devops.com
Open in
urlscan Pro
2606:4700:10::6816:32c7
Public Scan
URL:
https://devops.com/devsecops-will-cross-the-chasm-in-2022/
Submission: On April 27 via api from US — Scanned from DE
Submission: On April 27 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
https://devops.com/
<form class="mega-search expand-to-right mega-search-closed" action="https://devops.com/">
<span class="dashicons dashicons-search search-icon"></span>
<input type="submit" value="Search">
<input type="text" aria-label="Search" data-placeholder="Search" name="s">
</form>https://devops.com/
<form class="mega-search mega-search-open" role="search" action="https://devops.com/">
<span class="dashicons dashicons-search search-icon"></span>
<input type="submit" value="Search">
<input type="text" aria-label="Search..." data-placeholder="Search..." placeholder="Search..." name="s">
</form>POST /devsecops-will-cross-the-chasm-in-2022/
<form method="post" enctype="multipart/form-data" id="gform_21" action="/devsecops-will-cross-the-chasm-in-2022/" novalidate="">
<div class="gform_body gform-body">
<ul id="gform_fields_21" class="gform_fields top_label form_sublabel_below description_above">
<li id="field_21_3" class="gfield sidebar-signup-form gfield_contains_required field_sublabel_below field_description_above hidden_label gfield_visibility_visible" data-js-reload="field_21_3"><label class="gfield_label"
for="input_21_3">Email<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_3" id="input_21_3" type="email" value="" class="large" tabindex="30" placeholder="Enter your email address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_21_4" class="gfield gsection newsletter-privacy-policy field_sublabel_below field_description_above gfield_visibility_visible" data-js-reload="field_21_4">
<h2 class="gsection_title"></h2>
<div class="gsection_description" id="gfield_description_21_4"><a href="https://devops.com/privacy-policy/"><u>View DevOps.com Privacy Policy</u></a></div>
</li>
<li id="field_21_5" class="gfield gform_validation_container field_sublabel_below field_description_above gfield_visibility_visible" data-js-reload="field_21_5"><label class="gfield_label" for="input_21_5">Email</label>
<div class="gfield_description" id="gfield_description_21_5">This field is for validation purposes and should be left unchanged.</div>
<div class="ginput_container"><input name="input_5" id="input_21_5" type="text" value="" autocomplete="new-password"></div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_21" class="gform_button button" value="Subscribe" tabindex="31"
onclick="if(window["gf_submitting_21"]){return false;} if( !jQuery("#gform_21")[0].checkValidity || jQuery("#gform_21")[0].checkValidity()){window["gf_submitting_21"]=true;} "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_21"]){return false;} if( !jQuery("#gform_21")[0].checkValidity || jQuery("#gform_21")[0].checkValidity()){window["gf_submitting_21"]=true;} jQuery("#gform_21").trigger("submit",[true]); }">
<input type="hidden" class="gform_hidden" name="is_submit_21" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="21">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_21" value="WyJbXSIsIjBkMWZiNzkyODRlM2Q5YzdlNmY4YTVmMGUyNzUwMWY3Il0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_21" id="gform_target_page_number_21" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_21" id="gform_source_page_number_21" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1651018807323">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form><form autocomplete="off" role="search" class="jetpack-instant-search__search-results-search-form">
<div class="jetpack-instant-search__search-form">
<div class="jetpack-instant-search__box"><label class="jetpack-instant-search__box-label" for="jetpack-instant-search__box-input-1">
<div class="jetpack-instant-search__box-gridicon"><svg class="gridicon gridicons-search " focusable="true" height="24" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg" aria-hidden="false" style="height: 24px; width: 24px;">
<title>Magnifying Glass</title>
<g>
<path d="M21 19l-5.154-5.154C16.574 12.742 17 11.42 17 10c0-3.866-3.134-7-7-7s-7 3.134-7 7 3.134 7 7 7c1.42 0 2.742-.426 3.846-1.154L19 21l2-2zM5 10c0-2.757 2.243-5 5-5s5 2.243 5 5-2.243 5-5 5-5-2.243-5-5z"></path>
</g>
</svg></div><input autocomplete="off" id="jetpack-instant-search__box-input-1" class="search-field jetpack-instant-search__box-input" inputmode="search" placeholder="Search…" type="search"><button
class="screen-reader-text assistive-text">Search</button>
</label></div>
</div>
</form>Text Content
DevOps.com
* Latest
* Articles
* Features
* Most Read
* News
* News Releases
* Topics
* AI
* Continuous Delivery
* Continuous Testing
* Cloud
* Culture
* DevSecOps
* Enterprise DevOps
* Leadership Suite
* DevOps Practice
* ROELBOB
* DevOps Toolbox
* IT as Code
* Videos/Podcasts
* DevOps Chats
* DevOps Unbound
* Webinars
* Upcoming
* On-Demand Webinars
* Library
* Events
* Upcoming Events
* On-Demand Events
* Sponsored Communities
* AWS Community Hub
* CloudBees
* IT as Code
* Rocket on DevOps.com
* Traceable on DevOps.com
* Quali on DevOps.com
* Related Sites
* Techstrong Group
* Container Journal
* Security Boulevard
* Techstrong Research
* DevOps Chat
* DevOps Dozen
* DevOps TV
* Digital Anarchist
* Media Kit
* About
*
* AI
* Cloud
* Continuous Delivery
* Continuous Testing
* DevSecOps
* Leadership Suite
* Practices
* ROELBOB
* Low-Code/No-Code
* IT as Code
* More Topics
* Application Performance Management/Monitoring
* Culture
* Enterprise DevOps
* AI
* Cloud
* Continuous Delivery
* Continuous Testing
* DevSecOps
* Leadership Suite
* Practices
* ROELBOB
* Low-Code/No-Code
* IT as Code
* More Topics
* Application Performance Management/Monitoring
* Culture
* Enterprise DevOps
Home » Features » DevSecOps Will Cross the Chasm in 2022
DEVSECOPS WILL CROSS THE CHASM IN 2022
By: Guy Eisenkot on January 5, 2022 0 Comments
We’ve been talking about DevSecOps and shift-left security for years. Although
this approach probably didn’t “cross the chasm” in 2021, we did see some very
telling milestones. Cybersecurity VC funding surged to record heights with a
focus on DevOps and cloud security and the need for DevSecOps became glaringly
evident with the Log4j vulnerability. On a more personal note, our own open
source security project Checkov has surpassed three million downloads.
Much of this momentum was inevitable. Those in infrastructure and reliability
circles have already been adopting and touting the benefits of shifting left and
automating as much as possible, so in many ways, it’s expected that security
would follow suit. Undoubtedly, the pandemic has also accelerated the need for
developers to work more autonomously without having security personnel and
processes acting as barriers to productivity and velocity.
We’re confident that 2022 will see the silos between development and security
teams continue to crumble as developer-led security practices become the norm
for cloud-native organizations.
DevSecOps finally crossing the chasm doesn’t mean that every enterprise and
traditional organization will shift security left and adopt security best
practices. It will, however, give them competitive advantages over those who
don’t—both in decreased security costs and increased developer productivity and,
thus, time-to-market.
What else is in store for the future of DevSecOps?
RISE OF THE DEVSECOPS JOB TITLE
Fewer than 5,000 people on LinkedIn currently have “DevSecOps” in their job
title, yet there are over 20,000 current openings for DevSecOps roles. In 2022,
expect to see more of those positions filled. This means security teams across
industries will conduct fewer manual security audits, there will be a
considerable influx of homegrown DevSecOps tooling and point solutions will
likely begin to consolidate into single platforms.
BLURRED LINES BETWEEN APPLICATION AND INFRASTRUCTURE SECURITY
Until recently, application security was a very well-defined (albeit fractured)
space focusing on securing the custom code and open source packages that make up
applications. However, with the rapid adoption of cloud-native applications, the
lines between application and infrastructure security are blurring. We expect to
see this trend continue as more engineers take on more infrastructure-related
projects, vendors start catering to use cases outside of their core competencies
(through acquisitions and in-house development) and the role of DevSecOps
continues to expand within organizations.
INFRASTRUCTURE-AS-CODE: THE GREAT CLOUD MIGRATION’S NEXT CHAPTER
We’ve been talking about the great migration to the cloud for years. At this
point, many companies are ready to move on to the next chapter:
Infrastructure-as-code (IaC). As a result of this trend, DevSecOps will become
much more important, as security needs to be baked earlier in development phases
or risk being left behind. In addition, security teams will need to become more
well-versed in development technologies and practices to provide the proper
guidance for the new way applications are built and deployed.
MORE SOFTWARE SUPPLY CHAIN ATTACKS
Hackers have been targeting retailers and security vendors for years, exploiting
a minor weakness to gain access and move laterally into sensitive data. In the
past year, however, software supply chain attacks stepped into the spotlight due
to multiple supply chain attacks. We expect this trend to continue, which will,
in turn, put more focus on securing supply chains. DevSecOps, which has focused
mostly on tools and practices for securing the code and infrastructure, will
expand to include the supply chain mechanism.
If 2021 was the year of hype for DevSecOps, we believe (and hope) that these
best practices are embraced en masse across industries. The benefits of
shift-left security are well documented: The number of high severity incidents
is significantly reduced, the potential attack surface is minimized, compliance
efforts are simplified and the time to remediation is lowered. Organizations
also save money by catching misconfigurations and vulnerabilities earlier in the
software development life cycle while at the same time gaining time back with
tools, both open source and commercial, that are empowering developers to move
fast and build applications that are more secure and reliable.
Recent Posts By Guy Eisenkot
* Building an IaC Security and Governance Program Step-by-Step
More from Guy Eisenkot
Related Posts
* DevSecOps Will Cross the Chasm in 2022
* Survey Finds Mixed Progress on DevSecOps
* How to Seamlessly Transition to DevSecOps
Related Categories
* DevOps and Open Technologies
* DevOps Practice
* DevSecOps
* Features
Related Topics
* Cloud Infrastructure Security
* continuous security
* devsecops
Show more
Show less
TwitterLinkedInFacebookRedditEmailShare
Filed Under: DevOps and Open Technologies, DevOps Practice, DevSecOps, Features
Tagged With: Cloud Infrastructure Security, continuous security, devsecops
Sponsored Content
Featured eBook
THE STATE OF OPEN SOURCE VULNERABILITIES 2020
Open source components have become an integral part of today’s software
applications — it’s impossible to keep up with the hectic pace of release cycles
without them. As open source usage continues to grow, so does the number of eyes
focused on open source security research, resulting in a record-breaking ...
Read More
« CI/CD is the New Lock-In
Secure Software Summit: Exploring Secure Coding Best Practices »
TECHSTRONG TV – LIVE
Click full-screen to enable volume control
Watch latest episodes and shows
UPCOMING WEBINARS
Wednesday, April 27, 2022 - 11:00 am EDT
Wednesday, April 27, 2022 - 1:00 pm EDT
Thursday, April 28, 2022 - 11:00 am EDT
LATEST FROM DEVOPS.COM
WHAT SHOULD ELON MUSK DO? | PASSWORDLESS FUTURE: TENSE | WEBKIT IOS MONOPOLY
ENDS?
April 26, 2022 | Richi Jennings
MDR FOR DEVSECOPS: HOW MANAGED SECURITY CAN HELP YOU SHIFT LEFT
April 26, 2022 | Gilad David Maayan
HOW TO AVOID CRAPPY CULTURE AND KEEP ENGINEERS HAPPY
April 25, 2022 | Shanea Leven
TACKLING THE COMPLEXITIES OF MULTI-CLOUD WITH A NEW IT MODEL
April 25, 2022 | Thomas Cornely
OPTIMIZING SECURITY IN DATA COLLECTION PROCESSES
April 22, 2022 | Anas Baig
GET THE TOP STORIES OF THE WEEK
* Email*
* View DevOps.com Privacy Policy
* Email
This field is for validation purposes and should be left unchanged.
Δ
DOWNLOAD FREE EBOOK
MOST READ ON DEVOPS.COM
WI-FI 7 CHIPS AHOY | GOOGLE ‘GONE DOWNHILL FAST’ | REAL-WORL...
April 21, 2022 | Richi Jennings
SHIFT LEFT IS ONLY PART OF SECURE SOFTWARE DELIVERY
April 20, 2022 | Anna Belak
THE PROS AND CONS OF EMBEDDED SRES
April 21, 2022 | Quentin Rousseau
DREAMS AND DESIRES
April 21, 2022 | ROELBOB
THE PROBLEM WITH SECURITY
April 20, 2022 | Don Macvittie
ON-DEMAND WEBINARS
DevOps.com Webinar Replays
* Home
* About DevOps.com
* Meet our Authors
* Write for DevOps.com
* Media Kit
* Sponsor Info
* Copyright
* TOS
* Privacy Policy
© 2022 ·Techstrong Group, Inc.All rights reserved.
✓
Thanks for sharing!
AddToAny
More…
Notifications
previousnextslideshow
SEARCH RESULTS
Magnifying Glass
Search
Close search results
FiltersShow filters
Sort by:
RelevanceNewestOldest
FOUND 11,048 RESULTS
1. SRE VS. PLATFORM ENGINEERING: WHAT'S THE DIFFERENCE?
sre-vs-platform-engineering-whats-the-difference
2. 5 STEPS TO MORE SUSTAINABLE DEVOPS
5-steps-to-more-sustainable-devops
3. BEST OF 2021 - HOW TO SCALE YOUR WEBSITE TO PERFORM ON MOBILE DEVICES
how-to-scale-your-website-to-perform-on-mobile-devices
4. 8 SKILLS CLOUD ARCHITECTS NEED TO SUCCEED
8-skills-cloud-architects-need-to-succeed
5. BEST OF 2021 - 7 POPULAR OPEN SOURCE CI/CD TOOLS
7-popular-open-source-ci-cd-tools
6. GITLAB UPDATES CI/CD PLATFORM TO IMPROVE DEV PRODUCTIVITY
gitlab-updates-ci-cd-platform-to-improve-dev-productivity
7. SURVEY SHOWS INCREASED FOCUS ON MODERNIZING IT, RETIRING APPS
survey-shows-increased-focus-on-modernizing-it-retiring-apps
8. DAGGER: STANDARDIZING CI/CD IS THE HOLY GRAIL OF DEVOPS
dagger-standardizing-ci-cd-is-the-holy-grail-of-devops
9. BEST OF 2021 - HOW TO COMBINE DEVOPS AND AGILE
how-to-combine-devops-and-agile
10. DEVSECOPS IN AZURE
devsecops-in-azure
Load more
FILTER OPTIONS
POST TYPES
Post (9545)
Webinar (1136)
Download (367)
FILTERS
Featured (261)
Promote (244)
DevOps (152)
Containers (68)
Cloud (63)
WEBINAR CATEGORIES
2018 Webinars (138)
2019 Webinars (119)
2017 Webinars (78)
2016 Webinars (35)
DevOps Unbound Webinar (18)
CATEGORIES
Blogs (5922)
Latest News Releases (2190)
DevOps Practice (1581)
Features (1499)
Enterprise DevOps (1148)
TAGS
devops (1714)
automation (468)
devsecops (441)
security (359)
continuous delivery (352)
YEAR
2022 (477)
2021 (1922)
2020 (2143)
2019 (1559)
2018 (1450)
Search powered by Jetpack