JFrog announced that its DevOps Platform tools – JFrog Artifactory and JFrog Xray – are available with native deployment templates for customers using AWS GovCloud (US) and Azure Government clouds.
DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions:
DEVSECOPS BECOMES MASS MOVEMENT
In 2021 we expect to see the continued acceleration of Kubernetes deployment in production. As budgets become less constrained by concerns related to the pandemic and as enterprise confidence increases, cloud-native projects previously put on pause will start to resume. With that, we will see an additional increase in the holistic scale and scope of Kubernetes deployments. As such, demand for resources that support Kubernetes ecosystems, such as Kubernetes-native security controls, will also increase as they enable greater integration with DevOps and DevSecOps processes and methodologies. Accordingly, DevSecOps is no longer a niche strategy taking a backseat to DevOps — now it's a mass movement.
David Van Everen
VP of Marketing, StackRox
The year 2020 has been marked by the rapid progress of transformational DevOps paradigms such as: co-development in global communities, platform agnosticism, serverless computing, infrastructure-as-a-code, end-to-end workspace with unified experience across entire software lifecycle. That DevOps transformation has offered a unique opportunity for application security. For the first time in a decade, it is realistic to create and integrate security in a complete DevOps, thus making it DevSecOps. Absence of unified DevOps, along with absence of native tools, was an obstacle for Sec. Now, the obstacle has gone. A critical step toward DevSecOps has been taken by DevOps itself, which started offering its own application security technologies. Application security vendors, as well as open-source security communities, have started addressing this emerged opportunity as well. They have begun integrating their existing technologies in the unified DevOps, thus serving it with intermediate solutions (intermediate — because those solutions have not been designed for new pparadigms). At the same time, those security vendors/communities have been/will be rapidly developing native solutions for the emerged DevOps. Those combined efforts will assure that, through 2022, DevSecOps community grow bigger than in the previous ten years combined.
Joseph Feiman, PhD
Chief Strategy Officer, WhiteHat Security
The shift to remote work in 2020 moved digital transformations into high gear. However, as organizations eye the finish line, they're realizing the bottlenecks they removed to streamline development operations are just being replaced with new ones created due to security not being integrated into their workflows. 2021 will put SecDevOps at the top of every organization's must-do to realize the full benefits of their digital transformation. By automating their application security program in tandem with the existing development workflow, enterprises will realize that secure development operations are not just about reducing cyber-risk, but overall business risk by improving efficiency, reducing time-to-market, and accelerating revenue through de-risked project delivery.
CEO & Founder, Wabbi
In 2021, we will see DevSecOps become more instrumental and have greater influence in secure application development and delivery. DevSecOps may be an oxymoron to some who don't believe it's possible to have both rapid and secure code delivery. However, DevSecOps' approach of building security into the rapid release cycles is proving to be successful at optimizing security while enabling business goals such as accelerating productivity. I believe it will be the key to allowing application security solutions to go beyond offering the best of breed protection, by also providing the required flexibility, automation, scale and elasticity that can play along the pace of continuous development cycles. This ultimately allows both security and DevOps staff to be successful supporting the company's business goals.
Application Security Director, Radware
DevSecOps will penetrate the entire IT domain. DevSecOps has been about injecting safety in the development lifecycle, reducing any vulnerability and augmenting business value. The companies' shift to DevSecOps would bring in greater collaboration in the software development processes as it ensures that the software development process always remains immaculate, effective, and operative.
DevOps Software Engineer, Exadel
FULL END-TO-END INTEGRATION OF PROCESSES THROUGH DEVSECOPS
While Engineering, Product, and Operations have been unified as part of the DevOps movement, it'll be 2021 when Security finally joins the team. As the policies and controls Security defines become part of the product requirements, Security will become embedded into DevOps workflows to become part of the acceptance criteria for work items in development and operations at every step of the SDLC. This is not just about operations embedding security tools into their continuous integration and deployment, but rather a full end-to-end integration of the processes through Secure DevOps (SecDevOps) orchestration. This keeps the team focused on winning the game of shipping quality product to market in a timely and efficient manner.
VP of Engineering, Wabbi
NETOPS, SECOPS AND DEVOPS COME TOGETHER
Successfully executing a process as complicated as cloud-native app adoption requires the involvement of many different teams. Many enterprises think they only really need developer and DevOps teams to drive cloud-native app adoption. As a result, they end up with unsecured, poorly performing cloud-native apps, if they even get that far. In 2021, DevOps teams will deploy more collaborative infrastructure platforms that will enable them to bring in NetOps and SecOps to help "share the load, but without delays" to better transition to a successful cloud-native environment. These groups will collaborate far more effectively and openly than they have in the past.
DEVOPS AND SECURITY ELIMINATE THE FRICTION
Looking ahead to 2021, it will no longer be sustainable for organizations to have such a distinct division between DevOps and security teams. Traditional approaches of passing code from development to production, with a security review before launch, are no longer seen as acceptable in an increasingly competitive digital marketplace, where speed, agility, and superior customer experience are paramount. This has been an ongoing challenge. DevOps teams are moving quickly while security teams, which are often much smaller than their DevOps counterparts, are struggling to keep up, ultimately creating friction between the groups. This friction often results in one team's goals being prioritized more highly than the others — usually DevOps being enabled to move quickly and bypass security. Without collaboration between the two groups, we see things like apps with critical vulnerabilities being deployed into production and solutions being released with no visibility into the compliance posture. In 2021, we will see organizations start to recognize the need to eliminate this friction and as a result, they will implement more processes that encourage early stage collaboration between DevOps and security. Security teams will find ways to encapsulate their requirements in language that DevOps teams understand and can consume as part of their design and build processes.
Senior Director of Business Development and Solution Engineers, Cloud Security, Rapid7
DevOps and DevSecOps evolve into "platform teams"
New "platform teams" will take the lead on enterprises' strategy for what historically been within the purview of cloud operations, security, and development tooling functions, to provide a higher-level abstraction to application developers. This frees the developers to focus on the business application itself, with less concern about the underlying infrastructure often required by DevOps-oriented teams. One challenge here will be finding the talent able to take this broader architectural view.
VP Open Source Engineering, Aqua Security
BACKUP AND DR COMBINE WITH DEVSECOPS
Following the first-ever Cloud Native Data Management Day co-located with KubeCon NA 2020, we see data management capabilities like backup and disaster recovery becoming more integrated into the fabric of DevSecOps workflows. Capabilities that were considered a production afterthought will start shifting left with backup capabilities baked into "golden development stacks" providing automatic protection policies even for applications that might be added at a later time. With this enterprises will increasingly look at data as a core asset and will take cost arbitrage advantages for data computation across public and private clouds. This means enterprise ops teams will employ solutions that provide them the optionality of Kubernetes application mobility that can efficiently and holistically move entire applications, not just parts like storage subsystems or individual databases.
Head of Product, Kasten by Veeam
DevSecOps will disappear and DevOps will have security baked in. Here is security that's relevant during coding and security that's relevant during operations but there has never been a separate "Sec" in DevOps. Both security activities will become an integral part of their respective "halves" of the DevOps loop.
CEO and Co-Founder, Glasnostic
The fervor around DevSecOps will cool because the market and analysts will recognize that security in development, delivery and production needs to be built in at a fundamental level, thus obviating the need to think about DevSecOps as somehow separate from DevOps.
Senior Product Marketing Manager - CD, CloudBees