DevSecOps automation will be key to digital transformation in 2022

Bernd Greifeneder, founder and CTO of Dynatrace., looks ahead to 2022, predicting some key trends we’re likely to see impacting organisations’ journeys towards digital transformation.

  • Wednesday, 22nd December 2021 Posted 2 years ago in by Phil Alsop

The past 12 months brought plenty of challenges for IT operations and development teams as they supported the continued move to digital-first services and hybrid work. These challenges are here to stay, but 2022 will undoubtedly bring some fresh problems. Here are the key trends most likely to impact organizations’ ability to keep up with the digital transformation imperative. 

 

Developer experience will become mission-critical  

 

In 2022, the talent war will get even hotter as organizations battle to attract and retain the skilled developers needed to drive their digital transformation. They will, therefore, find themselves under increasing pressure to offer the best developer experience, to focus their workforce on driving innovation and give them a reason to stay loyal. Development teams should be enabled to work as artists as much as possible, opening up their productivity to build new ways for organizations and their customers to see and experience the world. They shouldn’t be manual laborers who get bogged down in the task of stitching code, infrastructure, and databases together to make sure everything works.  

 

To enable this, IT leaders will need to realize that their efforts to improve the developer experience are equal in importance, if not more so, than their ability to optimize customer experiences. They will need to increase their focus on reducing friction in DevSecOps processes and automating as many repetitive tasks as possible. This will enable their developers to invest more of their energy in the work that gets them out of bed in the morning, and less on routine manual tasks – giving them more reasons to stay. 

 

Data complexity will continue to spiral 

 

In 2022, IT leaders will need to urgently tackle the complexity of the data explosion that’s ensued from the introduction of cloud platforms, as well as new technologies, programming languages, and tools in recent years. The volume of observability data that organizations are grappling with is doubling every two years, and will be added to even further in the next 12 months by the rising adoption of OpenTelemetry.  

 

IT leaders will need to ensure the task of handling and analyzing all this data to provide the insights needed for DevSecOps automation doesn’t fall to their developers, pulling them away from vital innovation work. As such, it will be increasingly important to use standardized and automated approaches to capturing observability data, and harness AIOps to analyze it in real-time to unlock the insights developers need to accelerate innovation. 

 

Organizations will begin streamlining automation  

 

In the next 12 months, organizations will begin to address the tangled mess of automation code that was created by their initial efforts to reduce manual development processes. These efforts were driven by automation scripts created on a case-by-case basis, and added to workflows as needed. As time progressed, developers used “copy-paste” versions of these scripts to quickly and easily add the plumbing to connect more operations, development, and automation processes. There is also a huge amount of undocumented automation code that was introduced without much thought for the output.  

 

All of this is making automation increasingly messy, which makes it difficult to realize the value of DevSecOps, as already complex cloud environments become even harder to understand and manage. Developers are forced to waste time updating and fixing their automation scripts over and again, pulling them away from more value-adding tasks such as innovation. As well as adding to their workloads, this also increases the risk of human error derailing DevSecOps pipelines, as developers struggle to maintain consistency across different versions of their automation scripts. To overcome this, we’ll see organizations adopting smarter approaches to DevSecOps automation in the next 12 months. They’ll increasingly look for platforms and solutions that enable them to build automation into their delivery pipelines, rather than manually adding it as an afterthought. This will help to eliminate the reliance on manual copy-paste plumbing and the need for developers to invest time in maintaining fragmented automation scripts.  

 

SRE and DevSecOps will converge  

 

Site reliability engineering (SRE) practices are becoming ever more central to continuous delivery as organizations look to accelerate transformation. As this trend gathers pace in 2022, SRE will move beyond DevOps and become a key part of the DevSecOps movement, as observability converges with security, self-healing, and automation. The pain that SRE teams will face is that developers often don’t have enough time to think about self-healing, observability, and automation. They’re also only just getting used to having the responsibility for security. As a result, all too often, it falls back on SRE teams to ensure security, self-healing, and automation are built-in during the development stage.  

 

To address this, SRE teams will increasingly look to enable developers to build services that are reliable and secure by default. Self-service observability solutions and ‘monitoring as code’ approaches will be key, allowing developers to easily build in observability with just a few clicks. The use of quality and security gates in automated DevSecOps pipelines will also enable developers to ensure their code satisfies service-level objectives that establish the minimum requirements for performance and risk, further easing the burden on both themselves, and SRE teams. 

 

 NoSOC approaches will gain momentum 

 

Next year, there will be another gear shift in development cycles, forcing organizations to lean more heavily on AI and automation to ensure their developers’ code is high quality and secure. To support this, organizations will increasingly move towards NoSOC-approaches. This will see security teams using observability to increase the context of their own data, improving the precision of the insights it delivers and preventing false positives. They will also look to harness AI to automate more manual processes in security management and achieve faster insights and analytics to improve threat detection and remediation capabilities. This will help SOC teams to move away from constant firefighting, so they can focus on more strategic tasks that improve their security posture, turning them into proactive protectors. 

 

IT leaders will look to extend this automation to taint analysis to support the move to DevSecOps, by helping development teams to automatically understand whether vulnerabilities could expose data or if they are harmless. Those insights will help developers prioritize their efforts more effectively, so they can consistently deliver high quality code that’s free from vulnerabilities, at greater speed.