2021 DevSecOps Predictions - Part 1
January 27, 2021

DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions:


In 2021 we expect to see the continued acceleration of Kubernetes deployment in production. As budgets become less constrained by concerns related to the pandemic and as enterprise confidence increases, cloud-native projects previously put on pause will start to resume. With that, we will see an additional increase in the holistic scale and scope of Kubernetes deployments. As such, demand for resources that support Kubernetes ecosystems, such as Kubernetes-native security controls, will also increase as they enable greater integration with DevOps and DevSecOps processes and methodologies. Accordingly, DevSecOps is no longer a niche strategy taking a backseat to DevOps — now it's a mass movement.
David Van Everen
VP of Marketing, StackRox

The year 2020 has been marked by the rapid progress of transformational DevOps paradigms such as: co-development in global communities, platform agnosticism, serverless computing, infrastructure-as-a-code, end-to-end workspace with unified experience across entire software lifecycle. That DevOps transformation has offered a unique opportunity for application security. For the first time in a decade, it is realistic to create and integrate security in a complete DevOps, thus making it DevSecOps. Absence of unified DevOps, along with absence of native tools, was an obstacle for Sec. Now, the obstacle has gone. A critical step toward DevSecOps has been taken by DevOps itself, which started offering its own application security technologies. Application security vendors, as well as open-source security communities, have started addressing this emerged opportunity as well. They have begun integrating their existing technologies in the unified DevOps, thus serving it with intermediate solutions (intermediate — because those solutions have not been designed for new pparadigms). At the same time, those security vendors/communities have been/will be rapidly developing native solutions for the emerged DevOps. Those combined efforts will assure that, through 2022, DevSecOps community grow bigger than in the previous ten years combined.
Joseph Feiman, PhD
Chief Strategy Officer, WhiteHat Security

The shift to remote work in 2020 moved digital transformations into high gear. However, as organizations eye the finish line, they're realizing the bottlenecks they removed to streamline development operations are just being replaced with new ones created due to security not being integrated into their workflows. 2021 will put SecDevOps at the top of every organization's must-do to realize the full benefits of their digital transformation. By automating their application security program in tandem with the existing development workflow, enterprises will realize that secure development operations are not just about reducing cyber-risk, but overall business risk by improving efficiency, reducing time-to-market, and accelerating revenue through de-risked project delivery. 
Brittany Greenfield
CEO & Founder, Wabbi

In 2021, we will see DevSecOps become more instrumental and have greater influence in secure application development and delivery. DevSecOps may be an oxymoron to some who don't believe it's possible to have both rapid and secure code delivery. However, DevSecOps' approach of building security into the rapid release cycles is proving to be successful at optimizing security while enabling business goals such as accelerating productivity. I believe it will be the key to allowing application security solutions to go beyond offering the best of breed protection, by also providing the required flexibility, automation, scale and elasticity that can play along the pace of continuous development cycles. This ultimately allows both security and DevOps staff to be successful supporting the company's business goals.
Ben Zilberman
Application Security Director, Radware

DevSecOps will penetrate the entire IT domain. DevSecOps has been about injecting safety in the development lifecycle, reducing any vulnerability and augmenting business value. The companies' shift to DevSecOps would bring in greater collaboration in the software development processes as it ensures that the software development process always remains immaculate, effective, and operative.
Aliaksandr Liakh
DevOps Software Engineer, Exadel


While Engineering, Product, and Operations have been unified as part of the DevOps movement, it'll be 2021 when Security finally joins the team.  As the policies and controls Security defines become part of the product requirements, Security will become embedded into DevOps workflows to become part of the acceptance criteria for work items in development and operations at every step of the SDLC. This is not just about operations embedding security tools into their continuous integration and deployment, but rather a full end-to-end integration of the processes through Secure DevOps (SecDevOps) orchestration. This keeps the team focused on winning the game of shipping quality product to market in a timely and efficient manner.
Kent Welch
VP of Engineering, Wabbi


Successfully executing a process as complicated as cloud-native app adoption requires the involvement of many different teams. Many enterprises think they only really need developer and DevOps teams to drive cloud-native app adoption. As a result, they end up with unsecured, poorly performing cloud-native apps, if they even get that far. In 2021, DevOps teams will deploy more collaborative infrastructure platforms that will enable them to bring in NetOps and SecOps to help "share the load, but without delays" to better transition to a successful cloud-native environment. These groups will collaborate far more effectively and openly than they have in the past.
Ankur Singla
CEO, Volterra


Looking ahead to 2021, it will no longer be sustainable for organizations to have such a distinct division between DevOps and security teams. Traditional approaches of passing code from development to production, with a security review before launch, are no longer seen as acceptable in an increasingly competitive digital marketplace, where speed, agility, and superior customer experience are paramount. This has been an ongoing challenge. DevOps teams are moving quickly while security teams, which are often much smaller than their DevOps counterparts, are struggling to keep up, ultimately creating friction between the groups. This friction often results in one team's goals being prioritized more highly than the others — usually DevOps being enabled to move quickly and bypass security. Without collaboration between the two groups, we see things like apps with critical vulnerabilities being deployed into production and solutions being released with no visibility into the compliance posture. In 2021, we will see organizations start to recognize the need to eliminate this friction and as a result, they will implement more processes that encourage early stage collaboration between DevOps and security. Security teams will find ways to encapsulate their requirements in language that DevOps teams understand and can consume as part of their design and build processes.
Jeremy Snyder
Senior Director of Business Development and Solution Engineers, Cloud Security, Rapid7

DevOps and DevSecOps evolve into "platform teams"

New "platform teams" will take the lead on enterprises' strategy for what historically been within the purview of cloud operations, security, and development tooling functions, to provide a higher-level abstraction to application developers. This frees the developers to focus on the business application itself, with less concern about the underlying infrastructure often required by DevOps-oriented teams. One challenge here will be finding the talent able to take this broader architectural view.
Liz Rice
VP Open Source Engineering, Aqua Security


Following the first-ever Cloud Native Data Management Day co-located with KubeCon NA 2020, we see data management capabilities like backup and disaster recovery becoming more integrated into the fabric of DevSecOps workflows. Capabilities that were considered a production afterthought will start shifting left with backup capabilities baked into "golden development stacks" providing automatic protection policies even for applications that might be added at a later time. With this enterprises will increasingly look at data as a core asset and will take cost arbitrage advantages for data computation across public and private clouds. This means enterprise ops teams will employ solutions that provide them the optionality of Kubernetes application mobility that can efficiently and holistically move entire applications, not just parts like storage subsystems or individual databases.
Gaurav Rishi,
Head of Product, Kasten by Veeam


DevSecOps will disappear and DevOps will have security baked in. Here is security that's relevant during coding and security that's relevant during operations but there has never been a separate "Sec" in DevOps. Both security activities will become an integral part of their respective "halves" of the DevOps loop.
Tobias Kunze
CEO and Co-Founder, Glasnostic

The fervor around DevSecOps will cool because the market and analysts will recognize that security in development, delivery and production needs to be built in at a fundamental level, thus obviating the need to think about DevSecOps as somehow separate from DevOps.
Tim Johnson
Senior Product Marketing Manager - CD, CloudBees

Go to 2021 DevSecOps Predictions - Part 2

Share this

Industry News

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.

May 11, 2022

Vultr announces that Vultr Kubernetes Engine (VKE) is generally available.

May 10, 2022

Docker announced new features and partnerships to increase developer productivity. Specifically, the company announced Docker Extensions which allow developers to discover and add complementary development tools to Docker Desktop.

May 10, 2022

Red Hat announced the general availability of Red Hat Ansible Automation Platform on Microsoft Azure, pairing hybrid cloud automation with the convenience and support of a managed offering.

May 10, 2022

The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, announced the general availability of Fedora Linux 36, the latest version of the fully open source Fedora operating system.

May 10, 2022

Progress announced the release of Progress Chef Cloud Security, extending DevSecOps with compliance support for native cloud assets and enabling end-to-end management of all on premise, cloud and native cloud resources.

This new offering is complemented with new capabilities across the Chef portfolio targeting DevOps success in the most demanding and complex enterprise deployments.

May 10, 2022

Platform9 announced new platform capabilities in Platform9 5.5 that make it easier for cloud-native development and operations teams to build, scale, and operate apps and Kubernetes clusters in the cloud, on-premises, and at the edge.

May 09, 2022

Red Hat and Accenture have expanded their nearly 12 year strategic partnership to further power open hybrid cloud innovation for enterprises worldwide.

May 09, 2022

Opsera has partnered with Mindtree.

May 09, 2022

Mendix announced that Mendix Workflow for process automation is now generally available.