Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 3 covers Kubernetes, APIs and more.
Start with 2020 DevSecOps Predictions - Part 1
Start with 2020 DevSecOps Predictions - Part 2
Start with 2020 DevOps Predictions
KUBERNETES ENHANCES SECURITY
While the initial adoption of Kuberentes has to do largely with enabling business innovation, the technology offers powerful opportunities to build security directly into the development process. Developers are realizing that if security isn't built in, they will suffer from undetected vulnerabilities, misconfigurations, or other factors out of their control.
Ali Golshan
CTO and Co-Founder, StackRox
DevOps and security teams are now understanding that the dynamic and ephemeral nature of cloud-native applications requires specialized capabilities to understand the moment-to-moment architecture of applications. As such, expect to see distributed tracing and Kubernetes audit log analysis to become standard requirements to manage vulnerabilities and misuse in K8s for DevOps in the upcoming months.
Gadi Naor
Founder and CTO, Alcide
Kubernetes continues to eat the CI/CD worlds. This means more and more companies are seeing the benefits of both containerization as their unit of deployment and Kubernetes as a means of orchestrating those units. These two things can be used to simplify the building, testing, and deployment of applications because they can be implemented in all three steps, as opposed to traditional methods with separate technologies and infrastructures. This trend will continue through 2020, even as FaaS takes off. An opportunity accompanies this — security initiatives will focus on integrating static scanning technologies (e.g. SAST, SCA, as well as configuration and secrets checkers) into these software-defined containers and build and deployment pipelines. Increased sophistication in operating Kubernetes will result in firms "baking in" more hardening and other security-enhancing actions into the packaging, deployment and service mesh creation. And, because these security controls are essentially embedded into orchestration, rather than conducted manually by operators, they are automatically and consistently applied, without fear of operator mistake or attrition.
Ernesto DiGiambattista
Founder, ZeroNorth
API SECURITY
Attacks on application programming interfaces (APIs) will increase in 2020, and business spend to secure them will spike as a result. Unsecure APIs can lead to exposure of massive information loads, from airline ticketing to online ordering. For example, two years ago, a large food retailer leaked nearly 37 million customer records due to unsecure access to its backend server and sequentially numbering customer records. This allowed for easy enumeration of the retailer's entire customer base. Further, just last year, more than 140 airlines had customer information compromised because the booking system allowed anyone to access passenger records just by changing an identifier in the URL. Expect to see an increase in business spend to secure APIs in the coming year to prevent these damaging attacks.
Jonathan DiVincenzo
VP of Product Management, Signal Sciences
API management is ripe for automation with new AI capabilities that protect and control APIs in an intelligent way. This might include API policies that reconfigure dynamically based on traffic, security threats, and identified patterns.
Ann Marie Bond
Senior Manager, Product Management, Software AG
SECURITY FOR SERVERLESS ENVIRONMENTS
Expect serverless adoption to increase — even more than it already has — throughout 2020. The advantages of serverless for reducing operational complexity, enabling greater DevOps efficiency and agility, and delivering better cost efficiencies are becoming (rightfully) too tempting for enterprises to pass up. But DevOps teams in 2020 will also need to develop security strategies that match serverless' specific requirements. I predict many DevOps will find out the hard way that serverless deployments differ considerably from traditional server or containerized deployments. More specifically, serverless architecture does not allow for firewalls, instrumentation agents, IDS or IPS solutions, or other more traditional server security tools. Therefore, implementing an effective and dedicated security solution will become a vital concern for any organization deploying serverless environments in 2020.
Gary Duan
CTO, NeuVector
APPLICATION SECURITY TESTING (AST)
With very high level breaches and hacks happening across industries, application security testing (AST) has become a critical topic of concern. This is giving a high impetus to implementation of practices such as DevSecOps. To keep the complex applications safe, and yet meet the tight go-to-market deadlines, organizations must continuously accelerate efforts to integrate and automate AST across SDLC.
Rajesh Sarangapani
AVP, Cigniti Technologies
DEVSECOPS TOOLS: ZERO VULNERABILITIES
Based on IT Central Station user reviews of DevSecOps solutions, we can expect to see continued improvements in security and code quality next year. Developers and architects reviewing the solution would like the solution to go a step further. They would like their DevSecOps solutions to have zero vulnerabilities with minimal false positives, and the vendors who can build these features into their solutions will likely gain the support of more technical users in 2020.
Russell Rothstein
Founder and CEO, IT Central Station
SECURITY BOTS
The next level of security control is bots that sit in your network, constantly monitoring behavior and use machine learning to determine patterns that are threats.
Ann Marie Bond
Senior Manager, Product Management, Software AG
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.