An extension of the now popular DevOps process, DevSecOps has become a growing priority for IT professionals in the past decade, and has rapidly evolved to meet new demands and ways of working across organisations heavily reliant on digital processes.
It has now become integral to modern software engineering.
In the past couple of years particularly, we’ve seen great advancements in how DevSecOps is being delivered more efficiently. For example automation through extensive scripting, infrastructure-as-code and policy-as-code have enabled teams to consistently deploy secure applications at speed.
However, these capabilities demand specialised skills and dedicated personnel, alongside developers and IT operators, which are increasingly hard to source.
Most organisations today struggle with talent gaps, limited visibility and piecemeal coverage, which is hindering IT teams’ ability to keep up with the increased complexity of software and app development and pace at which new digital features today need to be developed, tested and shipped.
The good news is the emergence of new technologies and processes, such as generative AI and ClickOps, will tremendously help organisations fill these gaps and overcome these barriers in the next coming years.
Here are ways in which new doors are opening for DevSecOps professionals, and the challenges that will be key to address to create a new DevSecOps era.
Generative AI: The Power to Enhance DevSecOps, But Hurdles Still Need to Be Overcome
In the DevSecOps domain, generative AI (GenAI) is still an emerging technology that needs to be improved before it is production ready. Unlike the consumer market and content marketplace, where the output quality has reached an acceptable level, DevSecOps requires high-accuracy output to be executed on mission- critical systems.
GenAI systems are great at creating cool demos but need significant improvement to produce high-accuracy and dependable code.
While this may seem to be a pessimistic point of view, it is not, GenAI is augmenting productivity and this is a launch point for DevSecOps practitioners and it is very likely that 2024 will be the year of a broader penetration of GenAI output as a code delivery vehicle from a developer who is augmented to their DevSecOps team.
This alone will result in significant productivity improvements.
Now, it is important to acknowledge the current concerns coming from both the technology community and end users when it comes to the growing use of artificial intelligence models.
For gen AI to be used in a meaningful and sustainable way in the context of DevSecOps, a shift of mindset needs to happen so developers understand that GenAI will not replace their roles, but rather amplify their productivity and make parts of their jobs – including tedious things like code reviews – easier so they can focus on more interesting parts of the development lifecycle.
Secondly, organisations need to prioritise AI frameworks built around trust, transparency and accountability.
Democratising DevSecOps with ClickOps
DevOps has evolved from just scripting to efficient scripting and then Infrastructure as Code which opened the possibility of bringing SDLC practices (a systematic approach to design, develop, and test software) to infrastructure monitoring and management.
But when organisations scale their infrastructure, the team also needs to scale and look at efficient ways to configure, deploy and manage infrastructure.
With emerging skill gaps, and an appetite to accept SaaS products in DevSecOps practices, there is a need to democratise DevOps skills and bring solutions which are easy to start, adopt and scale.
This is where ClickOps is making an evident entry in DevSecOps practices where UI based workflows are being used for the most common templating scenarios which will reduce the burden of skill gaps.
This is not replacing it as a code paradigm but acting as a bridge to onboard new practitioners onto the DevSecOps domain for most common use cases while keeping the option to switch back to as-a-code approach for solving complex and exceptional scenarios.
ClickOps uses no-code/low-code development platforms that involve assembling reusable components through intuitive click-based interfaces instead of complex coding, allowing anyone to meet development demands without the deep technical skills required for DevSecOps.
ClickOps platforms have revolutionised the integration of software development life cycle practices into IT infrastructure monitoring and management, enhanced productivity, agility and delivery of DevSecOps by complementing existing coding investments with quicker time-to-value. They are also known to solve the challenges around skill gaps and talent shortages as ClickOps democratises the DevSecOps capabilities beyond specialised coding teams.
While still nascent, generative AI and no-code ClickOps solutions show immense promise for augmenting and spreading DevSecOps capabilities more widely in 2024, enabling enhanced delivery, and scalability across critical systems.
