1. Comment
July 6, 2022

DevSecOps: Why is it still stalled?

Despite the fact that security has become companies’ most grave concern when it comes to digital transformations, cultural barriers and technical complexities have kept operations teams from implementing a new DevSecOps model. DevSecOps is a movement towards collaboration between previously ordained silos of IT teams—security, operations, and app development, still stymied by clashing cultures, but increasingly supported by solutions enabled through application security, AI, automation, modern monitoring/observability, and service mesh.

Advanced microservices-based application architectures may be a blessing to companies achieving continuous delivery of modern applications as part of digitization efforts, but they’ve also become vulnerable to aggressive cyberattacks, such as the high-profile Log4j exploit. Combine this trend with significantly increased use of unmanaged APIs as part of application modernization initiatives, and the need for application-level security becomes even more critical.

Efforts to spin off new app architectures, including Kubernetes clusters, require configurations between networking, security, and provisioning of computing. This need involves the developer as part of a shift left and GitOps movement taking place over the past 18 months, spurred by the need to automate continuous delivery and operations of apps and infrastructure.

DevSecOps tools

While the effort among technology providers has been slow, several new tools and platforms are beginning to emerge among start-ups, traditional platform providers, and even traditional infrastructure providers. Key findings by GlobalData reveal:

  • The industry has responded to the need for DevSecOps via numerous tools aimed at infrastructure modernization and increased focus on security, including Weaveworks, Drata, Jetstack, Red Hat OpenShift Platform Plus, and Checkmarx, among others.
  • Observability goes hand in glove with security, and emerging solutions including Red Hat Insights/Ansible, Oracle Cloud Observability and Management, and IBM Observability by Instana.
  • Service Mesh is proving to be an important component of DevSecOps for its ability to help developers bypass cumbersome coding associated with infrastructure integration (e.g., security, monitoring). Emerging solutions include Oracle Cloud Infrastructure Service Mesh and Cisco Calisti.

Over the next year, the industry will witness highly differing approaches to DevSecOps stemming from this range of participants which includes platform and cloud providers, app and API security and observability pure-plays, and traditional infrastructure giants.