DevSecOps

Enterprises embrace digital technologies to deliver safer, quicker and more reliable business value to their customers. With rapid advancements in efficiency and technology consumption, software delivery must remain resilient and secure. DevSecOps helps enterprises embed security into their value delivery system while ensuring the consistency, governance, efficiency, scale and speed associated with the software development are not compromised.

DevSecOps evolution continuum

Adapting to market dynamics: the three horizons
Show all horizons
Velocity, Variety, Volume

H3

ENTERPRISE DEVSECOPS ECOSYSTEM POWERED BY PLATFORMS

Secure, Resilient, Innovation at Scale

Key Patterns

  • DevSecOps Platforms
  • Continuous Security
  • Observability and AI-Based Insights
  • SaaS-Based Tools
  • LCNC Approaches

H2

DEVOPS FOR VALUE STREAM

Collaboration, Speed and Traceability

Key Patterns

  • Value Stream Focused
  • Package DevOps
  • Mainframe DevOps
  • Cloud Services for DevOps
  • DevOps for ML and RPA
  • Security in Pipelines
  • DevOps beyond Distributed Technologies
  • Software-Defined Networking

H1

SDLC TASKS AUTOMATION

Automation for Build, Test and Deployment

Key Patterns

  • Task Orchestration
  • Siloed DevOps Practices
  • On-Premise or Private Cloud Built
  • Open-Source Point Tools
  • Platform-Specific DevOps Pipeline
  • Portfolio DevOps for Digital Apps

Key trends across domains

Enterprise scale CICD

Trend 1

Cloud acceleration driving demand and adoption of cloud-based DevOps

We see increased cloud adoption as organizations migrate their existing applications to the cloud or use cloud-native development to build new applications. The result is an increased cloud DevOps trend using cloud-based commercial or open-source tools.

Trend 2

Scaling DevOps across the enterprise to drive agility

Many businesses strive for enterprise-scale DevOps adoption once they see the DevOps benefits achieved in specific applications. However, scaling at an enterprise level needs more attention beyond setting up CI/CD for every application.

Continuous Security

Trend 3

Continuous security with end-to-end integrated DevSecOps pipelines

This continuous trend to alleviate security issues and threats is more prevalent in B2B or B2C applications exposed on the internet. End-to-end DevSecOps pipelines include integration at all security phases of SAST, SCA, DAST, RASP and/or IAST in a no-touch fashion.

Trend 4

Shift left with codification of security and privacy controls in DevSecOps

To successfully scale DevSecOps across the enterprise, businesses are looking at using reusable frameworks and centralized DevSecOps platforms. By implementing a consolidated security dashboard in the pipeline, they will collect defects found across all types of security testing tools, including SAST, SCA and DAST. With mature DevSecOps implementations, businesses are also defining metrics and setting up thresholds.

Adoption across ERPs

Trend 5

Emergence of DevSecOps in the SAP ecosystem

There is a constant demand for changes and quicker time to market with SAP’s core business platform. As a package, SAP has worked to build self-contained tools to manage the application lifecycle.

Trend 6

Development of end-to-end, inbuilt platform capabilities

DevSecOps is increasingly becoming the core element of Salesforce ecosystems. The Salesforce platform has long been known for its strong security capabilities and ability to govern the access of hosted data. However, certain dimensions of DevSecOps must be addressed by vendors, such as the lack of inbuilt version control of metadata.

DataOps

Trend 7

End-to-end DataOps with integrated data estate pipelines

Companies will explore and adopt the integration of DataOps across various data tools and data stakeholders to deliver faster business value. Along with this trend, we will see digitized data governance and containerization through automation and selfservice tools to place a greater focus on value delivery.

Trend 8

Combining artificial intelligence and machine learning products into DevSecOps

The AI/ML model’s lifecycle involves various stages – from data collection, data analysis, feature engineering and algorithm selection to model building, tuning, testing, deployment, management, monitoring and feedback loops.

Artificial Intelligence/Machine Learning Ops

Trend 9

Emergence of enterprise-scale AI model management

As AI initiatives graduate from proof of concept to enterprise deployment, organizations face challenges with the engineering complexity of model deployment, the ability to scale infrastructure efficiently and the lack of AI model visibility and governance.

Trend 10

Integrated development environment for data science projects

Data scientists need different development environments, depending on the nature of data and their AI framework. Traditionally, data scientists have used various development tools to choose their desktop to develop ML models, but deploying and integrating them with their AI ecosystem has been a challenge.

NetOps

Trend 11

Open, standards-based, software-defined networks and network function virtualization

Current network conversions focus on programmability, which is achieved by softwaredefined networks (SDNs) and network function virtualization (NFV). SDNs help make networks flexible and create an agile networking landscape. NFV, with the help of cloud computing platforms, drives capacity scaling.

Trend 12

Open-source, closed-loop AI Ops

Monitoring and service assurance solutions traditionally used legacy tools to manage the network and adhere to the agreed service-level agreement. But, with only a simple network management protocol in place, they had limited monitoring capabilities. The latest trend is moving toward real-time, intent-driven solutions, which are mostly distributed and cloudenabled.

Application Lifecycle Management

Trend 13

Teams create their own app ecosystem around ALM tools

Enterprises are moving to adopt ALM tools that help govern software development and ensure measurable agility in the delivery of business value to customers. An essential feature that facilitates this agility is the strong integration capability that the ALM tool provides, which helps enterprises extend capabilities and allows its integration with other enterprise tools.

Trend 14

NoOps brings extreme automation and abstraction to the IT infrastructure

NoOps intends to eliminate human intervention in software management. It aims to allow operations teams to focus on more value-adding activities rather than spend time on mundane tasks. Hyperscalers that provide elements of the software, software-defined infrastructure and networks have contributed to NoOps becoming a reality.

QA DevOps

Trend 15

Using advanced technologies for automated and autonomous testing

Hyperautomation (using AI to drive decision making) is emerging as a leading strategic technology trend that integrates robotic process automation (RPA), AI/ML, intelligent business management software and other emerging technologies to increase automation levels in enterprises.

Trend 16

Maturing security integration in DevSecOps to real-time, automated remediation of vulnerabilities

DevSecOps introduced security earlier in the SDLC, expanding collaboration between development and operations teams in DevOps to include security teams. Security testing tools were introduced but were not integrated with continuous testing pipelines.

Download Insights

Ask Experts

Adarsh Mehrotra

Adarsh Mehrotra

Industry Principal

Anupama Rathi

Anupama Rathi

Senior Principal - IP Deployment and Commercialization

Aswin Kumar

Aswin Kumar

Senior Industry Principal

Dhiraj Dhake

Dhiraj Dhake

Delivery Manager

Harleen Bedi

Harleen Bedi

Senior Industry Principal

Palani Shankar

Palani Shankar

Senior Delivery Manager

Subscribe

To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute’s publications

Infosys TechCompass