2024 DevSecOps Predictions - Part 3
January 24, 2024

DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024. Part 3 looks at more issues and solutions.

Start with: 2024 DevSecOps Predictions - Part 1

Start with: 2024 DevSecOps Predictions - Part 2

LARGE LANGUAGE MODELS IMPACT SECURITY

In 2024, as Large Language Models (LLMs) become increasingly ubiquitous, we can anticipate a growing concern in the realm of developer security.

There are two key aspects that warrant attention:

Emergence of Malicious Open-Source Packages: In the past, crafting a malicious open source package required a level of domain expertise. However, the widespread availability of LLMs has lowered the entry barrier, making it feasible for anyone with a computer and an internet connection to create malicious packages. Consequently, we should expect a surge in cyberattacks, characterized by increased sophistication and a broader linguistic spectrum due to the ease of language adaptation.

Security Measures for LLM Adoption: With the integration of LLMs into various processes, companies will need to fortify their security defenses. For those consuming LLMs through APIs, traditional threats such as injection vulnerabilities will persist, but new risks will emerge, like verifying the input and output of LLMs to ensure they don't compromise the organization's network or contain malicious instructions. Companies opting to run LLMs in-house will encounter the challenge of managing a new technology stack, involving permissions, restrictions, and more.

In summary, the wider adoption of LLMs will have ripple effects, not only on hackers seeking to exploit vulnerabilities but also on security services working to safeguard digital assets and networks.
Ori Abramovsky
Head of Data Science, Check Point Software Technologies

EMA'S 2024 CYBERSECURITY PREDICTIONS

Chris Steffen, VP of Research covering Information Security, Risk, and Compliance Management at Enterprise Management Associates (EMA), and Ken Buckler, Research Analyst covering Information Security at EMA, make 2024 cybersecurity predictions on the Cybersecurity Awesomeness Podcast.

Click here for a direct MP3 download of Episode 41

AI IMPROVES API SECURITY

API security evolves as AI enhances offense-defense strategies: In 2023, AI began transforming cybersecurity, playing pivotal roles both on the offensive and defensive security fronts. Traditionally, identifying and exploiting complex, one-off API vulnerabilities required human intervention. AI is now changing this landscape, automating the process, enabling cost-effective, large-scale attacks. In 2024, I predict a notable increase in the sophistication and scalability of attacks. We will witness a pivotal shift as AI becomes a powerful tool for both malicious actors and defenders, redefining the dynamics of digital security.
Shay Levi
CTO and Co-Founder, Noname Security

OPEN SOURCE PRODUCT SECURITY TEAMS

In 2024, we see the rise of dedicated open source product security teams within organizations. As open source continues to expand its footprint within commercial products, product security groups will begin building out dedicated teams focused exclusively on the security of the open source components that make up much of the source code in their products.
Donald Fischer
CEO and Co-Founder, Tidelift

CONTAINER PROTECTION

In 2024, I think we're going to see DevOps teams work more closely with their CISOs or IT security leads to protect containerized environments. Regulations such as GDPR, PCI, and HIPAA are making it increasingly important for organizations to protect and back up data that is vulnerable to increasingly sophisticated cyber threats like Ransomware, and more often than not, that data is in containers. Nearly 9 out of 10 companies today are using containers in development to drive rapid innovation. Although Kubernetes is known to have strict security protocols that help block access to components outside of a cluster, it's definitely not impenetrable. Misconfigurations, missing container replacements, and gaps with backing up create vulnerabilities that attackers are actively exploiting. Warm cloud backups to speed up recovery times during any future downtime incidents, regular scanning, and running containers with the least privileges possible should all be priorities in the year ahead.
Faiz Khan
CEO, Wanclouds

DevOps Adopts Cloud-based Code Signing

In 2023, the CA/Browser Forum passed a new baseline requirement for how code signing certificates and keys are to be securely stored. This was a direct result of several high profile cyberattacks related to compromised code signing keys and processes. While code signing has become essential to proving the authenticity, integrity and security of software, it is still an afterthought for many development organizations. DevOps teams will use the new CA/B Forum requirements to reinvent their code signing processes. The popularity of SaaS code signing with a cloud-based HSM will enable simplified and centralized code signing processes, support distributed developers and meet the CA/B Forum requirements – promoting speed, agility and security through the software development lifecycle.
Murali Palanisamy
CTO, AppViewX

CLUSTERED ARCHITECTURES

As businesses increasingly adopt containerized and microservices architectures for their application delivery, I believe that a notable shift towards enhanced segmentation within clusters is on the horizon. This evolution is particularly evident in the growing prominence of Kubernetes as a primary delivery method in the cloud. Organizations are poised to invest significant efforts in fortifying the security and segmentation of clustered architectures at the container level. This proactive approach recognizes the pivotal role of secure containerization and microservices in modern software development. The future landscape is one where the nuances of clustered environments are carefully addressed to not only optimize performance but, more crucially, to bolster the resilience and security of applications as they navigate the dynamic and interconnected realms of containerized and microservices-based infrastructures in multi-cloud vendor environment.
Erez Tadmor
Cybersecurity Evangelist, Tufin

APPLICATION SHIELDING

Application shielding will continue to grow in adoption as organizations realize its value in the DevSecOps framework. Application shielding helps DevSecOps teams work more efficiently by embedding protections to secure source code and IP from reverse-engineering and tampering attempts; IT and security teams will need a mobile app protection platform that meshes with a DevSecOps framework or risk being further siloed from development team efforts.
RJT Keating
SVP of Corporate Development, Zimperium

HARDWARE ACCELERATORS

As DevSecOps matures in 2024, we foresee a deeper fusion with hardware accelerators, optimizing security task efficiency. This synergy will accelerate development workflows and strengthen security postures, narrowing potential attack vectors. For containerized applications, this progress is crucial — enhancing governance, ensuring the deployment of secure containers, and swiftly neutralizing threats. Such advancements are key to advancing the security and performance duality, especially in high-stakes, performance-sensitive environments.
Keith Cunningham
VP of Strategy, Sylabs

MORE OPTIONS FOR DEVELOPERS

Developers will begin to have more options to protect and restore scripts, configurations, and code for applications they are developing across the application development lifecycle. This, in turn, will help make the critical services and configurations essential to run modern data applications available and recoverable in the event of simple human error or malicious actors.
Andy Fernandez
Director, Product Management, HYCU

2024: THE YEAR OF SBOM

2024 will be the year of the Software Bill of Materials (SBOM). In 2024, the software landscape is poised for significant changes, with a growing emphasis on SBOMs. As concerns about supply chain attacks continue to escalate, compliance measures will tighten, due to the increasing frequency and visibility of such incidents. The proactive adoption of SBOMS is not only a response to heightened awareness, but a crucial step in securing the software supply chain. This upcoming year, increased emphasis will be placed on preventing and disclosing supply chain threats, as well as an increase in compliance requirements, like US Executive Order 14028, across the globe.
Nick Mistry
SVP, CISO, Lineaje

Share this

Industry News

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.

November 18, 2024

Elastic announced its AI ecosystem to help enterprise developers accelerate building and deploying their Retrieval Augmented Generation (RAG) applications.

Read the full news on APMdigest

November 18, 2024

Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the technology preview of Red Hat OpenShift Lightspeed.

November 18, 2024

Traefik Labs announced API Sandbox as a Service to streamline and accelerate mock API development, and Traefik Proxy v3.2.