2020 DevSecOps Predictions - Part 3
January 15, 2020

As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 3 covers Kubernetes, APIs and more.

Start with 2020 DevSecOps Predictions - Part 1

Start with 2020 DevSecOps Predictions - Part 2

Start with 2020 DevOps Predictions

KUBERNETES ENHANCES SECURITY

While the initial adoption of Kuberentes has to do largely with enabling business innovation, the technology offers powerful opportunities to build security directly into the development process. Developers are realizing that if security isn't built in, they will suffer from undetected vulnerabilities, misconfigurations, or other factors out of their control.
Ali Golshan
CTO and Co-Founder, StackRox

DevOps and security teams are now understanding that the dynamic and ephemeral nature of cloud-native applications requires specialized capabilities to understand the moment-to-moment architecture of applications. As such, expect to see distributed tracing and Kubernetes audit log analysis to become standard requirements to manage vulnerabilities and misuse in K8s for DevOps in the upcoming months.
Gadi Naor
Founder and CTO, Alcide

Kubernetes continues to eat the CI/CD worlds. This means more and more companies are seeing the benefits of both containerization as their unit of deployment and Kubernetes as a means of orchestrating those units. These two things can be used to simplify the building, testing, and deployment of applications because they can be implemented in all three steps, as opposed to traditional methods with separate technologies and infrastructures. This trend will continue through 2020, even as FaaS takes off. An opportunity accompanies this — security initiatives will focus on integrating static scanning technologies (e.g. SAST, SCA, as well as configuration and secrets checkers) into these software-defined containers and build and deployment pipelines. Increased sophistication in operating Kubernetes will result in firms "baking in" more hardening and other security-enhancing actions into the packaging, deployment and service mesh creation. And, because these security controls are essentially embedded into orchestration, rather than conducted manually by operators, they are automatically and consistently applied, without fear of operator mistake or attrition.
Ernesto DiGiambattista
Founder, ZeroNorth

API SECURITY

Attacks on application programming interfaces (APIs) will increase in 2020, and business spend to secure them will spike as a result. Unsecure APIs can lead to exposure of massive information loads, from airline ticketing to online ordering. For example, two years ago, a large food retailer leaked nearly 37 million customer records due to unsecure access to its backend server and sequentially numbering customer records. This allowed for easy enumeration of the retailer's entire customer base. Further, just last year, more than 140 airlines had customer information compromised because the booking system allowed anyone to access passenger records just by changing an identifier in the URL. Expect to see an increase in business spend to secure APIs in the coming year to prevent these damaging attacks.
Jonathan DiVincenzo
VP of Product Management, Signal Sciences

API management is ripe for automation with new AI capabilities that protect and control APIs in an intelligent way. This might include API policies that reconfigure dynamically based on traffic, security threats, and identified patterns.
Ann Marie Bond
Senior Manager, Product Management, Software AG

SECURITY FOR SERVERLESS ENVIRONMENTS

Expect serverless adoption to increase — even more than it already has — throughout 2020. The advantages of serverless for reducing operational complexity, enabling greater DevOps efficiency and agility, and delivering better cost efficiencies are becoming (rightfully) too tempting for enterprises to pass up. But DevOps teams in 2020 will also need to develop security strategies that match serverless' specific requirements. I predict many DevOps will find out the hard way that serverless deployments differ considerably from traditional server or containerized deployments. More specifically, serverless architecture does not allow for firewalls, instrumentation agents, IDS or IPS solutions, or other more traditional server security tools. Therefore, implementing an effective and dedicated security solution will become a vital concern for any organization deploying serverless environments in 2020.
Gary Duan
CTO, NeuVector

APPLICATION SECURITY TESTING (AST)

With very high level breaches and hacks happening across industries, application security testing (AST) has become a critical topic of concern. This is giving a high impetus to implementation of practices such as DevSecOps. To keep the complex applications safe, and yet meet the tight go-to-market deadlines, organizations must continuously accelerate efforts to integrate and automate AST across SDLC.
Rajesh Sarangapani
AVP, Cigniti Technologies

DEVSECOPS TOOLS: ZERO VULNERABILITIES

Based on IT Central Station user reviews of DevSecOps solutions, we can expect to see continued improvements in security and code quality next year. Developers and architects reviewing the solution would like the solution to go a step further. They would like their DevSecOps solutions to have zero vulnerabilities with minimal false positives, and the vendors who can build these features into their solutions will likely gain the support of more technical users in 2020.
Russell Rothstein
Founder and CEO, IT Central Station

SECURITY BOTS

The next level of security control is bots that sit in your network, constantly monitoring behavior and use machine learning to determine patterns that are threats.
Ann Marie Bond
Senior Manager, Product Management, Software AG

Share this

Industry News

March 04, 2021

GrammaTech announced a technology partnership with GitLab, the single application for the DevOps lifecycle.

March 04, 2021

Exadel announced that Sun Capital Partners, a private investment firm, has completed an acquisition of the company.

March 04, 2021

Palo Alto Networks completed its acquisition of Bridgecrew, a developer-first cloud security company.

March 03, 2021

Red Hat announced the latest release of Red Hat Process Automation, which delivers new developer tooling, extended support for eventing and streaming for event-driven architectures (EDA) through integration with Apache Kafka, and new monitoring capabilities through heatmap dashboards.

March 03, 2021

Leaders of the software development industry announced the formation of the Value Stream Management Consortium (VSMC).

March 03, 2021

Delphix and GenRocket announced a technology alliance designed to fulfill the needs of enterprise customers who desire a comprehensive test data solution that improves software quality.

March 02, 2021

JFrog announced that its DevOps Platform tools – JFrog Artifactory and JFrog Xray – are available with native deployment templates for customers using AWS GovCloud (US) and Azure Government clouds.

March 02, 2021

Spectro Cloud announced support for existing Kubernetes environments, including clusters on public cloud services such as Amazon EKS, Azure AKS and Google GKE, has been added to the Spectro Cloud Kubernetes management platform.

March 02, 2021

Idera announced the acquisition of PreEmptive Solutions, LLC, a provider of application protection and security.

March 01, 2021

CloudBolt Software announced the launch of OneFuse Community Edition, a free version of its codeless integration platform for automating, integrating, and extending private and hybrid cloud infrastructures.

March 01, 2021

DBmaestro launched support for Snowflake, the Data Cloud company.

March 01, 2021

Platform9 closed Series-D funding with an additional $12.5 million for a total of $37.5 million.

February 25, 2021

Red Hat announced Red Hat OpenShift 4.7, the latest version of the company’s enterprise Kubernetes platform.

February 25, 2021

Granulate announced the release of its open-source platform, the G-Profiler, a production profiling solution that measures the performance of code in production applications to facilitate compute optimization.

February 25, 2021

Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).