Virtualization Technology News and Information
Saltworks 2022 Predictions: AppSec Earns Its Spot as Essential IT Investment Priority in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

AppSec Earns Its Spot as Essential IT Investment Priority in 2022

By Dennis Hurst, founder and president of Saltworks

If 2021 was the year DevOps finally got into the "integrating security" game and started weaving a security mindset into software development, 2022 is poised to deliver the total infusion of DevSecOps as enterprise development standards continue to evolve right alongside digital transformation initiatives within organizations. 

Progressive CSOs and CTOs know that if a team isn't able to properly manage DevSecOps and view AppDev as a comprehensive cycle from design to production to retirement, many of the value-driving aspects of enterprise IT will be lost. In the year ahead, the rest of the C-suite will be holding them all accountable for how well security is integrated into the mix, how it demonstrates return on investment (such as the impact of reducing the cost per bug factor to the smallest ratio), and how adherence to AppSec requirements align with performance and productivity (of products and human resources). 

Saltworks customers and partners consistently say that the ability to measure both the security and maturity of applications from a security perspective will also be the C-Suite's responsibility. And, given evolving privacy laws, executives face tremendous pressure to drive the requirement for real-time KPIs around application security.

Where AppSec has an immediate, visible impact

The State of DevOps Report from Puppet (2021) found that many organizations in the middle stages of a DevOps evolution have plateaued. When you're "in the weeds" of the "shift left," it can be challenging to stay on track.

While smaller, more nimble teams have been able to pivot faster toward DevSecOps excellence than complex large-scale development groups, consistency, commitment and collaboration around a security-focused ideology can make or break an AppDev shop (regardless of size or geolocation). This will be especially true given the continued proliferation of open source and varying development environments. Migrating to a hybrid, cloud-based or other scenario requires AppDev teams to concentrate even more on security as part of the effort to incorporate controls from ideation to launch to reduce downtime, increase scalability and accelerate time to market.

The landscape will continuously evolve for AppSec, demanding that AppDev keep pace so DevSecOps truly becomes a defacto standard. Application Security as a concept is so effective that it will broaden into other areas, too. As apps are delivered as containers and more of the aspects that traditionally were "operational security" become part of the container, the role of AppSec will expand. Containerization makes the move to cloud, hybrid and other environments faster, easier and safer. It also improves software delivery speed, platform independence, resource utilization and process reliability to allow for quick adjustments to new business expectations and ongoing market demand.

Couple all of that with a renewed focus on data security and it's no wonder AppSec is leading the charge for enterprise software teams to minimize application vulnerabilities. AppDev teams that increase security data integration and centralized dashboarding for better enterprise AppSec management are sure to have a competitive advantage in 2022 and beyond.




Dennis Hurst, founder and president of Saltworks, has been at the forefront of application security and software development for more than 30 years. Extensive managerial experience across all aspects of the software development lifecycle – DevOps, testing, QA, product strategy, IT operations, etc. – has made Hurst a trusted advisor of application security programs for Fortune 500 companies across every industry.

As a founding member of the Cloud Security Alliance, Hurst co-authored the first two versions of its Application Security guidelines and is an advocate for the Open Web Application Security Project. A sought-after industry speaker, he provides best practice and industry insight to the media, research and analyst communities. Hurst remains committed to partnering with organizations to build world-class application security programs that support the rapid pace of enterprise software development.

Published Monday, January 24, 2022 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>