Culture and leadership
Business leaders will increasingly value DevOps, showing that the work of the DevOps enterprise community matters to the people who matter.
One of the most amazing dynamics within the DevOps enterprise community is seeing business leaders co-presenting success stories with their technology leadership counterparts. For example, Ken Kennedy (executive vice president and president for Technology and Product at CSG) and Kimberly Johnson (chief operating officer at Fannie Mae) described the achievements of their technology leadership counterparts and why it was important to them. I expect this trend to continue, especially given how COVID-19 has accelerated the rate of digital disruption. I believe this bodes well for all of technology.
— Gene Kim, author and founder of IT Revolution
Hybrid product teams will become a pillar of customer value delivery.
With the rise of hybrid (remote/in-office) product teams, upskilling and online training initiatives will expand. As the pressure continues to rise to sell products and services through e-commerce sites, apps, or SaaS solutions, the lines between product and engineering teams will rapidly blur, giving rise to cross-functional, multidisciplinary teams that must learn and grow together. Each member will need to develop a wider combination of process skills, soft skills, automation skills, functional knowledge, and business knowledge, while maintaining deep competency in their focus areas. Product and engineering teams will be measured on customer value delivered, rather than just features or products created.
—Jayne Groll, CEO of the DevOps Institute and author of the 2020 Upskilling Report
Corporate culture will transform as business leaders shift their focus to systems thinking, to drive strategic investments.
Business leaders faced the dilemma of knowing they need to improve time-to-market in order to remain competitive while on a limited budget. Millions of dollars have been spent on digital transformation, which (at best) has yielded local optimizations but not systemic business outcomes. This will drive a focus on applying systems thinking to first identify where and what types of investments will result in delivering desired business outcomes and then scaling these concepts across the organization.
—Carmen DeArdo, senior value stream management strategist, Tasktop Technologies
CISOs will embrace DevSecOps methodologies.
Cloud-native security will rise higher on the agenda for CISOs as their organizations embrace Kubernetes, serverless, and other cloud-native technologies. It’s a significant cultural shift to embed security within DevOps practices, but it’s necessary: Businesses are moving to the cloud so they can deliver new features quickly and at high frequency, and security teams need to embrace new tools and processes to ensure that these deployments are safe as well as fast.
—Liz Rice, vice president, open-source engineering, Aqua Security
Application security will no longer be an afterthought.
As more teams adopt the nimble iteration of DevOps, they won’t have time for a lengthy security testing cycle. That’s why 2021 will be the year when we officially bury the separate, after-the-fact model of software application security.
As 2021 progresses, more application teams will take full responsibility for their own security, with appropriate support from the security team. As responsibility and budgets shift, application teams will increasingly adopt a DevSecOps process, in which they fully leverage automation to maximize velocity, and develop a culture of continuous improvement that allows each team to tune and optimize its processes.
—Jonathan Knudsen, senior security strategist, Synopsys
More developers will move to application security’s front lines.
As developers continue to migrate to the front lines of application security, more development teams will achieve measurably better security and productivity outcomes. By 2024, 40% of development teams will make it into the high-performer category, up from 25% today, demonstrating both high-velocity releases and strong security outcomes. The bad news is that adversaries will continue to outpace them when it comes to finding successful exploit paths to new vulnerabilities.
—Derek Weeks, vice president and DevOps advocate at Sonatype, and co-founder of the All Day DevOps conference
DevOps teams will see the value of threat modeling through security partnerships.
Application and software security professionals have known about the value proposition of threat modeling for a decade. In 2021, we’ll see developers embracing threat modeling as security continues to cement existing partnerships and teaches developers to build threat models. DevOps is all about collaboration, and 2021 is the year for the security teams in big and small organizations to break down walls and change the security culture at scale.
—Chris Romeo, CEO, principal consultant, and co-founder of Security Journey
The acceleration of cloud adoption during the pandemic will shift the software security landscape dramatically.
While DevOps represents a clear evolution in the way that software is built, delivered, and operated, the architecture, composition, and very definition of applications will continue to change rapidly, leading to a rethink of software security approaches. These dual pressures of delivery velocity and cloud transformation will have a big impact on software security.
To get ahead of cloud transformation, software security will evolve into a risk-based vulnerability management service that seeks to automate and orchestrate security services as part of the software build-and-delivery pipeline. Security teams will arm developers with “point of capture” tools and coaching to eliminate vulnerabilities during development and provide policy guardrails for enabling speed. Throughout the pipeline, orchestrated security services will automatically reinforce the policy guardrails and enable risk-based vulnerability management for overburdened, under-resourced security teams that are challenged to get in front of cloud adoption. This will result in an increased demand for API security, cloud application security, application security orchestration services, and consolidated, risk-based vulnerability management approaches to software risk reduction.
—Jason Schmitt, general manager of the Synopsys Software Integrity Group
Cybersecurity will move out of the dark ages as intelligent cybersecurity emerges.
For years, both DevOps and security teams have struggled to implement security across ever-changing and complex environments. Today’s reactive approach to cybersecurity, with agent-based scanning and manual orchestration tools, ha
s led to endless vulnerabilities. But in 2021, reactive security approaches will become a distant memory, part of an era that will come to be known as the “cybersecurity dark ages.” Cybersecurity in this new era will rely on intelligent machine-generated code that builds security, compliance and infrastructure in minutes.
DevOps and security teams will use intelligence-based code solutions to automatically build secure infrastructure, replacing manual attempts to fix vulnerabilities. Teams won’t have to spend limited financial and personnel resources building secure infrastructures. Rather, the trend will use artificial intelligence and machine learning to build secure infrastructure.
—Lisa Azevedo, founder and CEO of Containn
Analytics and automation
Predictive DevOps will be the next transformation that will deliver business value.
This is about using AIOps techniques across the delivery chain to be more efficient in delivering continuous value improvements for the business. To achieve true value, DevOps teams will pivot toward monitoring the business instead of monitoring the application or infrastructure. As a consequence, many dev and ops organizations will realize that they do not have the right skill set to understand what really matters to the business—and the concept of BizDevOps will be born. Business people will become part of the team that delivers digital instead of being a consumer of digital.
—Lars Rossen, chief technology officer, Micro Focus
Autonomous DevOps automation will become the new normal.
DevOps will rely on more advanced and autonomous techniques to generate automated outputs across various stages and activities…
Read More:The future of DevOps: 21 predictions for 2021 | TechBeacon