Eight top DevSecOps trends to support IT innovation in 2022 – IT Brief Australia
Article by Dynatrace vice president of A/NZ Hope Powers.
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. More than one-third (36%) of respondents to GitLabs 2021 Global DevSecOps Survey reported developing software using DevSecOps, up from 27% in 2020.
This growth is driven by organisations realising that application quality and security are essential to their ability to streamline continuous integration and delivery (CI/CD) and accelerate innovation. They need to balance pressure to develop software rapidly with the need to ensure it remains secure and is optimised for todays cloud environments. This can be quite a challenge.
GitLabs Fifth Annual Global DevSecOps Survey (2020) found 60% of developers are releasing code twice as fast by using DevOps. However, speed often comes at the expense of security. A survey of CISO leaders last year found that 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.
To enable software to be developed rapidly and securely, DevSecOps teams need to automate all stages of the lifecycle. They need shared solutions and platforms that converge observabilitythe ability to measure a systems current state based on the data it generates, such as logs, metrics and traceswith security, so they can spot security gapsand identify poor quality code and other software development issues.
In a survey of 250 enterprises in the US and UK with more USD $1 billion in revenue, 96% of respondents expected to benefit by automating their compliance and security processes, a fundamental goal of DevSecOps.
As DevSecOps continues to gather momentum, here are some key trends.
1. Infrastructure as code (IaC) uptake is rising
Infrastructure-as-Code (IaC), aka software-defined infrastructure, is the management of hardware using code. It enables IT hardware resources to be configured, managed, monitored and provisioned using software rather than manual processes.
According to Gartner, 60% of organisations will be using infrastructure automation tools as part of their DevOps strategy by 2023, improving application deployment efficiency by 25%. In addition, defining infrastructure as code enables greater automation throughout the delivery pipeline, making it easier to replicate the testing and deployment process for new code. This is essential for accelerated DevSecOps adoption.
The same code can be used every time a particular infrastructure configuration is needed, so the benefits in time and effort saved are greatly increased. IaC can also benefit DevSecOps by reducing human error. Processes enshrined in code are secure and repeatable, lending themselves to automation and ensuring the correct execution ofhighly complex processes.
2. Attacks via vulnerable third-party code are growing
Many organisations make use of third-party code and software libraries in their development of new digital services. Any vulnerabilities in this code expose their applications to cyber attacks.
To guard against this, organisations must monitor their use of third-party code so they can patch any new vulnerabilities that are discovered. For example, in December 2021, a vulnerability known as Log4Shell was discovered in versions 2.0 and 2.14.1 of Log4j 2, a popular Java library. Log4Shell enables an attacker to use remote code execution to engage with software that uses Log4j and gain access to networks and sensitive data. Many organisations were forced to take devices and applications offline while they identified whether Log4j had been used in any stage of software production, from development to runtime.
In a blog, author and developer advocate Nicolas Frnkel wrote, Wise developers dont reinvent the wheel: they use existing libraries and/or frameworks. From a security point of view, it means users of such third-party code should carefully audit it. We should look for flaws: both bugs and vulnerabilities.
Log4Shell certainly will not be the last such vulnerability, as the more recent discovery of Spring4Shell has already shown. To guard against the next one, organisations should deploy observability platforms that can provide deep and broad insights into their applications to quickly identify any code flagged as vulnerable.
3. Root-cause analysis using AIOps will be essential
Gartner defines artificial intelligence for IT operations (AIOps) as the combination of big data and machine learning to automate IT operations processes, including event correlation, anomaly detection, and causality determination.
Such automation is becoming essential to enable DevSecOps teams to manage cloud environments whose complexity is putting them beyond the capabilities of manual processes. AIOps can analyse data on activity in real-time, helping to prevent DevSecOps teams being overwhelmed by alert storms and providing precise answers that enable them to innovate more rapidly.
According to a Forbes article, AIOps is moving from marketing hype to a useful tool being adopted across the enterprise. It explains that the AI algorithms underpinning AIOps are becoming increasingly sophisticated. They enable AIOps tools to discover data relationships more rapidly, identify the root cause of IT issues in real-time and, in some cases, remediate them automatically.Such abilities are becoming essential to enable DevSecOps teams to test code while it is being developed and to identify new vulnerabilities during pre-production before code is deployed.
4. MLOps is no match for AIOps
Machine Learning Operations (MLOps) is a set of management practices designed to aid the effective and efficient deployment and maintenance of machine learning in production environments. It is often confused with AIOps but is quite different.
MLOps can only suggest a relationship between a problem and a possible solution. AIOps identifies problems precisely and provides actionable answers. MLOps systems must be trained to distinguish normal from abnormal behaviour. Data models must be verified, which requires time and effort from DevSecOps teams - time that could be spent on more strategic priorities.
In contrast, AIOps automates these tasks by combining AI algorithms with data analytics. It can accurately identify many common IT issues such as unexpected downtime or unauthorised data access and suggest appropriate remedies. These algorithms do not need to be trained, freeing IT teams from routine monitoring tasks and enabling them to focus on tasks that directly support business priorities and drive better outcomes.
Dynatrace vice president of A/NZ Hope Powers.
5. GitOps gains wide acceptance
GitOps is a set of practices for infrastructure management based on DevOps best practices for application development: version control, collaboration, compliance, CI/CD tooling. It is based on Git, an open-source tool developed for source code management in DevOps.In GitOps, Git becomes a single source of truth and a control mechanism to support dynamic creation, including updating and deleting system architecture specifications.
It automates and centralises the deployment and verification of infrastructure modifications via pull requests, giving teams greater control over their environment and enabling them to deliver better digital services faster.
6. The role of Kubernetes grows
Kubernetes, the open-source platform built to orchestrate the management, deployment, and scaling of microservices architectures, underpins all these aspects of DevSecOps and digital transformation.
Kubernetes enables a microservices-based application to be moved quickly and reliably between environments, for example, from a development to a production environment. It also makes application developers more productive. With microservices-based deployments supported by Kubernetes, multiple teams can simultaneously deal with different aspects of a project, accelerating development and identifying and fixing problems faster.
Kubernetes has been a game-changer for application development. It has enabled developers to better accommodate customer requirements, share resources across cloud platforms, and accelerate the building, testing and deployment of DevSecOps pipelines.
7. Serverless uptake soars
Serverless computing is a cloud-based, on-demand execution model where customers consume resources solely based on their usage by applications.It greatly appeals to developers wanting to build and scale out applications without worrying about the underlying infrastructure. The cloud service providers take care of this and supply the tools that enable app developers to create their applications in modules according to the cloud infrastructure they require. Serverless computing can also reduce costs and improve disaster recovery and resilience because the resources used are supported by the cloud providers inbuilt redundancy and availability features.
8. DevSecOps comes of age
Ultimately, companies undertaking digital transformation will struggle to succeed without DevSecOps.
However, to successfully exploit DevSecOps, development teams need platforms that streamline the entire software development lifecycle, facilitate cross-team collaboration and automate processes wherever possible.
See original here:
Eight top DevSecOps trends to support IT innovation in 2022 - IT Brief Australia
- STRACKALINE TO OFFER EXCLUSIVE FREE SOFTWARE ACCESS AT THE 2025 PGA SHOW (BOOTH 2808) - The Golf Wire - December 18th, 2024 [December 18th, 2024]
- The Pixel 6 just got a free software upgrade that makes it my favorite budget Android phone - ZDNet - December 12th, 2024 [December 12th, 2024]
- Google just gave older Pixel phones a free software upgrade that you once could only wish for - ZDNet - December 8th, 2024 [December 8th, 2024]
- Free AI-Powered Software for Radiology Impressions Available from Scriptor Software - Imaging Technology News - December 8th, 2024 [December 8th, 2024]
- Maryland State Bar Members Now Get Free Trust Accounting Software in Deal with Smokeball - LawSites - December 5th, 2024 [December 5th, 2024]
- 7 free and open-source tools that rival the best creative software - XDA Developers - December 5th, 2024 [December 5th, 2024]
- Google Drive Full? Gift Yourself More Digital Storage This Holiday Season - CNET - November 30th, 2024 [November 30th, 2024]
- Tired of controller lock-in? Mixxx is a free DJ alternative; 2.4.2 out now - Create Digital Music - November 28th, 2024 [November 28th, 2024]
- 5 of the best free software for data recovery on Windows - XDA Developers - November 23rd, 2024 [November 23rd, 2024]
- AAVAA Hands-Free Accessibility Devices Now Compatible with Apple Software - The Hearing Review - November 17th, 2024 [November 17th, 2024]
- The best graphic design software - Creative Bloq - November 16th, 2024 [November 16th, 2024]
- VMware makes Workstation and Fusion free for everyone - BleepingComputer - November 16th, 2024 [November 16th, 2024]
- Trimble Expands Access to Advanced Construction Project Management Capabilities with Free Version of ProjectSight Software - StreetInsider.com - November 16th, 2024 [November 16th, 2024]
- The best free video editing software: how to cut clips without the cost - Creative Bloq - November 8th, 2024 [November 8th, 2024]
- Best Free Invoice And Billing Software Of 2024 - Forbes - November 8th, 2024 [November 8th, 2024]
- Amazfit just dropped a massive free software update and these new features are coming to your smartwatch - Tom's Guide - November 5th, 2024 [November 5th, 2024]
- The Free Software Foundation Finally Has AI / Machine Learning Apps On Their Radar - Phoronix - October 24th, 2024 [October 24th, 2024]
- Intuit asked us to delete part of this Decoder episode - The Verge - October 24th, 2024 [October 24th, 2024]
- "100% Free" GNU Boot Discovers Again They Have Been Shipping Non-Free Code - Phoronix - October 24th, 2024 [October 24th, 2024]
- The best antivirus software in 2024 for PC - TechRadar - October 24th, 2024 [October 24th, 2024]
- Stunning software giveaway: Save over $500 on tools for video editing, password recovery, and more its all free! - BetaNews - October 18th, 2024 [October 18th, 2024]
- PSA: Windows 10 has entered its final year of free support here's what you need to know - Windows Central - October 18th, 2024 [October 18th, 2024]
- Best video editing software in 2024: free and paid-for tools - Amateur Photographer - October 18th, 2024 [October 18th, 2024]
- Samsung TVs free update to One UI is already happening here are the changes coming to TVs - TechRadar - October 18th, 2024 [October 18th, 2024]
- The best open-source productivity software: Free tools to boost your workflow - XDA Developers - October 9th, 2024 [October 9th, 2024]
- Best tax software of 2024: File fast and accurately, plus get your maximum refund - CNBC - October 7th, 2024 [October 7th, 2024]
- The IRS is expanding its free tax filing service. Do you qualify? - The Washington Post - October 4th, 2024 [October 4th, 2024]
- Explore Top Free Software Alternatives to Popular Paid Programs for Budget-Friendly Solutions - Gizbot - October 4th, 2024 [October 4th, 2024]
- The best free video players in 2024: watch videos in any format - TechRadar - October 4th, 2024 [October 4th, 2024]
- Ford unveils BlueCruise 1.4: hands-free driving time doubled with new software update - CBT Automotive News - October 3rd, 2024 [October 3rd, 2024]
- Free Photo Viewer for Windows - Free download and software reviews - Download.com - October 3rd, 2024 [October 3rd, 2024]
- Top 10 Cool Free Windows Software (You'll Really Want) - MSN - October 3rd, 2024 [October 3rd, 2024]
- Best free YouTube to MP3 converter of 2024 - TechRadar - October 3rd, 2024 [October 3rd, 2024]
- The best free alternatives for pricey software: Adios, Office and Adobe - PCWorld - September 28th, 2024 [September 28th, 2024]
- Best Free Accounting Software for Small Businesses (Sponsored content from Jerry) - Varsity Online - September 21st, 2024 [September 21st, 2024]
- WhatsApp for Windows - Free download and software reviews - Download.com - September 21st, 2024 [September 21st, 2024]
- FDA approves some Apple AirPods to be used as hearing aids - NPR - September 16th, 2024 [September 16th, 2024]
- Q-Free releases new flexible, modular, and scalable tolling software solution - Highways News - September 16th, 2024 [September 16th, 2024]
- Clark Center for Geospatial Analytics to offer free version of TerrSet/IDRISI software starting Dec. 2 - Geo Week News - September 3rd, 2024 [September 3rd, 2024]
- Best video editing apps of 2024: Top tools for Android, iPhone, and iPad - TechRadar - September 3rd, 2024 [September 3rd, 2024]
- Samsung extends free software upgrades to millions of Smart TV owners are YOU one of them? - GB News - September 3rd, 2024 [September 3rd, 2024]
- This open-source software can double the volume of Windows laptops. For free - The Indian Express - August 22nd, 2024 [August 22nd, 2024]
- European Commission cuts funding support for Free Software projects - European Digital Rights (EDRi) - August 22nd, 2024 [August 22nd, 2024]
- Hyundai partners with TCSO to combat car thefts with free software patch - KEYE TV CBS Austin - August 22nd, 2024 [August 22nd, 2024]
- Free and Discounted Software for University of Oklahoma Students - The University of Oklahoma - August 16th, 2024 [August 16th, 2024]
- GitHub is the Best Place for Free and Open Source Software - How-To Geek - August 16th, 2024 [August 16th, 2024]
- The Usual Suspects Xenia, a free Waldorf microwave II/XT emulation using the DSP56300 plugin - Synth Anatomy - August 16th, 2024 [August 16th, 2024]
- Best free Adobe Illustrator alternatives of 2024 - TechRadar - June 24th, 2024 [June 24th, 2024]
- This is how to view the long-established free software 'CrystalDiskInfo' that shows the health status and SMART ... - GIGAZINE - June 24th, 2024 [June 24th, 2024]
- The best antivirus software 2024: Free and paid options - Tom's Guide - June 20th, 2024 [June 20th, 2024]
- Best free text-to-speech software of 2024 - TechRadar - May 20th, 2024 [May 20th, 2024]
- Best free word processor of 2024 - TechRadar - May 20th, 2024 [May 20th, 2024]
- Best free antivirus in 2024 - TechRadar - May 20th, 2024 [May 20th, 2024]
- 'Open-Shell Menu' is an open source software that returns the Windows start menu to its previous appearance for free - GIGAZINE - May 20th, 2024 [May 20th, 2024]
- Avast Free Antivirus: Testing its features and learning about the six layers of protection - TechSpot - May 20th, 2024 [May 20th, 2024]
- The best Android antivirus apps in 2024 - Tom's Guide - May 3rd, 2024 [May 3rd, 2024]
- Best photo editing software in 2024 - Tom's Guide - May 3rd, 2024 [May 3rd, 2024]
- BYD recalls 16666 Seagull EVs in China due to software issue that may prevent reverse camera image from displaying - CnEVPost - May 3rd, 2024 [May 3rd, 2024]
- KIA installs free anti-theft software this weekend in St. Louis area - KSDK.com - April 28th, 2024 [April 28th, 2024]
- Best survey tool of 2024 - TechRadar - April 28th, 2024 [April 28th, 2024]
- Grand Rapids Police and Hyundai Offer Free Anti-Theft Software Upgrades Amid Vehicle Theft Wave - Hoodline - April 26th, 2024 [April 26th, 2024]
- Blueprint Software Systems Announces Free Trial for RPA Analytics Solution - PR Web - April 26th, 2024 [April 26th, 2024]
- Houston Police, Hyundai to host free anti-theft security event for vehicle owners - Houston Public Media - April 26th, 2024 [April 26th, 2024]
- Hyundai providing free anti-theft software installation this weekend at Greenspoint Mall - KHOU.com - April 20th, 2024 [April 20th, 2024]
- Ubuntu Studio in new LTS beta; still the easiest creative Linux distro - CDM Create Digital Music - Create Digital Music - April 20th, 2024 [April 20th, 2024]
- How to get free help with income tax prep, or free software | Business | postandcourier.com - The Post and Courier - February 23rd, 2024 [February 23rd, 2024]
- Best encryption software of 2024 - TechRadar - February 23rd, 2024 [February 23rd, 2024]
- The best free VPN in 2024 - TechRadar - February 23rd, 2024 [February 23rd, 2024]
- AI imaging software generates a gallery of stereotypes, says Univ. of ... - GeekWire - November 28th, 2023 [November 28th, 2023]
- Roku's free update that makes it easier to find new shows and ... - TechRadar - November 28th, 2023 [November 28th, 2023]
- How To Find Alternatives To ChatGPT Forbes Advisor UK - Forbes - November 28th, 2023 [November 28th, 2023]
- How To Find Alternatives To ChatGPT Forbes Advisor Australia - Forbes - November 28th, 2023 [November 28th, 2023]
- Assassin's Creed Syndicate is now free to keep on Ubisoft Connect - OC3D - November 28th, 2023 [November 28th, 2023]
- Google Confirms Its Schedule for Disabling Third-Party Cookies in ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Tata Consultancy Services Ordered To Cough Up $210 Million In ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Meta Knowingly Collected Data on Pre-Teens, Unredacted ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- US, Britain, Other Countries Ink Agreement To Make AI 'Secure by ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- Plex Users Fear New Feature Will Leak Porn Habits To Their ... - Slashdot - November 28th, 2023 [November 28th, 2023]
- This free software converts drone videos into 2D maps in minutes! - DroneDJ - November 14th, 2023 [November 14th, 2023]
- How 'Hour of Code' Will Teach Students About Issues with AI - Slashdot - November 14th, 2023 [November 14th, 2023]