CNCF published the sixth version of the end-user Expertise Radar. The theme for this version was DevSecOps, the combination of safety at each step of the software program improvement lifecycle. The radar staff highlighted there are a lot of DevSecOps instruments in the present day and the area is rising and altering quickly.
Courtesy of the Cloud Native Computing Basis
The Expertise Radar staff reported three key themes that got here out of this survey. The primary theme is that accessible instruments in the present day are designed to fulfill the wants of safety groups higher than builders. Whereas there are a lot of promising instruments accessible, there is no such thing as a one instrument that may present a holistic strategy to fixing all of the challenges.
Based on the radar staff findings, a few of the very promising instruments accessible embrace Cilium, Linkerd, and Trivy. Such instruments are good at fixing a minimum of one drawback, however there’s room for consolidation.
Keith Nielsen, director of cloud structure at Uncover Monetary Companies, one in all collaborating corporations within the survey illustrated how his group is coping with such problem:
Except you’re going all-in with a cloud supplier set of instruments, you’re stitching issues collectively your self. The instruments have gotten higher when it comes to the way you work together with them and the data they provide you again. Nevertheless, there is no such thing as a silver bullet right here.
The second theme is that the DevSecOps area is altering quickly. The radar staff underscored that practitioners in the present day have a plethora of safety instruments to judge, determine on, and combine into their environments. Partly, as a result of the speed of recent providers popping out of the most important cloud suppliers is growing mixed with the rise of Kubernetes. These two elements make it more durable to eat providers securely and combine them with rising safety instruments.
Sergiu Petean, head of DevOps at Allianz Direct, commented on the struggles practitioners are going through in the present day:
The pace of innovation and digitization at present is an important issue. Typically, you end up in a spot the place the previous method of doing safety doesn’t work anymore and also you’re on the lookout for other ways of doing safety.
The third theme is about microsegmentation, a community safety strategy of logically dividing and isolating workloads after which making use of safety controls on such particular person items. The radar staff identified that microsegmentation is a big problem not solely when it comes to adopting the proper know-how however when it comes to altering the mindset of practitioners within the enterprise who’re used to conventional community safety practices.
On this survey, 21 corporations participated and contributed 171 information factors with a complete of 252 votes from end-users.
Per the webinar about this version, the outcomes of the survey performed in September 2021 have been restricted to 21 end-user corporations, together with Spotify, Intuit, Squarespace, Zendesk, and Uncover Monetary Companies.