2020 DevSecOps Predictions - Part 2
January 14, 2020

As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 2 offers predictions about shifting left, automation and more.

Start with 2020 DevSecOps Predictions - Part 1

Start with 2020 DevOps Predictions

SHIFTING LEFT

It's time for DevSecOps to really start catching on. The increase in cyber incidents should be enough warning for organizations that they have to start doing a better job with cybersecurity and AppSec. DevSecOps means getting security to permeate your entire process and organization. Part of this is testing early and often, which is achieved with technologies like service virtualization and modern test automation tools. Organizations that are serious about security will shift even further left by building code and systems that are more secure in the first place. This will be done like other industries by relying on known best practices as embodied in proven quality, safety, and security coding standards like MISRA, UL 2900, and CERT.
Arthur Hicken
Evangelist, Parasoft

Security will continue to "Shift Left" (with a little help from the cloud). The rise of cloud infrastructure will be a positive force in driving this change. DevOps will help — ensuring the value of security is front and center. As security is tackled early in the development process, companies will no longer be able to sidestep or delay security processes and procedures, let alone question if they're affordable.
Tim Armandpour
SVP of Engineering, PagerDuty

DevSecOps will shift left as enterprises prioritize security and employee privacy: A reported 53% of online users are currently more concerned about their online privacy compared to a year ago. With heightened privacy concerns, there will be an increased focus on addressing both corporate security and user privacy concerns much earlier in the development cycle. Dev teams will start investigating tech that provides granular controls that address both security and privacy, such as app level security. In parallel, teams will also investigate how to automate security integration into the development lifecycle. Cybersecurity programming skills are in short supply and there is no cost effective way for teams to address the growing dev demands through solely manual coding. Having security automatically integrated addresses the mundane nature of certain repeatable processes, freeing up developer time. More importantly, automation that brings in security tech early in the lifecycle allows the entire solution to be tested at once, again saving dev cycles. If security isn't shifted left (i.e., brought into the dev cycle early) testing will have to be repeated once security is added in.
Nikfar Khaleeli
VP of Products, Blue Cedar

THINKING RIGHT

There are more apps in production than before, and the risk of apps being breached at this stage is at an all-time high. Apps in production are most vulnerable, with a higher time to fix and window of exposure. Plus, with most development teams short on resources, it's often hard for them to focus on the security aspect. Therefore, these apps are easy for hackers to exploit. In fact, an average of more than 50% of apps are always vulnerable for organizations that don't have the right secure development practices in place. When you "think right" you are: starting with highest-risk apps in production to find and fix vulnerabilities; incorporating security measures at the most critical points in the software lifecycle (SLC), starting with production ; integrating security throughout the SLC from production all the way to development. In 2020, we will see this approach being adopted more widely.
Setu Kulkarni
VP, Strategy and Business Development, WhiteHat Security

AUTOMATION OF SECURITY

We're going to see security engineering — DevSecOps — become actual practice. Teams will be writing more code that automates security controls and compliance requirements. The need here is inevitable and urgent: because so much of this cloud-native world is highly dynamic, with so many moving parts, we can no longer get by with people manually doing security or compliance checks. Security and compliance controls must be automated if we are going to truly realize the time-to-market promise of containerization.
Tim Hinrichs
CTO and Co-Founder, Styra

In 2020, we will see organizations automating enforcement, remediation, and response as it relates to cybersecurity. Trying to "Shift Left," cover the middle, and respond to runtime attacks is simply too much to handle without tapping into the power of automation. At the same time, security automation is risky. What if you disrupt services and cause an outage? Now that we have automated most every other piece in the development lifecycle, it's time to figure out how to take security automation to the next level. Just as technology and automation has empowered developers and applications, it too will empower security. In 2020, we will see the difficult and complex security issues addressed with automation. This will extend from early enforcement before deployment, to continuous security of infrastructure, to automating incident response at run-time.
James Condon
Director of Research, Lacework

Security "policy as code" — and overall, easier security automation — will change how DevOps (and DevSecOps) teams approach container security in 2020. Kubernetes ConfigMaps and Custom Resource Definitions (CRDs) are making it possible for configurations and rules to be automated right into the CI/CD and DevOps pipeline. Because of this, DevOps teams in 2020 will be much better equipped to analyze application behavior and set security policies for any and all workload deployments via YAML files. Expect this evolution of more efficient and automated security integration processes to be a particularly welcome change for DevOps.
Gary Duan
CTO, NeuVector

DEVSECOPS BUILT INTO CI

With the rising number of data breaches and increased emphasis on data privacy regulations such as PSD2 and GDPR both in the US and globally, DevOps-savvy organizations will be forced to prioritize diligence in security measures over time to market in the year ahead. As new regulations are put into place, more application developers will be mandated to build strict security policies directly within code. There will be an uptick in DevOps tools that cater to automating more compliance-related tasks within infosec teams, thus incorporating security and compliance measures into every day CI (continuous integration) workflows.
Sid Phadkar
Senior Product Manager, Akamai

DEVSECOPS UNLOCKS POWER OF THE CLOUD

As enterprises realize the necessity and opportunity of integrating security into the CI/CD pipeline in 2020, they will simultaneously unlock the promise of the cloud for extreme agility while improving overall security and compliance. As a bonus, doing this well can eliminate the historical conflict between application/development and security and turn it into a positive, beneficial collaboration.
Reuven Harrison
CTO and Co-founder, Tufin

Go to 2020 DevSecOps Predictions - Part 3

Share this

Industry News

December 19, 2024

Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).

December 19, 2024

Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.

December 18, 2024

Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.

December 18, 2024

Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.

December 17, 2024

Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.

December 17, 2024

Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.

December 17, 2024

Kindo formally launched its channel partner program.

December 16, 2024

Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.

December 16, 2024

Fastly announced the general availability of Fastly AI Accelerator.

December 12, 2024

Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.

December 12, 2024

vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.

December 11, 2024

CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.

December 11, 2024

Grid Dynamics announced the launch of its developer portal.

December 10, 2024

LTIMindtree announced a strategic partnership with GitHub.