DevOps and DevSecOps: what's on the cards for 2022?

In the past year, there have been incredible efforts from Australian organisations to digitise and innovate. As a result, developers have become an intrinsic part of organisations’ digital agenda delivery.

The role of developers will continue to rise in 2022, as organisations from all industries are asked to develop and release more software and apps than ever, more quickly.

Many have already started investing in DevOps and DevSecOps processes in a bid to help streamline operations, in particular cloud developments, as well as encourage built-in compliance and security.

While DevOps teams are maturing and looking to reduce complexity by adopting more standardised toolchains and workflows, many challenges remain.

Considering that Australia is currently experiencing acute tech skills shortages as a result of the pandemic, empowering developers with the right tools and processes so they can be more productive has never been so important.

There are five key areas that tech organisations should invest in this year:

Attracting DevOps talent

The responsibility landscape for DevOps is continually expanding, at a rapid pace. This is leaving many developers unsure if their current skill set can match their organisations’ evolving needs, and results in many positions unfilled.

Australia in particular is struggling to fill vacancies with less talent available but more demand than ever. Attracting DevOps talent will be a major challenge for organisations in the region this year.

It is important that organisations prioritise upskilling and provide more supportive resources — like testing environments, for example — for in-role learning that enables developers to train (and even fail) in a safe and protected environment.

Microservices and DevOps

Microservices and DevOps are not new concepts, yet managing architecture, security and compliance still remains a challenge. This is a foundational element to execute a strong cloud migration strategy or build a strong cloud native strategy.

In 2022, more organisations will need to implement microservices and keep the DevOps mentality top of mind to succeed. Microservices and DevOps will continue to converge and become more complicated to manage as time goes on with multiple layers of architecture.

Shifting left

Building strong, secure products throughout the software development life cycle requires continuous security integration, but silos between developer, business development and testing teams continue to create gaps in the feedback loops, which leads to a slower product rollout.

Automation in maximising shifting left principles and maintaining higher security standards will be a priority, as will building security into code during development and including initial verification runtime testing.

By ensuring compliance is ‘shifted left’ — so that security is maintained from the start — companies can avoid problems that interrupt their application development down the track.

Adoption of compliance as code

The threat landscape continues to evolve in tandem with hybrid workplace models, increasing vulnerabilities. Yet many Aussie organisations have not fully implemented compliance measures that meet the growing need for documentation or that support automation’s role in enhancing security.

Security and compliance issues arise when policies are ambiguous and not clearly defined, open to interpretation. Typically, organisations keep their compliance in documents and in a language that are hard to interpret and be understood in the same way by devs, ops and security professionals. That’s where compliance as code comes in.

Codifying compliance policies that are testable, enforceable, shareable, trusted and actionable will not just bridge that gap, but also help reduce time to market without having to think of compliance as an event, because teams will be in a state of continuous compliance.

Expanding on policy as code

As organisations move more workloads into the cloud, security worries and compliance complexity have grown significantly and. more organisations have accelerated their investments in security and compliance automation.

IT teams must continuously deliver change in their technology environments while maintaining adherence to business policies ranging from governmental regulations to security best practices.

‘Policy as code’ (codifying policy to code) is an approach that automates the implementation, validation and governance of business policies. This goes beyond compliance into cost, identity management and other business elements that need to be brought under governance.

Expanding from ‘infrastructure as code’ or ‘compliance as code’ into ‘policy as code’ provides specific, complete visibility and alignment with organisations’ overall policy. This has become a reputable way for companies who need to continually modulate their security practices with agility.

Just as DevOps has gained maturity for application developers, DevSecOps will do the same to improve organisational security. 2022 is set to be an incredible year for developers, and if they are empowered with the right organisation-wide digital mindset, as well as appropriate dev tools and processes, they will be able to help companies create more value and innovation than ever.

Image credit: ©stock.adobe.com/au/tippapatt