DevSecOps is Now Ops’ Greatest Digitization Challenge

C. Dunlap

Summary Bullets:

  • DevSecOps’ barriers to adoption include culture clashes between teams and technical challenges.
  • Emerging tools are beginning to appear among traditional platform providers and startups.

The move to microservices-based apps has unleashed a flood of new DevOps and GitOps platforms in recent months aimed at helping enterprise operations and developer teams create continuous integration and continuous development pipelines for streamlining the deployment of advanced apps within complex processes. Efforts to spin off new app architectures, including Kubernetes clusters, require configurations between networking, security, and provisioning of computing. This need involves the developer as part of a ‘shift left and GitOps’ movement taking place over the past 18 months, spurred by the need to automate continuous delivery and operations of apps and infrastructure. However, progress toward this effort has been slow.

A recent peak in high-profile cybersecurity threats (including Log4j), AI-injected software automation advancements, increased use of untamed and unmanaged APIs, and OSS innovations (including Envoy, Prometheus, and OpenTelemetry) are pressing companies to solve this dilemma. As a result, the industry is beginning to prioritize the issue of DevSecOps, and numerous industry offerings will begin to surface in the coming months.

DevSecOps is a movement toward collaboration between previously ordained silos of IT teams (i.e., security, operations, and app development) still stymied by clashing cultures, but increasingly supported through solutions enabled via application security, AI, automation, modern monitoring/observability, and service mesh. Alongside the trend toward infrastructure as code, it has become a key component of application modernization efforts for involving more developers into the security process.

How enterprises establish best practices for achieving a DevSecOps stance remain up for debate. Much of the trouble stems from the fact that the silos of technology participants are based on very different cultures. Organizations are having a tough enough time attempting to merge even two of the three-part objectives within DevSecOps.

GlobalData has written an in-depth Advisory Report on the topic of DevSecOps (please see: “DevSecOps: The Most Transformative Digitization Challenge Yet,” June 30, 2022). Key findings include:

  • The industry has responded to the need for DevSecOps via numerous tools aimed at infrastructure modernization and increased focus on security, including Weaveworks, Drata, Jetstack, Red Hat OpenShift Platform Plus, and Checkmarx, among others.
  • Observability goes hand-in-glove with security and emerging solutions including Red Hat Insights/Ansible, Oracle Cloud Observability and Management, and IBM Observability by Instana.
  • Service mesh is proving to be an important component of DevSecOps for its ability to help developers bypass cumbersome coding associated with infrastructure integration (e.g., security, monitoring). Emerging solutions include Oracle Cloud Infrastructure Service Mesh and Cisco Calisti.

Over the next year, the industry will witness highly differing approaches to DevSecOps stemming from this range of participants, which include platform and cloud providers, app and API security, observability pure-plays, and traditional infrastructure giants.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.