6, available today.

July 01, 2020

Compuware Corporation, a BMC company, announced new capabilities that further automate and integrate test data and test case execution, empowering IT teams to achieve high-performance application development quality, velocity and efficiency.

June 30, 2020

Couchbase announced the general availability of Couchbase Cloud, a fully-managed Database-as-a-Service (DBaaS).

June 30, 2020

Split Software announced new capabilities designed to accelerate the adoption of feature flags in large-scale organizations.

June 30, 2020

WhiteHat Security announced a discounted Web + Mobile Application Security bundle to help organizations secure the digital future.

June 29, 2020

Puppet introduced the public beta availability of Relay, an event-driven automation platform.

June 29, 2020

D2iQ introduced KUDO for Kubeflow to simplify and accelerate machine learning (ML) deployments on Kubernetes.

June 29, 2020

Codefresh announced $27M in new funding led by Red Dot Capital Partners.

June 25, 2020

Micro Focus announced the general availability of Visual COBOL 6.0 and Enterprise Suite 6.0, providing versatile application, process and infrastructure modernization solutions for today’s enterprise developer.

June 25, 2020

SaltStack announced new features available in SaltStack Enterprise 6.3 that integrate best-of-breed IT monitoring and vulnerability management solutions, including Splunk, Tenable, Qualys, Rapid7, and Kenna Security.

June 25, 2020

Keysight Technologies has completed the acquisition of Eggplant from The Carlyle Group.

June 24, 2020

JFrog unveiled new capabilities to address the growing problem of software distribution bottlenecks. The newly introduced CDN-based and Peer-to-Peer software package distribution mechanisms empower companies to overcome the challenge of frequently delivering large volumes of artifacts to internal teams and external clients.

June 24, 2020

Copado announced its Summer 20 release to accelerate, optimize and measure innovation delivery on the Salesforce platform.

June 24, 2020

Bugsnag launched Stability Center, a centralized location that offers a holistic view into stability stats and trends across releases for multiple client and server-side applications.