StackRox 2021 Predictions: DevSecOps and the Shift Everywhere
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
David Van Everen, VP of Marketing, StackRox:
"In 2021 we expect that the acceleration of Kubernetes deployments in production will continue. As budgets become less constrained by pandemic concerns and as enterprise confidence increases, cloud-native projects previously put on pause will start to resume. With that, we will see an additional increase in the holistic scale and scope of Kubernetes deployments. As such, demand for resources that support Kubernetes ecosystems, such as Kubernetes-native security controls, will also increase as they enable greater integration with DevOps and DevSecOps processes and methodologies. Accordingly, DevSecOps is no longer a niche strategy taking a backseat to DevOps—now it's a mass movement where security is increasingly prioritized within the practice and processes associated with software development and IT operations.
Analysis of Google Trends data shows search interest related to DevSecOps has steadily and significantly increased since 2017. This has had a ripple effect across industries, but particularly in financial services and within the U.S. Federal Government where the adoption of DevSecOps strategies and cloud-native technologies that support the Department of Defense and Department of Homeland Security have become essential to national security. The emphasis on DevSecOps coincides with the maturity of cloud-native computing and has made a lasting impact on how software development has evolved to be more inclusive of security. The ability to deliver continuous and declarative security has been essential in facilitating DevSecOps adoption and supporting the leftward shift of security in the development lifecycle. Because of this, organizations have and will continue to become increasingly successful in their abilities to limit the impact of misconfigurations, vulnerabilities, exploits, and other major security risks.
Similarly, a byproduct of this broader trend is that the declarative nature of Kubernetes enables engineers, developers, and security teams to adapt the “shift left” concept into “shift everywhere”, with unified ownership and responsibility for security. This is important in enterprise environments because effective security approaches will require collaboration between dev, ops, and security practitioners. Kubernetes helps facilitate common, standardized workflows, tooling, and languages that all teams can use to protect their software environments, enforce policies, and reduce risks for a true security-as-code approach within enterprises. In 2021 we expect to see more of this as the enterprise landscape becomes increasingly reliant on cloud-native, Kubernetes-orchestrated applications and infrastructure to drive business operations."