Virtualization Technology News and Information
GitLab 2022 Predictions: The Accelerated Need for DevSecOps in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

The Accelerated Need for DevSecOps in 2022

By Johnathan Hunt, Vice President of Security, GitLab Inc.

In 2022, businesses will continue to integrate security more tightly into DevOps and create DevSecOps teams to reduce risk, speed deployment, and gain a competitive advantage. The DevSecOps practice will continue to increase as more organizations understand the efficiencies and improved security of this strategy. Further, those that are currently leveraging DevSecOps as part of their development practice are realizing the benefits with fewer vulnerabilities, faster deployments, less time spent in corrective actions, and an overall reduction of risk. Ultimately, this will provide companies with a differentiated approach, leading to competitive advantages in their space. DevSecOps is important to prioritize due to the increased threat landscape that remote work models introduce. It is imperative that companies focus on transformative ways to protect their product and data to effectively manage their overall risk posture. DevSecOps is a proven strategy that reduces risk and security incidents, while allowing faster and more secure code deployments.

As companies continue to adapt to remote work models and digital transformations, DevSecOps should be at the forefront. Many companies are still sewing together their remote, hybrid or in-person work plans. Pre-pandemic, security issues were confined within the bonds of an office security network. There was no need to worry about the external use of company systems outside of the designated office space. Now, with employees transitioning to various work environments, security needs to be integrated across all company grounds to ensure complete protection. This is where a strong and streamlined DevOps platform comes into play, specifically on the security front. DevSecOps integrates infrastructure and application security into the development processes. When security issues are addressed as they emerge, it allows for an easier fix and a seamless process for organizations.

Two of the biggest buzzwords of 2021 will take divergent paths next year: Kubernetes will play a fundamental role in DevSecOps, while zero trust will see only moderate gains. DevOps users have come to realize the benefits of operating security controls natively within Kubernetes, rather than separate tools and separate teams adding steps to the process. This is a fundamental component to furthering the DevSecOps story. Additionally, the Kubernetes platform is continuing to evolve and adapt to the need for greater control and automation within reach of DevOps users leading to the natural and highly advantageous shift left strategy. As DevOps users progress in their journey, most have come to realize the benefits of operating security controls natively within Kubernetes, rather than separate tools and separate teams adding steps to the process. Meantime, although we are seeing an increase in the implementation of certain zero trust principles, overall the industry has been slow to respond. Much of this is due to the understanding, complexity, and difficulty of implementing full zero-trust models within the tech stack. I predict 2022 will, at best, see a moderate gain in the adoption of zero trust."

With our current state of the world, the need to prioritize and invest in cybersecurity has never been more important. Building security into the entire DevOps pipeline is key for agility, advancement, and protection - that much is clear. As we continue to digitally transform and explore the boundaries of remote work, DevSecOps needs to become the norm for all workstreams.



Johnathan Hunt 

Johnathan Hunt is the VP of Security for GitLab Inc., an open source code repository and collaborative software development platform for large DevOps and DevSecOps projects. He has been in the infosec and cybersecurity space for over 20 years and has worked across several verticals including SaaS, financial, telecommunications, healthcare, government and more. Johnathan is particularly passionate about bug bounty, supply chain security and DevSecOps. He has presented at several conferences, podcasts, interviews and blog series on these topics. He holds numerous security certifications, has a master's degree in information systems and is currently pursuing a second master's degree at Harvard University.

Published Wednesday, January 26, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>