DevSecOps

Enterprises deliver safer, quicker, and reliable business value to customers through technology. With rapid advancements, software delivery must remain agile, resilient, and secure. DevSecOps is helping businesses to shorten the cycle time, from initiating a business idea to delivering to end customers. Subsequently, specialized disciplines such as NetOps for networks, DataSecOps for data engineering, MLOps for machine learning, NoOps for operations, and EdgeOps for edge computing have come into the frame. This discipline started for application development, but now has spread enterprise wide and caters to workloads developed by hybrid teams. Further, shift left site reliability and AI/ML backed insights augment these approaches. Organizations can now effortlessly collaborate and detect problems early in the value stream through intelligent observability within technology portfolios.

THE DEVSECOPS EVOLUTION CONTINUUM

Three horizons (H1, H2, and H3) in DevSecOps
Show all horizons

H3

Enterprise DevSecOps Ecosystem Powered by Platforms

Enterprise agility, security, resilience, and innovation at scale

Key Patterns

  • DevSecOps platforms
  • SRE and observability
  • SaaS-based tools
  • MLOps
  • Metrics-based culture
  • NetOps for network life cycle

H2

DevOps for Value Stream

Collaboration, speed, and traceability

Key Patterns

  • Value stream focused
  • Packaged DevOps
  • Mainframe DevOps
  • Cloud services for DevOps
  • DevOps for ML and RPA
  • Security in pipelines
  • DevOps beyond distributed technologies
  • Software-defined networking

H1

SDLC Tasks Automation

Automation for build, test, and deployment

Key Patterns

  • Task orchestration
  • Siloed DevOps practices
  • On-premise or private cloud
  • Open-source point tools
  • Platform-specific DevOps pipeline
  • Portfolio DevOps for digital apps

Key trends across domains

Enterprise-scale CI/CD

Trend 1

Modernization drives demand for cloud-based DevOps

Organizations are increasingly migrating their existing applications to the cloud or using cloudnative development to build new applications. This allows firms to speed up software deployments and generate significant revenues from launching new business models, boosting the usage of cloud-based commercial or open-source tools for cloud DevOps.

Trend 2

DevOps scales across the enterprise to drive agility

Many businesses are implementing DevOps after realizing its benefits in specific applications. However, this requires efforts beyond setting up CI/CD for every application. Unplanned DevOps scaling can have adverse effects such as higher tooling and infrastructure costs, more effort by application teams in setting up CI/CD, and unstandardized implementation.

Security and policy compliance

Trend 3

End-to-end integrated DevSecOps pipelines aid enhanced security

Security issues and cyberthreats, specifically for B2B or B2C applications, are continuously rising. End-to-end DevSecOps pipelines include integration at all security phases of SAST, SCA, DAST, RASP, and/or IAST in a no-touch fashion. Tool vendors offer easy CLI- and API-based integration capabilities for greenfield applications.

Trend 4

Codification of security and privacy controls enables a shift left

Businesses are looking at reusable frameworks and centralized DevSecOps platforms to successfully scale its adoption enterprise wide. By implementing a consolidated security dashboard in the pipeline, they collect defects across all types of security testing tools, including SAST, SCA, and DAST.

DevSecOps for packages

Trend 5

Increased DevSecOps adoption in the SAP ecosystem

There is constant demand for upgradation and quicker time to market with SAP’s core business platform. As a package of offerings, SAP has worked to build selfcontained tools for ALM. With the advent of DevOps, SAP has kick started its agility journey by launching Activate Methodology. It is embracing open-source tool sets to amplify life cycle management capabilities.

Trend 6

End-to-end, inbuilt platform capabilities strengthen

DevSecOps is increasingly becoming the core element of Salesforce ecosystems. The Salesforce platform has long been known for its strong security capabilities and the ability to govern the access of hosted data. However, vendors must address certain challenges associated with DevSecOps, such as the lack of inbuilt version control of metadata.

DataOps

Trend 7

DataSecOps enhances data efficiency

Companies are exploring and adopting DataOps across various data tools and data stakeholders to deliver faster business value. We also see digitized data governance and containerization through automation and self-service tools for greater focus on value delivery.

Trend 8

AI and ML products integrate with DevSecOps

The AI/ML model’s life cycle involves various stages — from data collection, data analysis, feature engineering, and algorithm selection to model building, tuning, testing, deployment, management, monitoring, and feedback loops. To improve DevOps maturity, AI/ML models are being integrated into DevSecOps pipelines to be standardized, fully managed, and controlled.

AI/MLOPS

Trend 9

AI models deployed at the edge for better customer experience

Enterprises are increasingly deploying AI models at the edge. And that too for the latest use cases. To deliver a transformative experience, diverse sensing devices in near-real time are deployed.

Trend 10

Integrated MLOps practices enhance AI capabilities

Companies are standardizing MLOps practices to scale AI adoption. Having quickly identified use cases and conducted early experiments on AI applications, they are realizing the need for an end-to-end pipeline from data sourcing and for model training, deployment, and monitoring. Enterprises are also looking at creating a central model repository and adopting trustworthy AI practices.

NetOps

Trend 11

Organizations shift to intent-based networking (IBN)

Current network conversions focus on programmability, which is achieved by software-defined networks (SDNs) and network function virtualization (NFV). SDNs make networks flexible and create an agile networking landscape. NFV, with the help of cloud computing platforms, drives capacity scaling.

Trend 12

Open-source, closed-loop AIOps drive cognitive and intelligent next-gen OSS

Monitoring and service assurance solutions traditionally used legacy tools to manage and operate a network. With telcos leveraging 5G, IoT, and edgecomputing use cases to drive monetization, network response and reliability become the linchpin of the service level agreement. The latest trend is moving toward real-time, intent-driven solutions, mostly distributed and cloud-enabled.

ALM

Trend 13

OKRs help track decisions and product value

Organizations are extensively using objectives and key results (OKRs) to define and set goals, and to achieve outcomes. A set of key results defines the measurable outcome for these objectives. While OKRs have been in use for a while, the systems to relate these key results to the stated objectives in a near real-time manner were lacking. Here, VSM gets into the picture.

Trend 14

NoOps brings extreme automation and abstraction to the IT infrastructure

NoOps is intended to eliminate human intervention in software management and to allow operations teams to focus on value-adding activities. Hyperscalers that provide elements of the software, software-defined infrastructure, and networks have contributed to NoOps becoming a reality. Enterprises first moved from siloed development and operations teams to an integrated DevOps model, where the team that builds the system also runs it.

QA DevOps

Trend 15

Hyperautomation offers faster and more efficient testing

Hyperautomation (using AI to drive decision-making) is becoming a leading strategic technology trend that integrates RPA, AI/ML, intelligent business management software, and other emerging technologies to increase automation in enterprises. This trend is influencing software test automation evolution, as different tools, frameworks, and custom-developed solutions continue to enhance automation penetration and efficiency.

Trend 16

Real-time and automated security integrate with DevSecOps

DevSecOps introduced security earlier in the SDLC, expanding collaboration between development and operations teams in DevOps to include security teams. Security testing tools were introduced but were not integrated with continuous testing pipelines. This evolved into a shared responsibility, with everyone playing a role in building security into the DevOps CI/CD workflow.

Ask Experts

Adarsh Mehrotra

Adarsh Mehrotra

Industry Principal

Anupama Rathi

Anupama Rathi

Senior Principal - IP Deployment and Commercialization

Aswin Kumar

Aswin Kumar

Senior Industry Principal

Dhiraj Dhake

Dhiraj Dhake

Delivery Manager

Harleen Bedi

Harleen Bedi

Senior Industry Principal

Palani Shankar

Palani Shankar

Senior Delivery Manager

Subscribe

To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute’s publications

Infosys TechCompass