Gartner recently posted their Top 10 Strategic Technology Trends for 2018, and DevSecOps practices made the list.
Here's what they said, "Traditional security techniques using ownership and control rather than trust will not work in the digital world. Infrastructure and perimeter protection won't ensure accurate detection and can't protect against behind-the-perimeter insider attacks. This requires embracing people-centric security and empowering developers to take responsibility for security measures. Integrating security into your DevOps efforts to deliver a continuous 'DevSecOps' process."
The Gartner blog details what we've been discussing for some time now at Sonatype and that is: traditional security practices can't keep up in a DevOps world. Bolt-on practices at the end of the SDLC won't work. Analysis of applications that take eight to 24 hours to complete don't fit. Open source governance that delivers 90% false positives won't scale. And Dev, Sec, and Ops teams that maintain tribal conflicts can't evolve to a better state.
When it comes to DevSecOps, we've been writing, organizing conferences, leading discussions, hosting meet-ups, and speaking at industry events on it for about four years now. That said, when you're a small but fast-growing technology firm, the mainstream often misses those early days. But in 2017, Gartner's coverage picked up steam. Gartner reported over 600 analyst inquiries on DevSecOps in the past year. They've published numerous reports on DevSecOps, led by folks like Neil MacDonald, Ian Head, and Mark Horvath.
Make no mistake. Gartner did not make the DevSecOps market. They report on what they hear from their clients in the market, and provide expert guidance to help them navigate their own transformations. When Gartner starts regular coverage of a topic, you know it's gone mainstream.
Whether you are just getting started on your DevSecOps journey or started heading down that path years ago, Gartner offers sage advice in their paper, 10 Things to Get Right for Successful DevSecOps. It offers great perspective and is worth reading.
Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.
Explore All Posts by Derek WeeksTags
Code 3x Faster with Less False Positives
Build, test, and launch secure applications without rework. Explore how the Sonatype platform can enhance productivity and security.