DevSecOps Predictions

During 2019 companies and organizations recorded historic losses caused by digital transformation problems such as those arising from the lack of communication and visibility on sites. For such a reason, this will be the year of the winners of the digital transformation.

This year will be critical for business, security, development and operations teams to work together in order to overcome visibility challenges in the organizations; challenges that cause massive losses in planning and forecasting. Tools that allow integrating data across licenses, cloud, costs, and resources will be further consolidated, and real data platforms providers will start solving the digital dilemma. For said reasons, the advances expected for this year are as follows:

• Security by design
  The “security by design” principle will attract more attention, since 50% of vulnerabilities in the developed apps or products drag security gaps from the design thereof. As a consequence of that, it will become essential to have the resources to identify earlier and fix such design flaws.
• DevOps and DevSecOps convergence
  DevOps will become the subject of any discussion on security and vice versa. Using and explaining the term DevSecOps will no longer be required as well as the need for collaboration between development and operations areas. Furthermore the security will be a shared and integrated responsibility throughout the whole process. Consequently, the term DevSecOps is coined emphasizing the need to create this convergence as a way to operate within organizations.
• CISO joins DevOps team
  Chief Information Security Officer (CISO) will become part of the DevOps team and will influence a holistic approach to the security within the DevOps “IT pipeline”.

DevOps not only strives to deliver value but it also has the potential to unintentionally introduce security vulnerabilities. The above has encouraged DevOps teams to incorporate security testing into the DevOps “IT pipelines” which has increased the sense of shared responsibility for security.

Through a closer cooperation with CISO, DevOps security tests will go beyond static and dynamic application security tests (SAST and DAST) and the compliance with corporate and regulatory policies. There is no software which is immune to attack, therefore ongoing tests will also include periodic and proactive tests of security accident response and damage control protocols in order to ensure that any breach can be contained immediately and the effects and costs thereof be limited.

• Developing mergers with engineering
  At a high level, SaaS applications have highly personalized needs concerning information security and protecting client’s data. Responding such InfoSec needs will require the expertise of the security team, as well as engineering team resources. Therefore, DevSecOps will merge with engineering according to the product.
• AIOps Unified Security and Ops
  DevOps organizations are adopting AIOps solutions at a rapid pace. SIEM providers are exploring how AI / ML technology could add operational intelligence to their processes based on security events. AIOps tools will start unifying IT operations and information security against the explosion of next-generation zero-day threats. The challenges of modern IT environments (i.e. multiple clouds, serverless etc.) and continuous innovation will drive this trend.

Security will start accepting that there is too much to do and that there aren’t enough resources. On the other side teams will start looking for methods to make the overall process less demanding, as well as search for new techniques to allocate resources more effectively. There will be a greater focus on facilitating the process, as teams start to lean more on defense in depth.

Our mission at Ikusi is accompanying companies in facing the challenge of digital transformation; we are always at the forefront in order to provide the tools and technological strengths required to increase competitiveness and face the current market challenges.