DevOps is key to many software development team’s success. Characterized by flexibility, agility and collaboration, it gives teams capabilities including faster time to market, quicker bug fixes and greater responsiveness to customer requests, as well as increased employee engagement and satisfaction.
As customer demands, the cyberthreat landscape changes, and new tools are introduced, DevOps, too, is changing. Cybrary instructor Nitin Sharma advises you to keep an eye on these DevOps trends picking up steam heading into 2020:
Shift Left Testing
The concept of moving testing left on the project timeline — test early and often — has been around for a few decades, but as more teams embrace agile development and continuous delivery, testing needs to become an integral part of the process. The term “shifting left” probably doesn’t technically apply when development is cyclical rather than linear, but developers understand that it signifies the importance of both dynamic and static testing and performing reviews and inspections as the team works on each application iteration.
Hybrid Cloud Solutions
Sharma says another trend is for DevOps teams to transition from using only on-premises infrastructure. “The current ideology is for developers to use a hybrid solution to manage their apps and toolsets, leveraging both cloud and on-prem.”
Hybrid solutions are a logical solution for developers, allowing them to combine the scalability and affordability of cloud with their on-premises environment. Specifically, for DevOps teams, a hybrid environment enables all team members to collaborate without silos, streamline processes, and deliver software more expediently.
The high-profile data breaches that made headlines in 2019 have underscored the importance of developers maintaining a security mindset. Sharma says, “Now there are two things required: security and development. This has given rise to a new practice called DevSecOps, where IT, Dev and Security align to achieve automation and security in the DevOps pipeline.”
Sharma says this means workflows now include migration to cloud with static application security testing (SAST) and dynamic application security testing (DAST) scans, risk governance, and automated risk acceptance approvals within a fully automated, end-to-end continuous integration/continuous delivery (CI/CD).
“While most of the companies do not have enough security measures in their CI/CD pipelines, security companies have started providing API driven automation solutions to cope up with this scenario,” says Sharma. Whether it is CheckMarx (SAST), Accunetix (DAST), or Qualys (VM Scan and much more), everything now comes with an API-driven automation package. The choice depends on the development team, how they use them and how they automate within their pipelines.”
Kubernetes (K8s) vs. FaaS
Sharma says software development teams, from startups to major enterprises, are using Kubernetes for its custom cloud management and cost-saving features. “The major fight involving K8s is with serverless or Function as a Service (FaaS), which is still in the development phase,” Sharma comments. He points out there is a project Knative, which is a marriage of both contenders. Created by Google with contributions from more than 50 companies, it enables running serverless applications on Kubernetes.
Which Trends Should ISVs Follow?
Sharma advises development teams to stick with what has worked for them, but to look for ways to improve design efficiency and manage complexity.
It is essential, however, for ISVs immediately to provide their developers with security training. He suggests beginning with OWASP resources or All Day DevOps conferences as good starting points. “It is mandatory to take the initiative for security key learning objectives more sincerely — we all know the era of data breaches is already knocking on the door.”