At the beginning of the pandemic, enterprises had to either accelerate digital transformation or wind up. We saw how DevSecOps became integral to business success by enabling organisations to embrace the cloud. Gartner reported a 20-50 percent market penetration in 2020 among DevSecOps target audiences.
Every organization wants to ship their idea to their customers as fast as possible without creating risk and security concerns in that process. DevSecOps adoption boosts the resilience of organizations IT products and services without having to compromise on time to market. As a standard part of software development methodology in 2021, it ushers in a slew of new trends that businesses should be aware of. What’s next for DevSecOps in 2021? Let’s find out.
Developers lead the way
Modern technology will increasingly become “developer-led”. Traditionally, the security of the product was seen as a responsibility of InfoSec or CISO groups consequently for developers it was an afterthought. The main goal of the developer was to create software that was practical, innovative and could be delivered quickly. There is now a stronger emphasis on security in the early phases of the development of a product. Through the evolution of common languages and strong integration tools in software development, IT Ops, and security, enterprises will successfully encode their operations, security, compliance, and design efforts.
To achieve this, businesses must assess developer teams’ security skills and current tools that are used. If necessary, they need to provide training to keep them upskilled and adopt tools and integrations. In addition, organisations must communicate the importance of secure code and detection of security issues early in the process. Getting developers on the security side is fundamental to DevSecOps.
The software development ecosystem evolves
The software development ecosystem is defined by four pillars— Designers, Developers, Data Scientists and DevOps. First, we have the designers who create an engaging user experience. Next, developers design the system’s front- and back-end. Then, data scientists and analysts bring these together to make systems smart, engaging and personalised. And finally, the DevOps team helps deploy and manage the applications and infrastructure. These four components work together to develop, deploy, and manage successful business processes to boost companies’ effectiveness. Security and compliance are getting integrated into the processes of Developers and DevOps driving shift left movement. In this movement, there will be the adoption of practices and tools in both DevOps and Development teams that will improve security and compliance posture without adding significant additional work.
I believe DevSecOps adoption in 2021 will be defined by the growth of the applications team to meet the needs of the four Ds and enhance collaborative capabilities to continuously deliver high-impact software solutions.
Design for failure facilitates secure architecture
Today’s modern applications run at massive scales and require rich capabilities that support an adaptive experience with end-users. Such adaptive experiences and scales result in complex application and deployment architectures. A practice that has evolved over the past few years – designing for failure – is ensuring the system has reliance built into it from the ground up. The notion of failure will not just be limited to having downtime or having a broken feature. Even data breaches, security vulnerabilities blocking access to users are also seen as failures. Designing systems against them from the beginning of the application’s life cycle is leading to an effective and secure architecture. While most of DevSecOps adoption is driven by organizations taking path in security as code and infrastructure as code, such a secure architecture pattern will also become a complementing trend alongside that.
Automation powers development
2021 will incorporate DevSecOps with development processes as quality assurance was adopted into development via automated testing. It is not just enough to detect vulnerabilities and non-compliance to standards early in the development process, but it is important to correct them in an automated manner. We can only expect to see how such automation will further accelerate the adoption of DevSecOps. Compliance automation tools will play a key role to strengthen security and compliance policies across applications and infrastructure.
According to IDC, by 2023, 90 percent of new apps are expected to be built or released on demand using policy-driven security and compliance assessments in the delivery pipeline. The influx of automation will help make the end-to-end software development process consistent and faster.
Over the next few years, DevSecOps will gain importance as development teams combine security and quality to meet the ever-growing business needs. Operations monitoring, security monitoring and protection use cases will be shifting left in the development process, driven by DevSecOps-style collaboration and integration.
By Prashanth Nanjundappa, Senior Director of Product Management, Progress