Virtualization Technology News and Information
JFrog 2021 Predictions: Security and Shift Left Innovation

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Security and Shift Left Innovation

By Yoav Landman, Co-Founder and CTO of JFrog

If the year 2020 has taught us anything, it is that the unimaginable can be right around the corner. Many people and organizations have shifted their mindset to hope for the best but prepare for the worst. Today's software developers must deal with the dual pressures of rapidly bringing software and software updates to market while simultaneously ensuring the software is secure. In 2021, companies must continue integrating security as an integral part of their DevOps practices to keep the business stable and mitigate risk. In this article, JFrog CTO Yoav Landman shares his thoughts on how security will impact DevOps and software delivery going into the new year.

  1. Right now, when companies put software into production, those versions of software lose a lot of the security and scale they get during the development pipeline. This largely happens because once applications reach production they lose their connectivity to the CI/CD pipeline and to the software supply chain and Bill of Material (BOM) that have created them. This disconnect may happen as early as in the distribution to the edge phase or when deploying and running the application in production. The result is that keeping updates and distribution of applications under control becomes very difficult, making organizations rely on homegrown tools to solve this problem. We'll see more companies adopt solutions that expand their software lifecycle management processes to edges and production with an eye on improving security at scale at these endpoints.

  2. For organizations in regulated industries, there is a big concern regarding how to guarantee the security of the software delivery pipeline. These enterprises expect full traceability and tamper-proof records that can certify that a software version they have pushed to production is genuine and can be linked back to the pipeline that has created it, including all the different steps that happen in that pipeline. We're going to see more blockchain-type security validation methods arising to enable software providers to ensure the security and authenticity of the software delivery and distribution pipeline.

  3. The pandemic has forced enterprises to move much of their operations online. A big part of this migration is the automation of cloud infrastructure setup and updates. Right now, most of the solutions for securing the cloud setup are "after the fact" kinds of solutions that alert you once your cloud infrastructure has already exhibited a misconfiguration that can be compromised. We're going to see the cybersecurity market for cloud infrastructure mature to solutions that take a more proactive approach to ensure secure cloud configuration before unsecured changes reach the real cloud.

  4. Software organizations are in a constant battle between delivery speed and delivery quality. The faster they move, the greater the chances are they end up with a lower-quality product. Most are in a race to do things fast and also instill quality into the product. Security is one of the key aspects of quality. Organizations using lots of third-party components in applications must pay special care to security if they want to continue to rely on 3rd-party dependencies for re-use and accelerated delivery, and handle these in an automated way throughout the pipeline. We'll see more companies implement security safeguards very early on in their development process to combat this.


About the Author

Yoav Landman 

Yoav, Co-Founder and CTO of JFrog, created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.

Published Tuesday, January 12, 2021 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>