Predictions 2018: How DevOps, AI Will Impact Security

Enterprises are beginning to realize that cloud, artificial intelligence and DevOps are not a threat to security, but are in fact the best way to reduce risk. DevSecOps will become a hot new "thing."

DevSecOps

DevOps and agile development, new-generation processes and techniques that work hand in hand in developing, testing and distributing software of all types, have been in the IT business news continually for about the last half-dozen years.  And there are good reasons why.

We at eWEEK are constantly being pitched by thought leaders with new ideas about this relative sea change in the business, in addition to companies with new or improved tools that facilitate the automation that’s inherent in this segment.

For the record: DevOps (development + operations) emphasizes cooperation between developers and IT operations. The goal is to change and improve the relationship between software developers and operations by advocating better communication and collaboration between the two business units.

Where there are often difficult professional walls to scale within an enterprise, DevOps is breaking them down and enabling teamwork-type environments.

It's All About Speeding Up--and Securing--Development

Another goal—really, the main one—of agile environments is to get developers to move their applications from source code to production as quickly and painlessly as possible. This means breaking down silos and integrating core components for more simplified development using a contiguous pipeline approach. This is where microservices inside containers for fast/easy workload deployments have come into play, competing head on with older, more standardized hypervisor/virtual machine systems.

High-performance IT organizations using the DevOps approach deploy their services much more frequently and many times faster than average shops. They also have fewer failures and recover data much faster in disaster scenarios; all of this directly impacts an enterprise's profit margin. See this eWEEK slide show for more background.

The reviews and returns on DevOps have been so impactful that more and more companies are turning to this methodology to get development work done. The future of the approach continues to be bright.

Here are some perspectives from industry thought leaders on the state of DevOps in 2018.

Robert Reeves, co-founder and CTO of Datical: Artificial Intelligence will be the next big thing in DevOps.
“Artificial intelligence (AI) holds great promise for DevOps. As humans, we learn from trial-and-error and we share our tribal lore with less experienced members of our tribe. That is exactly the promise of AI and machine learning. We prize our database administrators (DBAs) with 20 years of experience because they have vast experience in what has (or has not) worked in the past and because they can see patterns in the issues they deal with daily. However, humans are limited in amount of data they can consume. Enter machine learning; if we are able to collect vast amounts of data on application change and its corresponding impact to our customers and systems, then it’s a known problem to identify patterns in that data. In turn, we can prevent bad behavior and encourage good behavior, all without having to wake up at 2 a.m. to respond to an on-call issue.”

Jeff Williams, CTO and founder of Contrast Security: Organizations will aggressively embrace cloud and DevSecOps.
“Leading enterprises have already realized that cloud and DevOps are not a threat to security, but the best way to reduce risk.  Since the threat is now continuous, companies will need continuous security to go along with continuous integration and continuous delivery. Organizations will prioritize instrumenting their entire stack and applications with best of breed security tools for real time visibility, protection, and control.”

Amit Ashbel, Director of Product Marketing and Cyber Security Evangelist, Checkmarx:  Here’s what’s next for DevOps.
“DevOps is still maturing, and while many organizations are shifting to DevOps, many are still in the process and not there yet. That said, the DevOps movement will continue to grow and increase its scope to cover additional aspects of the product’s lifecycle. For us specifically, the introduction of security into DevOps is most interesting. The challenge continues to revolve around fast processes and short cycles of security tests with very clear and accurate findings led by remediation that has to be handed in a silver spoon to the developers. While many in the security industry are trying to make DevOps adopt security, I believe that the security vendors should work harder on adapting security practices to DevOps environments which is exactly what Checkmarx have been doing for many years now.”

Hans Buwalda, Chief Technology Officer, LogiGear:  Trends are changing in DevOps and continuous testing. 
“The general attitude is shifting towards continuous integration being seen as ‘good for everybody’ while continuous delivery is being viewed more as a business decision.  There are communities sprouting up around DevOps tools. On the client side, LogiGear is seeing more requests for tool integrations with Docker.”

Mike Duensing, CTO of Skuid: DevOps will speed up even further.
“DevOps teams prioritize time to market, but they’re becoming increasingly overwhelmed by the number of tools available to achieve this goal. To optimally manage IT infrastructure and continuous integration processes, in 2018 we will see a rise in point-and-click interfaces to help DevOps configure systems in the simplest way possible.”

Dave Messina, CMO, Docker: CIOs will accelerate plans for digital transformation with containers and DevOps.
Although “digital transformation” has become somewhat of a buzzword as of late, enterprises certainly accept the idea behind it--and with a greater sense of urgency. According to Gartner, as many as two-thirds of business leaders are concerned that their companies aren’t moving fast enough on the digital transformation front, leading to potential competitive disadvantages. In 2018, CIOs will increasingly feel the pressure to speed up digitization efforts and will accelerate their journey through containers. As businesses build out and implement strategies around cloud migration, DevOps and microservices, containers will play an increasingly important role in achieving these initiatives.”

Tom Kemp, CEO of Centrify:Automation frameworks will make it easier for DevOps to adopt AWS securely.
“In 2018, security vendors will continue to embrace Amazon’s shared responsibility model for AWS, recognizing that scalable automation is essential to protect sensitive information in the cloud. This will result in the rise of DevOps, a fast-growing segment required for successful automation due to its ability to script, automate, scale and handle exceptions effectively. Increased, straight-forward automation will make it easier for DevOps to adopt AWS securely. In turn, baking security into the process will allow for further adoption of cloud-based services.

Manoj Nair, Product Director of HyperGrid: We will see a convergence of DevOps and DevSecOps.
“Breaches and attacks are only going to increase and viruses are getting more sophisticated. Application development is going to need to natively include specific safeguards and protections. Security tools that are layered into the infrastructure are still needed, they just aren’t going to be enough as more and more apps adopt the cloud model.”

Patrick O’Keeffe, ‎Executive Director, Software Engineering at Quest Software:

  • The DBA will take on a critical role in DevOps.
    “2017 was the year of DevOps, no question about it, and upstream development and continuous integration was the focus for many organizations. In 2018, we’ll see a focus on downstream testing, release and deployment and continuous delivery processes. Due to their complex nature and common data movement challenges, databases tend to pose major bottlenecks to DevOps teams and processes. The DBA will play an integral role in alleviating these challenges and play a critical role in how businesses move to enabling DevOps digital transformation.”
  • We’ll start hearing more about DataOps, too.
    “Where DevOps aligns developers and IT teams to accelerate software delivery and infrastructure changes, DataOps is all about streamlining the preparation of data so developers can leverage it during the application building process. While the application of DataOps processes and strategies are in its early stages–with Delphix playing a key role in raising awareness–we’ll start to hear this term used more and more among the database community in 2018.”

Dr. John Bates, CEO of Testplant:

  • DevOps will drive monitoring and testing to converge.  
  • Product owners will become part of the DevOps pipeline. “DevOps has been about ‘Dev’ and ‘Ops’, but in 2018 the business will be pulled directly into DevOps, especially product owners. This will enable the true continuous delivery envisaged.”
  • The first ‘Open Data’ communities will appear. “We’ve had open-source projects (theoretically independent people collaborating/contributing on a project) for 40 years. AI and deep-learning will now drive the creation of ‘open data’ communities where people share data repositories to help train algorithms.”
  • Return of the Chief Information Officer (is that what the ‘I’ stood for?). “As companies realize that their data (i.e. information) is their most valuable asset, but that it’s now fragmented across functions who have all deployed independent SaaS solutions, they will look to the CIO to bring their data together. So the CIO will once again be the center of information; whereas before it was about bringing systems together, now it’s going to be about data.”

Aruna Ravichandran, VP of DevOps Product and Solutions Marketing, CA: DevSecOps brings faster development without sacrificing security.
"We will continue to see end-users make a tighter connection between a company’s brand and the quality of its code, based on their experiences across a company’s applications. As a result, more organizations will look to integrate security across all phases of development and intensify their automated continuous testing efforts as they work to release higher quality code, faster. Additionally, businesses will look to increase their adoption of digital experience monitoring and analytics solutions to help them understand how users are using applications and apply enhancements that optimize experiences."

Robert Reeves, co-founder and CTO of Datical: Fewer and fewer companies will forget the database with DevOps.
“The database is the hardest part in the application stack to manage, so it just doesn’t make sense that it’s always the forgotten piece of the puzzle. IT teams have been so focused on time-to-market and getting development to push out applications at the speed of light, but still manually manage the change process of databases that contain massive amounts of information.

"The good news is that as more enterprises continue to modernize and adopt DevOps processes, it’ll become harder to ignore the database. This is because DevOps is a process, an algorithm. It’s not static and it can’t be done some of the time. The whole purpose is to change and evolve over time. DevOps is about identifying friction that is slowing down software releases. Sometimes, it’s the testing team setting up environments manually. It’s time to automate environment creation to solve not just this one problem, but all problems across the IT department. It’s time to stop having DBAs perform manual SQL script review prior to a release and start automating the review so that they can continue to innovate and bring strategic value to their organization.”

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 13 years and more than 4,000 articles at eWEEK, he...