ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Eight top DevSecOps trends to support IT innovation in 2022

By Contributor
Mon 4 Jul 2022

Article by Dynatrace vice president of A/NZ Hope Powers.

The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. More than one-third (36%) of respondents to GitLab’s 2021 Global DevSecOps Survey reported developing software using DevSecOps, up from 27% in 2020.

This growth is driven by organisations realising that application quality and security are essential to their ability to streamline continuous integration and delivery (CI/CD) and accelerate innovation. They need to balance pressure to develop software rapidly with the need to ensure it remains secure and is optimised for today’s cloud environments. This can be quite a challenge.

GitLab’s Fifth Annual Global DevSecOps Survey (2020) found 60% of developers are releasing code twice as fast by using DevOps. However, speed often comes at the expense of security. A survey of CISO leaders last year found that 71% of CISOs admit they are not fully confident code is free of vulnerabilities before going live in production.

To enable software to be developed rapidly and securely, DevSecOps teams need to automate all stages of the lifecycle. They need shared solutions and platforms that converge observability—the ability to measure a system’s current state based on the data it generates, such as logs, metrics and traces—with security, so they can spot security gaps
and identify poor quality code and other software development issues.

In a survey of 250 enterprises in the US and UK with more USD $1 billion in revenue, 96% of respondents expected to benefit by automating their compliance and security processes, a fundamental goal of DevSecOps.

As DevSecOps continues to gather momentum, here are some key trends. 

1. Infrastructure as code (IaC) uptake is rising

Infrastructure-as-Code (IaC), aka software-defined infrastructure, is the management of hardware using code. It enables IT hardware resources to be configured, managed, monitored and provisioned using software rather than manual processes.

According to Gartner, 60% of organisations will be using infrastructure automation tools as part of their DevOps strategy by 2023, improving application deployment efficiency by 25%. In addition, defining infrastructure as code enables greater automation throughout the delivery pipeline, making it easier to replicate the testing and deployment process for new code. This is essential for accelerated DevSecOps adoption.

The same code can be used every time a particular infrastructure configuration is needed, so the benefits in time and effort saved are greatly increased. IaC can also benefit DevSecOps by reducing human error. Processes enshrined in code are secure and repeatable, lending themselves to automation and ensuring the correct execution of
highly complex processes.

2. Attacks via vulnerable third-party code are growing

Many organisations make use of third-party code and software libraries in their development of new digital services. Any vulnerabilities in this code expose their applications to cyber attacks. 

To guard against this, organisations must monitor their use of third-party code so they can patch any new vulnerabilities that are discovered. For example, in December 2021, a vulnerability known as Log4Shell was discovered in versions 2.0 and 2.14.1 of Log4j 2, a popular Java library. Log4Shell enables an attacker to use remote code execution to engage with software that uses Log4j and gain access to networks and sensitive data. Many organisations were forced to take devices and applications offline while they identified whether Log4j had been used in any stage of software production, from development to runtime.

In a blog, author and developer advocate Nicolas Fränkel wrote, “Wise developers don’t reinvent the wheel: they use existing libraries and/or frameworks. From a security point of view, it means users of such third-party code should carefully audit it. We should look for flaws: both bugs and vulnerabilities.”

Log4Shell certainly will not be the last such vulnerability, as the more recent discovery of Spring4Shell has already shown. To guard against the next one, organisations should deploy observability platforms that can provide deep and broad insights into their applications to quickly identify any code flagged as vulnerable.

3. Root-cause analysis using AIOps will be essential

Gartner defines artificial intelligence for IT operations (AIOps) as the combination of “big data and machine learning to automate IT operations processes, including event correlation, anomaly detection, and causality determination.”

Such automation is becoming essential to enable DevSecOps teams to manage cloud environments whose complexity is putting them beyond the capabilities of manual processes. AIOps can analyse data on activity in real-time, helping to prevent DevSecOps teams being overwhelmed by alert storms and providing precise answers that enable them to innovate more rapidly.

According to a Forbes article, AIOps is “moving from marketing hype to a useful tool being adopted across the enterprise.” It explains that the AI algorithms underpinning AIOps are becoming increasingly sophisticated. They enable AIOps tools to discover data relationships more rapidly, identify the root cause of IT issues in real-time and, in some cases, remediate them automatically. Such abilities are becoming essential to enable DevSecOps teams to test code while it is being developed and to identify new vulnerabilities during pre-production before code is deployed.

4. MLOps is no match for AIOps

Machine Learning Operations (MLOps) is a set of management practices designed to aid the effective and efficient deployment and maintenance of machine learning in production environments. It is often confused with AIOps but is quite different.

MLOps can only suggest a relationship between a problem and a possible solution. AIOps identifies problems precisely and provides actionable answers. MLOps systems must be trained to distinguish normal from abnormal behaviour. Data models must be verified, which requires time and effort from DevSecOps teams - time that could be spent on more strategic priorities.

In contrast, AIOps automates these tasks by combining AI algorithms with data analytics. It can accurately identify many common IT issues such as unexpected downtime or unauthorised data access and suggest appropriate remedies. These algorithms do not need to be trained, freeing IT teams from routine monitoring tasks and enabling them to focus on tasks that directly support business priorities and drive better outcomes.

Dynatrace vice president of A/NZ Hope Powers.

5. GitOps gains wide acceptance

GitOps is a set of practices for infrastructure management based on DevOps best practices for application development: version control, collaboration, compliance, CI/CD tooling. It is based on Git, an open-source tool developed for source code management in DevOps.
In GitOps, Git becomes a single source of truth and a control mechanism to support dynamic creation, including updating and deleting system architecture specifications.

It automates and centralises the deployment and verification of infrastructure modifications via pull requests, giving teams greater control over their environment and enabling them to deliver better digital services faster.

6. The role of Kubernetes grows

Kubernetes, the open-source platform built to orchestrate the management, deployment, and scaling of microservices architectures, underpins all these aspects of DevSecOps and digital transformation.

Kubernetes enables a microservices-based application to be moved quickly and reliably between environments, for example, from a development to a production environment. It also makes application developers more productive. With microservices-based deployments supported by Kubernetes, multiple teams can simultaneously deal with different aspects of a project, accelerating development and identifying and fixing problems faster.

Kubernetes has been a game-changer for application development. It has enabled developers to better accommodate customer requirements, share resources across cloud platforms, and accelerate the building, testing and deployment of DevSecOps pipelines.

7. Serverless uptake soars

Serverless computing is a cloud-based, on-demand execution model where customers consume resources solely based on their usage by applications. It greatly appeals to developers wanting to build and scale out applications without worrying about the underlying infrastructure. The cloud service providers take care of this and supply the tools that enable app developers to create their applications in modules according to the cloud infrastructure they require. Serverless computing can also reduce costs and improve disaster recovery and resilience because the resources used are supported by the cloud provider’s inbuilt redundancy and availability features.

8. DevSecOps comes of age

Ultimately, companies undertaking digital transformation will struggle to succeed without DevSecOps.

However, to successfully exploit DevSecOps, development teams need platforms that streamline the entire software development lifecycle, facilitate cross-team collaboration and automate processes wherever possible.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Artificial Intelligence
Runecast's award-winning platform future-proofs businesses
Runecast provides both security and operations teams with what a few industry experts have called a 'must-have' solution.
Story image
Partner awards
Vertiv recognises outstanding 2021 A/NZ channel partners
Vertiv has recognised the exceptional contributions that its Australia and New Zealand channel partners made to its IT and mechanical and electrical (M&E) businesses in 2021.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Microsoft
SaaS sector in NZ thriving as a result of trans -Tasman partnerships
New Zealand's Software-as-a-Service (SaaS) sector is on track to be the biggest contributor to GDP this year, generating more than NZD$20 billion for the New Zealand economy.
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Check Point
Ransomware now impacts 1 out of 40 organisations a week
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%.
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image
Story image
Phishing
Phishing, software vulnerabilities cause 70% of cyber incidents
The heavy use of software vulnerabilities matches the opportunistic behaviour of threat actors who scour the internet for vulnerabilities and weak points.
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
SAP
OutSystems joins SAP PartnerEdge program, integrates solutions
OutSystems has become an official member of the SAP PartnerEdge program. This will make it easier for other businesses within the SAP ecosystem to discover and connect with OutSystems.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Sustainability
Phronesis Security achieves B-Corp certified status
Phronesis Security has become the first cyber security company in Australia to achieve the coveted B Corp certification, having been certified since June 2022. 
Story image
Product Management
TeamViewer and Siemens to innovate product lifecycle space with AR
TeamViewer's new partnership with Siemens Digital Industries Software to bring the power of TeamViewer's AR platform, Frontline, to Siemen Teamcenter software.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Gaming
Logitech G’s new Aurora collection looks to help change gaming stereotypes
The company’s new Aurora collection is designed to be gender inclusive, not gender exclusive, addressing the needs and wants of women gamers while also still appealing to a wider general audience.
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia. 
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
Security vulnerabilities
Flashpoint says vulnerability disclosure ‘highly volatile’
Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile’.
Story image
Mobile Device Management / MDM
Claroty's Team82 uncovers two vulnerabilities in FileWave’s MDM system
Claroty’s research arm (Team82) has uncovered and disclosed two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system.
Story image
Data
Consumers will stop doing business over data practices
“Data privacy remains a concern for consumers when it comes to sharing their information with an online retailer with an unclear view of privacy laws."
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Artificial Intelligence
Why smarter healthcare depends on data and automation
The pandemic has acted as a fierce catalyst for change. It’s strong-armed industries across the globe to embrace a world of new. Nowhere is that more evident than in healthcare.
Story image
Infrastructure
Rimini Street announces new suite of security solutions for enterprises
Rimini Street has announced the launch of Rimini Protect, a new suite of security solutions set to provide a more comprehensive layer of security.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Appointments
Tech job moves - Checkmarx, Kinly, Syniti, Trellix & WalkMe
We round up all job appointments from July 22-28, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Identity and Access Management
Pitney Bowes launches rebranded management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Phishing
Top universities lagging on basic cybersecurity - report
Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.