IDG Contributor Network: 3 predictions for devsecops in 2018


Tech predictions: Love them or hate them, they are a time-honored tradition, one that provides the opportunity to reflect on the year passed and prepare for the year ahead. 2017 was a good year for devsecops—this year it evolved from a semi-obscure concept to a viable enterprise function. 

That evolution was fueled in great part by the rapid expansion of the container and container markets, which are inherently intertwined with devops and devsecops. Generally speaking, rapid growth and innovation tend to make predictions more of an art than a science, but I’m still willing to give it a shot.

With more than 12 billion image pulls from the Docker Hub and a maturing container ecosystem, we are barely seeing the tip of the iceberg as far as devsecops in the enterprise is concerned. However, I believe that in 2018 that’s what we’ll be seeing: the start of foundational change. Here’s what I think it will look like:

1. Corporate leaders and IT stakeholders realize devsecops is improving devops, not hindering it

Devops is the coming together the development and operations teams, so it should come as no surprise that it promotes a collaborative culture. In an era where megabreaches are the norm, adding security into the mix might sound like a no-brainer, but for years, security has been an afterthought, which resulted in a corporate culture that placed security teams at odds with other IT groups, including the development team.

 because they are the ones who are accountable for the organization’s security and risk posture and get fired or forced out when a security incident occurs (, anyone?).

In 2018, security teams need to step up and show devops teams the value and skills they bring to the table. The notion of baking security into the fabric of IT instead of bolting it on after the fact has been cyber security nirvana for as long as I can remember. Now we have a window of opportunity to make that happen.

3. Security teams still will be slow to adapt to the devops reality

The devops folks I talk to understand that security matters. In the past, corporate security teams often operated within a culture that did not value or understand the need for security. No wonder today’s cyberbusiness landscape is one in which most companies are (relatively) easily breached. 

But culture changes. These days, it’s well understood that strong security consists of more than a perimeter firewall. As relieved as many security professionals may be to see this shift finally occur, they may not be as flexible as devops teams might expect. And when it comes to containers (and appsec in general), even the most talented and high performing security pros will face a learning curve. Not to mention that the cybersecurity skills shortage has been . 

. Integrating and automating security into the application delivery process is way more efficient and cost-effective than backtracking to fix security flaws that could have easily been avoided if they were addressed before the applications were deployed. Security professionals have a lot to gain by remaining open to change and to applying their talents in new ways. 

I’m hopeful this story will have a happy ending. Onwards to 2018—happy holidays!

This article is published as part of the IDG Contributor Network.