TALKING
‘‘ business this also increases the risk of human error derailing DevSecOps pipelines , as developers struggle to maintain consistency across different versions of their automation scripts . To overcome this , we ’ ll see organisations adopting smarter approaches to DevSecOps automation in the next 12 months . They ’ ll increasingly look for platforms and solutions that enable them to build automation into their delivery pipelines , rather than manually adding it as an afterthought . This will help to eliminate the reliance on manual copy-paste plumbing and the need for developers to invest time in maintaining fragmented automation scripts .
SRE and DevSecOps will converge
Site Reliability Engineering ( SRE ) practices are becoming ever more central to continuous delivery as organisations look to accelerate transformation . As this trend gathers pace in 2022 , SRE will move beyond DevOps and become a key part of the DevSecOps movement , as observability converges with security , self-healing and automation . The pain that SRE teams will face is that developers often don ’ t have enough time to think about self-healing , observability and automation . They ’ re also only just getting used to having the responsibility for security . As a result , all too often , it falls back on SRE teams to ensure security , self-healing and automation are built in during the development stage .
To address this , SRE teams will increasingly look to enable developers to build services that are reliable and secure by default . Self-service observability solutions and ‘ monitoring as code ’ approaches will be key , allowing developers to easily build in observability with just a few clicks . The use of quality and security gates in automated DevSecOps pipelines will also enable developers to ensure their code satisfies service-level objectives that establish the minimum requirements for performance and risk , further easing the burden on both themselves and SRE teams .
NoSOC approaches will gain momentum
There will be another gear shift in development cycles , forcing organisations to lean more heavily on AI and automation to ensure their developers ’ code is highquality and secure . To support this , organisations will increasingly move towards NoSOC-approaches . This will see security teams using observability to increase the context of their own data , improving the precision of the insights it delivers and preventing false positives . They will also look to harness AI to automate more manual processes in security management and achieve faster insights and analytics to improve threat detection and remediation capabilities . This will help SOC teams to move away from constant firefighting , so they can focus on more strategic tasks that improve their security posture , turning them into proactive protectors .
IT leaders will look to extend this automation to taint analysis to support the move to DevSecOps , by helping development teams to automatically understand whether vulnerabilities could expose data or if they are harmless . Those insights will help developers prioritise their efforts more effectively , so they can consistently deliver high-quality code that ’ s free from vulnerabilities , at greater speed . p
40 INTELLIGENTCIO EUROPE www . intelligentcio . com