Predictions 2018: How DevOps, AI Will Impact Security

Source – eweek.com

DevOps and agile development, new-generation processes and techniques that work hand in hand in developing, testing and distributing software of all types, have been in the IT business news continually for about the last half-dozen years. And there are good reasons why.

We at eWEEK are constantly being pitched by thought leaders with new ideas about this relative sea change in the business, in addition to companies with new or improved tools that facilitate the automation that’s inherent in this segment.

For the record: DevOps (development + operations) emphasizes cooperation between developers and IT operations. The goal is to change and improve the relationship between software developers and operations by advocating better communication and collaboration between the two business units.

Where there are often difficult professional walls to scale within an enterprise, DevOps is breaking them down and enabling teamwork-type environments.

It’s All About Speeding Up–and Securing–Development

Another goal—really, the main one—of agile environments is to get developers to move their applications from source code to production as quickly and painlessly as possible. This means breaking down silos and integrating core components for more simplified development using a contiguous pipeline approach. This is where microservices inside containers for fast/easy workload deployments have come into play, competing head on with older, more standardized hypervisor/virtual machine systems.

High-performance IT organizations using the DevOps approach deploy their services much more frequently and many times faster than average shops. They also have fewer failures and recover data much faster in disaster scenarios; all of this directly impacts an enterprise’s profit margin.

The reviews and returns on DevOps have been so impactful that more and more companies are turning to this methodology to get development work done. The future of the approach continues to be bright.

Here are some perspectives from industry thought leaders on the state of DevOps in 2018.

“In 2018, security vendors will continue to embrace Amazon’s shared responsibility model for AWS, recognizing that scalable automation is essential to protect sensitive information in the cloud. This will result in the rise of DevOps, a fast-growing segment required for successful automation due to its ability to script, automate, scale and handle exceptions effectively. Increased, straight-forward automation will make it easier for DevOps to adopt AWS securely. In turn, baking security into the process will allow for further adoption of cloud-based services.

Manoj Nair, Product Director of HyperGrid: We will see a convergence of DevOps and DevSecOps.
“Breaches and attacks are only going to increase and viruses are getting more sophisticated. Application development is going to need to natively include specific safeguards and protections. Security tools that are layered into the infrastructure are still needed, they just aren’t going to be enough as more and more apps adopt the cloud model.”

Patrick O’Keeffe, ‎Executive Director, Software Engineering at Quest Software:

The DBA will take on a critical role in DevOps.
“2017 was the year of DevOps, no question about it, and upstream development and continuous integration was the focus for many organizations. In 2018, we’ll see a focus on downstream testing, release and deployment and continuous delivery processes. Due to their complex nature and common data movement challenges, databases tend to pose major bottlenecks to DevOps teams and processes. The DBA will play an integral role in alleviating these challenges and play a critical role in how businesses move to enabling DevOps digital transformation.”
We’ll start hearing more about DataOps, too.
“Where DevOps aligns developers and IT teams to accelerate software delivery and infrastructure changes, DataOps is all about streamlining the preparation of data so developers can leverage it during the application building process. While the application of DataOps processes and strategies are in its early stages–with Delphix playing a key role in raising awareness–we’ll start to hear this term used more and more among the database community in 2018.”
Dr. John Bates, CEO of Testplant:

DevOps will drive monitoring and testing to converge.
Product owners will become part of the DevOps pipeline. “DevOps has been about ‘Dev’ and ‘Ops’, but in 2018 the business will be pulled directly into DevOps, especially product owners. This will enable the true continuous delivery envisaged.”
The first ‘Open Data’ communities will appear. “We’ve had open-source projects (theoretically independent people collaborating/contributing on a project) for 40 years. AI and deep-learning will now drive the creation of ‘open data’ communities where people share data repositories to help train algorithms.”
Return of the Chief Information Officer (is that what the ‘I’ stood for?). “As companies realize that their data (i.e. information) is their most valuable asset, but that it’s now fragmented across functions who have all deployed independent SaaS solutions, they will look to the CIO to bring their data together. So the CIO will once again be the center of information; whereas before it was about bringing systems together, now it’s going to be about data.”
Aruna Ravichandran, VP of DevOps Product and Solutions Marketing, CA: DevSecOps brings faster development without sacrificing security.
“We will continue to see end-users make a tighter connection between a company’s brand and the quality of its code, based on their experiences across a company’s applications. As a result, more organizations will look to integrate security across all phases of development and intensify their automated continuous testing efforts as they work to release higher quality code, faster. Additionally, businesses will look to increase their adoption of digital experience monitoring and analytics solutions to help them understand how users are using applications and apply enhancements that optimize experiences.”

Robert Reeves, co-founder and CTO of Datical: Fewer and fewer companies will forget the database with DevOps.
“The database is the hardest part in the application stack to manage, so it just doesn’t make sense that it’s always the forgotten piece of the puzzle. IT teams have been so focused on time-to-market and getting development to push out applications at the speed of light, but still manually manage the change process of databases that contain massive amounts of information.

“The good news is that as more enterprises continue to modernize and adopt DevOps processes, it’ll become harder to ignore the database. This is because DevOps is a process, an algorithm. It’s not static and it can’t be done some of the time. The whole purpose is to change and evolve over time. DevOps is about identifying friction that is slowing down software releases. Sometimes, it’s the testing team setting up environments manually. It’s time to automate environment creation to solve not just this one problem, but all problems across the IT department. It’s time to stop having DBAs perform manual SQL script review prior to a release and start automating the review so that they can continue to innovate and bring strategic value to their organization.”