DevSecOps automation will be key to Digital Transformation in 2022

DevSecOps automation will be key to Digital Transformation in 2022

As we head into a new year, business leaders are seeking to find new ways of preparing their organisations for the technology trends which are set to evolve. Here, Bernd Greifeneder, Founder and CTO of Dynatrace, discusses some of the key trends organisations are likely to face if they intend to continue on their Digital Transformation journeys.

The past 12 months brought plenty of challenges for IT operations and development teams as they supported the continued move to digital-first services and hybrid work. These challenges are here to stay, but 2022 will undoubtedly bring some fresh problems. Here are the key trends most likely to impact organisations’ ability to keep up with the Digital Transformation imperative. 

Developer experience will become mission-critical  

In 2022, the talent war will get even hotter as organisations battle to attract and retain the skilled developers needed to drive their Digital Transformation. They will, therefore, find themselves under increasing pressure to offer the best developer experience, to focus their workforce on driving innovation and give them a reason to stay loyal. Development teams should be enabled to work as artists as much as possible, opening up their productivity to build new ways for organisations and their customers to see and experience the world. They shouldn’t be manual laborers who get bogged down in the task of stitching code, infrastructure and databases together to make sure everything works.  

To enable this, IT leaders will need to realise that their efforts to improve the developer experience are equal in importance, if not more so, than their ability to optimise customer experiences. They will need to increase their focus on reducing friction in DevSecOps processes and automating as many repetitive tasks as possible. This will enable their developers to invest more of their energy in the work that gets them out of bed in the morning, and less on routine manual tasks – giving them more reasons to stay. 

Data complexity will continue to spiral 

In 2022, IT leaders will need to urgently tackle the complexity of the data explosion that’s ensued from the introduction of cloud platforms, as well as new technologies, programming languages and tools in recent years. The volume of observability data that organisations are grappling with is doubling every two years and will be added to even further in the next 12 months by the rising adoption of OpenTelemetry.  

IT leaders will need to ensure the task of handling and analysing all this data to provide the insights needed for DevSecOps automation doesn’t fall to their developers, pulling them away from vital innovation work. As such, it will be increasingly important to use standardised and automated approaches to capturing observability data and harness AIOps to analyse it in real-time to unlock the insights developers need to accelerate innovation. 

Organisations will begin streamlining automation  

In the next 12 months, organisations will begin to address the tangled mess of automation code that was created by their initial efforts to reduce manual development processes. These efforts were driven by automation scripts created on a case-by-case basis and added to workflows as needed. As time progressed, developers used ‘copy-paste’ versions of these scripts to quickly and easily add the plumbing to connect more operations, development and automation processes. There is also a huge amount of undocumented automation code that was introduced without much thought for the output.  

All of this is making automation increasingly messy, which makes it difficult to realise the value of DevSecOps, as already complex cloud environments become even harder to understand and manage. Developers are forced to waste time updating and fixing their automation scripts over and again, pulling them away from more value-adding tasks such as innovation. As well as adding to their workloads, this also increases the risk of human error derailing DevSecOps pipelines, as developers struggle to maintain consistency across different versions of their automation scripts. To overcome this, we’ll see organisations adopting smarter approaches to DevSecOps automation in the next 12 months. They’ll increasingly look for platforms and solutions that enable them to build automation into their delivery pipelines, rather than manually adding it as an afterthought. This will help to eliminate the reliance on manual copy-paste plumbing and the need for developers to invest time in maintaining fragmented automation scripts.  

SRE and DevSecOps will converge  

Site reliability engineering (SRE) practices are becoming ever more central to continuous delivery as organisations look to accelerate transformation. As this trend gathers pace in 2022, SRE will move beyond DevOps and become a key part of the DevSecOps movement, as observability converges with security, self-healing and automation. The pain that SRE teams will face is that developers often don’t have enough time to think about self-healing, observability and automation. They’re also only just getting used to having the responsibility for security. As a result, all too often, it falls back on SRE teams to ensure security, self-healing and automation are built in during the development stage.  

To address this, SRE teams will increasingly look to enable developers to build services that are reliable and secure by default. Self-service observability solutions and ‘monitoring as code’ approaches will be key, allowing developers to easily build in observability with just a few clicks. The use of quality and security gates in automated DevSecOps pipelines will also enable developers to ensure their code satisfies service-level objectives that establish the minimum requirements for performance and risk, further easing the burden on both themselves and SRE teams. 

NoSOC approaches will gain momentum 

There will be another gear shift in development cycles, forcing organisations to lean more heavily on AI and automation to ensure their developers’ code is high-quality and secure. To support this, organisations will increasingly move towards NoSOC-approaches. This will see security teams using observability to increase the context of their own data, improving the precision of the insights it delivers and preventing false positives. They will also look to harness AI to automate more manual processes in security management and achieve faster insights and analytics to improve threat detection and remediation capabilities. This will help SOC teams to move away from constant firefighting, so they can focus on more strategic tasks that improve their security posture, turning them into proactive protectors. 

IT leaders will look to extend this automation to taint analysis to support the move to DevSecOps, by helping development teams to automatically understand whether vulnerabilities could expose data or if they are harmless. Those insights will help developers prioritise their efforts more effectively, so they can consistently deliver high-quality code that’s free from vulnerabilities, at greater speed.  

Click below to share this article

Browse our latest issue

Intelligent CIO Europe

View Magazine Archive