16 Predictions for DevSecOps for 2022 from Silicon Mountain
16 Predictions for DevSecOps for 2022 from Silicon Mountain
The start of the year seemed like a great opportunity for us to all pull out our crystal balls and predict what we think is going to happen as the year unfolds. We queried the employees at Silicon Mountain to get their best predictions for DevSecOps in 2022. Here’s what they had to say:
1. Cara: I see this year as one of great growth opportunities for businesses embracing agile-minded methodologies, either as a result of needing faster turnaround times, or managing the many challenges brought on by the pandemic. The communication gaps exposed as interdependencies increase will challenge the status quo presenting an exciting opportunity for individuals to lean in and be a part of their company’s cultural change.
2. Lisa: 2022 is the year DevSecOps gets even bigger… and not necessarily for the better. If I had a nickel for every company that jumps on the DevSecOps bandwagon in 2022, I probably wouldn’t need to do DevSecOps anymore. The marketing and media hype around DevSecOps is going to make it hard to discern the real players from the hype artists.
3. Ben: I predict massive growth in DevSecOps, and not always sustainable growth. Teams that don’t put forth the proper time and effort into each–Development, Security, Operations–will be doomed to fail. I’m particularly concerned about the security side of things. Lots of ubiquitous software and services can get taken for granted, and people become complacent. Furthermore, single points of failure are not limited to hosting providers. At the end of 2021, we already saw that something as simple as a logging library can have undiscovered vulnerabilities just waiting to be exploited. What other libraries, solutions, or services are the industry relying on, intentionally or not? I guess we’ll find out.
4. Ryan: Yeah…who would have guessed that my predictions line up with a sci-fi movie fairly well? In 2022, there will be rapid expansion of automation before the CICD( Continuous Integration Continuous Deployment ) pipeline. Yes, I am predicting that we will have new computer overlords. I think computers might generate the majority of new code in the very near future! While in most sci-fi films machines writing their own code is viewed through a cautionary lens, it’s not always a bad thing.
IDEs (Integrated Development Environments) have been improving their auto complete features, applications like Microsoft and OpenAI’s GPT-3 and github’s CoPilot can currently generate code that looks like it was made by a human for humans. Heck, the application GPT-3 can be trained to even answer questions about why it picked that particular code snippet. How does this tie into DevSecOps? We could train our AI code co-pilots via machine learning to present only solutions to Devs that already meet the requirements of Security and Operations. The machine could learn what libraries are safe enough for Sec, and what standards work for the Linter and Opts. Heck, in a TDD ( Test Driven Development ) situation, the human can write the unit and integration tests, then let the AI offer suggestions for solutions in real time, leaving the dev to pick from nice, curated solutions, which they can adjust and implement. This benefits all three parts of DevSecOps. With a little care and planning, I think we can avoid 2023 starting off with either Deep Thought or Skynet. Ryan: The Sequel: Way more pie in the sky, and way way more out of my personal wheelhouse, but I think all brand new shiny research into vaccinations could pay off with some sort of new techs that help fend off some of the more regular problem illnesses. I have heard chatter about a possible universal vaccine for three common rapidly mutating viruses. That would be awesome, and as I have no understanding of biology and medicine. I will just kind of believe really hard that that is how things are gonna turn out.
5. Daniel: This year we will continue the trend of scaling back interconnectivity, especially in larger companies and teams. We all know how valuable it can be to have knowledge of what your coworkers are doing, but at a certain point there are diminishing returns. We have seen a decrease in the prevalence of all employee standups and meetings, and I believe that trend continues in 2022.
6. Dave: The pressure on DevSecOps will be intense in 2022. Numerous zero-day exploits will be found in a number of ubiquitous code libraries and will require constant remediation (think Log4J2, only worse). We will see several high-profile service outages that will impact critical industries and service sectors for more than 24 hours at a time. Don’t be surprised when your refrigerator starts randomly ordering items from Costco/Amazon/Ebay/Etsy. On the lighter side, mankind will revisit the moon again. As a result, artifacts from the Apollo missions will mysteriously and briefly appear for sale on Ebay.
7. Billy: I think DevSecOps will start becoming the default rather than a standard DevOps focus as companies increasingly rely on the cloud for infrastructure. With cyber threats becoming increasingly more sophisticated both domestically and internationally, companies will need to take a security oriented approach towards their infrastructure or risk being the next international headline for a data breach, ransomware attack or Document Leak.
8. Mike: I am a hopeful person. In 2022, my hope is that the government identifies a better path to funding innovation activities. There are standardized budget programs that are 2–3 years out in advance (sometimes more with 10 year contractual commitments). That process benefits incumbents, who are often large, established government consulting firms. Buying something 13 years in advance, even services over 13 years, does not create enough urgency and risk for innovation to thrive. Perhaps a set-aside fund for innovation, perhaps programs that are funded solely to focus on small business partnerships, there are many ways to approach this problem. I am hopeful we have the right leaders to implement a change in acquisition planning and budgeting.
Our commercial partners will feel a similar drive for innovation and start seeking out small business partners to support those efforts leveraging DevSecOps services from nimble companies. Medium to large commercial businesses that have recently centralized tech services will be starving for rapid delivery to respond to the business needs of the field operations. Organizations where staffing was impacted by Covid will be seeking good advice on how to be more effective. I am hopeful that the business units are empowered to invest in innovation activities and objective discovery.
9. Alain: With even more services moving from company-managed servers to the Cloud infrastructure (whether public, private or hybrid Cloud), it will become more and more important to move from a “simple” DevOps approach to DevSecOps, which includes Security components everywhere in the Cloud infrastructure and deployed services. This will attract a lot of companies new to the business and it will be imperative to have a trusted and experienced guide to help make informed decisions (and not just follow hyped marketing buzzwords) to keep access, services and data secure.
10. Chris S: Web3.0 is growing due to the rise in NFTs, allowing read, write, AND validation built into web traffic instead of the old model, where verifying if a website is legit is basically impossible to the average user. The other major impact of NFTs is that content creators no longer have to deal with a middleman when it comes to selling content to the masses. Instead of dealing with Spotify/Apple, sell your music as an NFT. Stock photo creator? NFT. Video Game? Movie? Book? All could be sold under NFTs, cutting out retailers and allowing the resale of items with complex licenses while the creators always take a cut of each exchange. Gamestop (GME) currently has built an NFT platform for creators to join. Loopring, a rumored partner of GME, is currently working on a layer two for ethereum to drop the fees to basically nothing.
11. Tim: While there will be some movement for many organizations from DevOps to DevSecOps, it will likely be business as usual for most other organizations. This will include the usual scrambling to patch vulnerabilities in not only custom-built software, but in widely used open-source libraries as well. Exploits of these vulnerabilities will only increase in volume, and become ever more costly. This will serve to drive many organizations to see an ever-increasing need to integrate a security-based approach into their traditional DevOps methodology. Security can no longer be an after-thought.
12. Eric: We’re probably going to either see some of the newer toys that people have been playing with, NFT’s especially, either end up getting some level of regulation or unification or just end up self-destructing. The wild west period of the NFT’s is currently in full swing, but we’re already seeing tools that exist to inform content creators when their content is being used as an NFT, usually without their input or any recompense. Of course, once things start getting bolted down, we’ll probably see some other new toy that everyone will be enamored with for a year or two that will be ruthlessly exploited, repeating the process all over again.
Also, more people are getting pissed about bots buying up everything on major retailer sites and there being absolutely nothing done to successfully stop them. But I think that’ll be a safe prediction for the next couple decades.
13. Shashank: I just googled the term DevSecOps, and I came across a couple of articles that were questioning the existence of DevSecOps, and stating that there was an uphill task in-front of it to become a success. However,I feel there was a similar buzz when DevOps came into existence, but we all can see the benefits, and the success it has seen in recent years. My prediction is that DevSecOps will be opted by far more companies this year; especially with the increasing popularity of Web 3.0 and Cryptos, and since most of the companies have been opting for cloud/remotely managed servers and infrastructure. As a result, Security will have to be taken into consideration along-side the architecture, rather than at a later stage, as it was the case till now.
14. Josh: There will be continued increased interest in developing blockchain, specifically NFT, from an increasing number of independent and established companies. There will be a wide variety of success with most failing and none will gain a dominant market share. There will be no government legislation within the next year targeting the technology. It will continue to be entirely chaotic and have no value beyond. Companies will continue pushing into moving many of their operations remote and look to improve and develop their own infrastructure to securely provide information to their employees. There will be an expansion among companies providing services to improve remote work conditions and training.
15. Ilina: Streamlining business and delivery processes and operations, using value stream models, will further enhance existing agile or DevOps processes to promote greater efficiency. And while commercial development efforts will continue to shift toward any of the methodologies based on continuous improvement, there will still be companies that will continue to demand fixed-price and fixed-term projects.
16. Evan: Data Science will split further into back-end developers/data engineers and non-coding analysts, fueled by the expansion of point & click business intelligence softwares into previously coding-heavy domains such as databases and machine learning, ie. Alteryx, Looker, Tableau, etc.
As you can see, even within our ranks, we have some broad ideas about where DevSecOps will go in 2022–and some questions about what will happen with some other digital trends, like those pesky NFTs! Maybe this time next year, we’ll revisit our predictions and rank our own accuracy!
