SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 3 covers Kubernetes, APIs and more.
Start with 2020 DevSecOps Predictions - Part 1
Start with 2020 DevSecOps Predictions - Part 2
Start with 2020 DevOps Predictions
KUBERNETES ENHANCES SECURITY
While the initial adoption of Kuberentes has to do largely with enabling business innovation, the technology offers powerful opportunities to build security directly into the development process. Developers are realizing that if security isn't built in, they will suffer from undetected vulnerabilities, misconfigurations, or other factors out of their control.
Ali Golshan
CTO and Co-Founder, StackRox
DevOps and security teams are now understanding that the dynamic and ephemeral nature of cloud-native applications requires specialized capabilities to understand the moment-to-moment architecture of applications. As such, expect to see distributed tracing and Kubernetes audit log analysis to become standard requirements to manage vulnerabilities and misuse in K8s for DevOps in the upcoming months.
Gadi Naor
Founder and CTO, Alcide
Kubernetes continues to eat the CI/CD worlds. This means more and more companies are seeing the benefits of both containerization as their unit of deployment and Kubernetes as a means of orchestrating those units. These two things can be used to simplify the building, testing, and deployment of applications because they can be implemented in all three steps, as opposed to traditional methods with separate technologies and infrastructures. This trend will continue through 2020, even as FaaS takes off. An opportunity accompanies this — security initiatives will focus on integrating static scanning technologies (e.g. SAST, SCA, as well as configuration and secrets checkers) into these software-defined containers and build and deployment pipelines. Increased sophistication in operating Kubernetes will result in firms "baking in" more hardening and other security-enhancing actions into the packaging, deployment and service mesh creation. And, because these security controls are essentially embedded into orchestration, rather than conducted manually by operators, they are automatically and consistently applied, without fear of operator mistake or attrition.
Ernesto DiGiambattista
Founder, ZeroNorth
API SECURITY
Attacks on application programming interfaces (APIs) will increase in 2020, and business spend to secure them will spike as a result. Unsecure APIs can lead to exposure of massive information loads, from airline ticketing to online ordering. For example, two years ago, a large food retailer leaked nearly 37 million customer records due to unsecure access to its backend server and sequentially numbering customer records. This allowed for easy enumeration of the retailer's entire customer base. Further, just last year, more than 140 airlines had customer information compromised because the booking system allowed anyone to access passenger records just by changing an identifier in the URL. Expect to see an increase in business spend to secure APIs in the coming year to prevent these damaging attacks.
Jonathan DiVincenzo
VP of Product Management, Signal Sciences
API management is ripe for automation with new AI capabilities that protect and control APIs in an intelligent way. This might include API policies that reconfigure dynamically based on traffic, security threats, and identified patterns.
Ann Marie Bond
Senior Manager, Product Management, Software AG
SECURITY FOR SERVERLESS ENVIRONMENTS
Expect serverless adoption to increase — even more than it already has — throughout 2020. The advantages of serverless for reducing operational complexity, enabling greater DevOps efficiency and agility, and delivering better cost efficiencies are becoming (rightfully) too tempting for enterprises to pass up. But DevOps teams in 2020 will also need to develop security strategies that match serverless' specific requirements. I predict many DevOps will find out the hard way that serverless deployments differ considerably from traditional server or containerized deployments. More specifically, serverless architecture does not allow for firewalls, instrumentation agents, IDS or IPS solutions, or other more traditional server security tools. Therefore, implementing an effective and dedicated security solution will become a vital concern for any organization deploying serverless environments in 2020.
Gary Duan
CTO, NeuVector
APPLICATION SECURITY TESTING (AST)
With very high level breaches and hacks happening across industries, application security testing (AST) has become a critical topic of concern. This is giving a high impetus to implementation of practices such as DevSecOps. To keep the complex applications safe, and yet meet the tight go-to-market deadlines, organizations must continuously accelerate efforts to integrate and automate AST across SDLC.
Rajesh Sarangapani
AVP, Cigniti Technologies
DEVSECOPS TOOLS: ZERO VULNERABILITIES
Based on IT Central Station user reviews of DevSecOps solutions, we can expect to see continued improvements in security and code quality next year. Developers and architects reviewing the solution would like the solution to go a step further. They would like their DevSecOps solutions to have zero vulnerabilities with minimal false positives, and the vendors who can build these features into their solutions will likely gain the support of more technical users in 2020.
Russell Rothstein
Founder and CEO, IT Central Station
SECURITY BOTS
The next level of security control is bots that sit in your network, constantly monitoring behavior and use machine learning to determine patterns that are threats.
Ann Marie Bond
Senior Manager, Product Management, Software AG
Industry News
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.
Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.