DevOps, DevSecOps Predictions for 2022
Low-Code/No-Code Solutions Will Receive a Wakeup Call
Low-code and no-code programming tools have gained popularity because they allow everyday business users with little or no coding experience to create apps that meet their needs. But one thing that’s often overlooked when discussing these tools is security — if a vulnerability shows up in one piece of code, that vulnerability will be present each time that code is deployed. Similar to when serverless applications were on the rise and people didn't know how to securely deploy them, I predict there will be a similar learning curve with low-code and no-code solutions.
CISOs Will Continue to Take Control of Their Software Supply Chain
As we've witnessed over the past year-plus, deteriorations of the software supply chain can quickly impact profitability due to increased costs. In 2022, open-source supply chain security will take hold as organizations rally around new ways to share and consumer knowledge in a digestible way. The idea is to democratize security testing and information, which requires more collaboration and communication. In this vein, JFrog and others are working to establish a “ranking” for security packages and tools to help foster this democratization process.
In addition, CISOs will increasingly leverage tools that create a full chain of custody for software releases and automate the discovery and visibility of security issues along the software supply chain. Tools that reduce friction during the software release process keep systems running properly and, more importantly, ensure end-users are happy.
The Metaverse Will Further Support Hybrid Work Models
The global pandemic accelerated work-from-home models out of necessity, and nearly two years later, organizations are realizing that remote and hybrid work models are actually good for business. As talk about metaverses rises, there is an opportunity to establish one for the DevOps community, essentially a free and open exchange of information such as software package ratings and the democratization of current security practices. This domain is currently immature, but I expect the industry will soon begin to shift in this direction to improve collaboration as remote work remains prominent.
Remote work isn’t going away — more and more companies will turn to global workforces as they realize that local workers aren't always enough. Working remotely is, in fact, a new reality, and savvy businesses are capitalizing by attracting top talent in markets where they haven't previously had a presence -- and this trend will continue.
The Impact of AI/ML/IoT on DevOps
Kubernetes and other technologies have already made huge strides towards bringing intelligent software development to the end users, which is to everyone’s advantage, however, the amount of software we need to create and maintain is growing faster than the number of developers we have in the market. Thus, the only way to keep pace with the demand for updating the high-quality software running the planet is to employ the help of machines – or artificial intelligence. While we won’t necessarily have robots developing code, you will see more AI/ML/NLP baked into the tools employed to help do the work of a developer faster, safer, and more efficiently, which are beneficial for scaling. AI is already helping us accelerate the process by helping us automate the tuning, management, and monitoring of the code and systems to sure they’re secure and up to date, but we need a complete, intelligent platform to take it to the next level.
DevSecOps Will Merge with App Development
In 2022 we’ll continue to see the push towards the integration of DevSecOps with product and enterprise application development. This will be driven by developers who recognize critical security issues, and in order to address those issues, they’ll need to have the right tools. In today's modern world, just about every organization needs security tools to flag vulnerabilities with prescriptive steps to solve them. Security threats will continue to be a serious risk, not only within software development but also in enterprise infrastructure. Defining the role of people and processes versus technology alone will help to enable more far-reaching collaboration.