My DevOps and DevSecOps predictions for 2022
2021 was a transformative year for DevOps and DevSecOps as commercial and government enterprises continued to adjust to remote and hybrid working. Software delivery had to continue to change.
Here are some of my DevOps and DevSecOps predictions for 2022:
1. Enterprises acknowledge “peak Ops” finally
GitOps. NoOps. BizDevOps. The list of new ops methodologies goes on. Where does this leave DevOps and DevSecOps? Well, I predict that more enterprises will take advantage of the flexibility of DevOps and DevSecOps to bring in best practices from these other methodologies to improve their software delivery, security, and compliance.
2. High valuation DevSecOps platforms face-off against open-source software (OSS)
There are a growing number of DevOps/DevSecOps platforms with high valuations thanks to private equity and abundant venture capital. It’s only natural that the finance world will want to replicate these high valuations in the DevOps space. I predict that at some point in 2022 that the money behind these high valuation platforms and the OSS community will reach an inflection point starting on the culture front.
The attention to the software supply chain in 2021 will also contribute to this face-off as smaller DevSecOps tools vendors try to jump on the trend. There’ll be startups that have something to add to this new fight, that’s for sure. However, startups with “me too” solutions and marketing-driven pivots will also sprout up across the landscape. Private equity firms, VCs, and journalists will spend 2022 sifting through this new era of software solutions. OSS will most certainly be at the foundation of these solutions. Discussions will ensue. Cultural challenges will take place. Acquisitions will take place. Unlucky startups will be left to toil in irrelevance.
OSS DevOps tools will never go away, but we’re facing changes in how enterprises procure DevOps/DevSecOps solutions which should be interesting to watch as big investor money. OSS ethos finds themselves across the table from each other.
3. DevOps folds into DevSecOps (at least in the public sector)
With the Joint Warfighting Cloud Capability program (JWCC) on the horizon and loads of other public sector cloud programs in various stages as we enter 2022, I predict that the DevOps story will gradually fold into a DevSecOps story. The public sector – not without its own cloud/DevOps/DevSecOps adoption pains -- will be drawn more to a DevSecOps methodology. The United States Air Force’s Platform One banged the DevSecOps drum hard for the past few years. How the loss of Nic Chaillan as the USAF Chief Software Officer affects DevSecOps adoption in the Department of Defense (DoD) remains to be seen. Still, I have high hopes that DevSecOps adoption will only increase based on some of the signs I’m seeing.
I mentioned that we’d reached “peak ops” in a previous prediction; it’s past due for DevSecOps to subsume DevOps. Hopefully, we’ll see more of that in 2022.
4. DevOps toolchain security takes on new dimensions
When I was freelancing for TechTarget, I had a chance to reimagine the DevOps toolchain. Freelance writing about a subject frees you from the limitations that sometimes come with working for a vendor. One point of view that fascinates me is the lack of a discussion about DevOps toolchain security. I wrote about the subject for TechTarget once.
DevOps/DevSecOps toolchains don’t seem to be part of the cloud or infrastructure security discussions very much. At least, I’m still not hearing about it through my channels. As pandemic-driven remote work and hybrid work remain the new normal, I expect infrastructure and cloud security vendors to enter this nascent market. These vendors will face the challenge of understanding a methodology applied inconstantly in the commercial and public sectors.
5. Improved alignment between Data and DevSecOps
Ever since I started writing about DevOps as a freelancer for TechTarget, I came to see DevOps as becoming a more expansive data-driven story. I expect to see more legacy DevOps tools vendors acquire innovative analytics startups in 2022 to improve their platform reporting to stakeholders.
Along with this, there’s room for no-code/low code solutions to help bridge the reporting gap from the development organization to the business stakeholders.
I expect to see DevOps platform providers to be the innovative ones here. However, I’m not counting out the OSS world to make their mark here with data reporting tools that’ll be easier for stakeholders to use.
6. DevOps and cloud cost management become fast friends
I read Cloud Cost Management for DevOps by Aran Khanna over on The New Stack before I took some downtime for Christmas, and it got me thinking and hoping. Cloud cost management does need to shift left, especially now as enterprises deal with overspending and remote work debt coming out of their get legacy on-premises applications to the cloud during the early days of the pandemic.
The market is ripe for a hungry startup or even an established player such as NetApp fresh off their CloudCheckr acquisition to bring their tool into the DevOps toolchain through API integration.
The potential sticking point I see with this prediction is the people part. While I’m all for iterating and improving on the DevOps lifecycle, cloud cost management skills are in short supply typically. Getting past this limitation means raising cloud cost management skills for delivery and business teams.
7. Open-source program management becomes a DevOps priority
The impact of the Log4j vulnerability will reverberate well into 2022 and beyond. OSS management and governance will take on a new priority insider business and government. Organizations with an Open-Source Program Office (OSPO) or other OSS-focused teams will be bringing them into their DevOps security challenges. The future of the OSPO is a topic I’m tracking in 2022 because I see a lot coming out of it in the post Log4J vulnerability world we are in now.
Here’s to 2022
DevOps is sure to play an ever-growing role in 2022 hybrid and remote working environments. It should be the year that data and DevOps move even closer together as reporting requirements mount. DevOps security will be another significant trend to track because that story is long overdue for some substantial changes as the CI/CD toolchain grows as an attack vector.