Join us

2022 Prediction: DevSecOps will cross the chasm

@bridgecrewio ・ Feb 03,2022 ・ 3 min read ・ 998 views ・ Originally posted on bridgecrew.io

#DevSecOps   #DevOps  

Screen Shot 2022-01-27 at 1.18.22 PM.png

We’ve been talking about DevSecOps and shift-left security for years. Although this approach probably didn’t “cross the chasm” in 2021, we did see some very telling milestones.

Cybersecurity VC funding surged to record heights with a focus on DevOps and cloud security and the need for DevSecOps became glaringly evident with the Log4j vulnerability. On a more personal note, our own open source security project Checkov has surpassed three million downloads.

Much of this momentum was inevitable. Those in infrastructure and reliability circles have already been adopting and touting the benefits of shifting left and automating as much as possible, so in many ways, it’s expected that security would follow suit. Undoubtedly, the pandemic has also accelerated the need for developers to work more autonomously without having security personnel and processes acting as barriers to productivity and velocity.

We’re confident that 2022 will see the silos between development and security teams continue to crumble as developer-led security practices become the norm for cloud-native organizations.

DevSecOps finally crossing the chasm doesn’t mean that every enterprise and traditional organization will shift security left and adopt security best practices. It will, however, give them competitive advantages over those who don’t—both in decreased security costs and increased developer productivity and, thus, time-to-market.

What else is in store for the future of DevSecOps?

Rise of the DevSecOps job title

Fewer than 5,000 people on LinkedIn currently have “DevSecOps” in their job title, yet there are over 20,000 current openings for DevSecOps roles. In 2022, expect to see more of those positions filled. This means security teams across industries will conduct fewer manual security audits, there will be a considerable influx of homegrown DevSecOps tooling and point solutions will likely begin to consolidate into single platforms.

Blurred lines between application and infrastructure security

Until recently, application security was a very well-defined (albeit fractured) space focusing on securing the custom code and open source packages that make up applications. However, with the rapid adoption of cloud-native applications, the lines between application and infrastructure security are blurring. We expect to see this trend continue as more engineers take on more infrastructure-related projects, vendors start catering to use cases outside of their core competencies (through acquisitions and in-house development) and the role of DevSecOps continues to expand within organizations.

Infrastructure as code: The great cloud migration’s next chapter

We’ve been talking about the great migration to the cloud for years. At this point, many companies are ready to move on to the next chapter: Infrastructure-as-code (IaC). As a result of this trend, DevSecOps will become much more important, as security needs to be baked earlier in development phases or risk being left behind. In addition, security teams will need to become more well-versed in development technologies and practices to provide the proper guidance for the new way applications are built and deployed.

More software supply chain attacks

Hackers have been targeting retailers and security vendors for years, exploiting a minor weakness to gain access and move laterally into sensitive data. In the past year, however, software supply chain attacks stepped into the spotlight due to multiple supply chain attacks. We expect this trend to continue, which will, in turn, put more focus on securing supply chains. DevSecOps, which has focused mostly on tools and practices for securing the code and infrastructure, will expand to include the supply chain mechanism.

If 2021 was the year of hype for DevSecOps, we believe (and hope) that these best practices are embraced en masse across industries. The benefits of shift-left security are well documented: The number of high severity incidents is significantly reduced, the potential attack surface is minimized, compliance efforts are simplified and the time to remediation is lowered. Organizations also save money by catching misconfigurations and vulnerabilities earlier in the software development life cycle while at the same time gaining time back with tools, both open source and commercial, that are empowering developers to move fast and build applications that are more secure and reliable.

Share with your friends and followers

Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies, reach more readers and earn rewards!

Join other developers and claim your FAUN account now!

Publish your first story!
BridgeCrew
BridgeCrew

The codified cloud security platform for developers

Avatar

bridgecrew

@bridgecrewio
Security where code happens.
User Popularity
286

Influence

29k

Total Hits

18

Posts

You may also like ..
Read DevOps Weekly - DevOpsLinks
1 year, 1 month ago by @faun
The art and science of developing intelligent apps with OpenAI GPT-3, DALL·E 2, CLIP, and Whisper.
1 year, 1 month ago by @faun
7 Must-Watch DevSecOps Videos
2 years, 7 months ago by @eon01
Takeaways from The State of Containers and Kubernetes Security
2 years, 7 months ago by @eon01
Read Python Weekly
1 year, 1 month ago by @faun
9 Best Load Testing Tools
2 years, 7 months ago by @eon01
Read AI/M Weekly
1 year, 1 month ago by @faun
Read Golang Weekly
1 year, 1 month ago by @faun
The Future of DevOps: 15 Trends for 2021
3 years, 1 month ago by @eon01
Read DevSecOps Weekly
1 year, 1 month ago by @faun
Read CloudNative Weekly Newsletter
1 year, 1 month ago by @faun
Monitoring vs Observability, What’s the Difference?
2 years, 7 months ago by @eon01
Join faun
Read, Learn, Know, Teach

Hand curated newsletters for Developers, private Slack with like minded people, podcasts, job offers, news and more!