Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Security and Shift Left Innovation
By Yoav Landman,
Co-Founder and CTO of JFrog
If
the year 2020 has taught us anything, it is that the unimaginable can be right
around the corner. Many people and organizations have shifted their mindset to
hope for the best but prepare for the worst. Today's software developers must
deal with the dual pressures of rapidly bringing software and software updates
to market while simultaneously ensuring the software is secure. In 2021,
companies must continue integrating security as an integral part of their
DevOps practices to keep the business stable and mitigate risk. In this
article, JFrog CTO Yoav Landman shares his thoughts on how security will impact
DevOps and software delivery going into the new year.
- Right
now, when companies put software into production, those versions of
software lose a lot of the security and scale they get during the
development pipeline. This largely happens because once applications reach
production they lose their connectivity to the CI/CD pipeline and to the
software supply chain and Bill of Material (BOM) that have created them.
This disconnect may happen as early as in the distribution to the edge
phase or when deploying and running the application in production. The
result is that keeping updates and distribution of applications under
control becomes very difficult, making organizations rely on homegrown
tools to solve this problem. We'll see more companies adopt solutions that
expand their software lifecycle management processes to edges and
production with an eye on improving security at scale at these endpoints.
- For
organizations in regulated industries, there is a big concern regarding
how to guarantee the security of the software delivery pipeline. These
enterprises expect full traceability and tamper-proof records that can
certify that a software version they have pushed to production is genuine
and can be linked back to the pipeline that has created it, including all
the different steps that happen in that pipeline. We're going to see more
blockchain-type security validation methods arising to enable software
providers to ensure the security and authenticity of the software delivery
and distribution pipeline.
- The
pandemic has forced enterprises to move much of their operations online. A
big part of this migration is the automation of cloud infrastructure setup
and updates. Right now, most of the solutions for securing the cloud setup
are "after the fact" kinds of solutions that alert you once your
cloud infrastructure has already exhibited a misconfiguration that can be
compromised. We're going to see the cybersecurity market for cloud
infrastructure mature to solutions that take a more proactive approach to
ensure secure cloud configuration before unsecured changes reach the real
cloud.
- Software
organizations are in a constant battle between delivery speed and delivery
quality. The faster they move, the greater the chances are they end
up with a lower-quality product. Most are in a race to do things fast and
also instill quality into the product. Security is one of the key aspects
of quality. Organizations using lots of third-party components in
applications must pay special care to security if they want to continue to
rely on 3rd-party dependencies for re-use and accelerated delivery, and
handle these in an automated way throughout the pipeline. We'll see more
companies implement security safeguards very early on in their development
process to combat this.
##
About the Author
Yoav,
Co-Founder and CTO of JFrog, created Artifactory after 7 years as a senior
consultant with AlphaCSP. He has held several senior technical roles with
Attunity, Verve and Sausage. Yoav holds a Master of Computing degree from RMIT
University and a BA in Law (LLB) from Haifa University.