2023 Predictions for DevOps and Supply Chain Security
Welcome to 2023! The year of the Linux Desktop, the rise of AI, Software Bill of Materials (SBOM), DevOps is Dead, Platform Engineering is Alive, and a CNCF landscape that won’t be getting any simpler! Seriously, the technology and software sector is growing at a faster pace than any time I can ever recall.
Where do we even begin? I hope you enjoy some predictions and trends that will become more and more evident in 2023. This is not meant to be all-encompassing, but it will cover some topics that I am passionate about and, more importantly, what software developers, application teams, security, and DevOps (Platform Engineering) practitioners should focus on this year.
Complexity is not our Friend
Last year, I attended many in-person events of varying sizes across a few continents. Plus, a few virtual events for good measure. Unique themes for each event were set, yet somehow the underlying theme for talks, the hallway track, and conversations were about complexity.
Complexity: the state or quality of being intricate or complicated.
With a goal of reducing complexity, here are a few predictions or areas of thought as we enter 2023.
The Software Supply Chain
By now, you have heard the phrase Software Supply Chain. This has become the go-to phrase for marketing campaigns and messaging. We have also heard plenty of noise about reducing toolchain Complexity. Those tag lines are a bit too simplistic! Think about the broader Software Development landscape and how you even decide where to begin. I believe the Software Supply Chain in 2023 will move beyond marketing taglines and focus on what really matters.
Value to the Business
Start with the reason we are all in this position in the first place:
Delivering best-in-class software for the business that delivers value to the end user.
Why is my favorite technology or pet open source project not included in that description? I will be the first to admit that technology matters to me. I have opinions on what works best and why I use it compared to others. Our opinion isn’t a priority; we should be delivering business value. This will be the year of getting back to what started it all, delivering value to the business in a secure and simple manner.
Security First, Security Last
As hard as it will be, the early days of 2023 show that security will be a problem we all must work together to solve. Many buzzwords and phrases are focused on this topic, but they all seem short-sighted at best. In just a few short weeks in 2023, there have been several internal conversation about the trade-offs between security and usability.
Think about the stories we hear about the not-to-be-named company that provides a universal and distributed password management solution. In short, they decided to prioritize usability over complexity a few years ago. I get it. We all get it. Rather than think about the long-term effects, they made a decision that led to several breaches and unauthorized access to both customer data and internal systems. That decision could have been avoided by providing instructions and an upgrade path for their customers. Instead, they chose to say nothing and look at the results.
Security will become first and last in 2023!
Software Bill of Materials (SBOM)
There had to be at least one prediction on a buzz-worthy topic. The buzz is now a reality! We can thank governmental guidance, executive orders, and continued struggles with security for this one showing up. Technology trends are often cyclical and take time to gain the momentum necessary to lead to meaningful change.
A Brief History
- May 12, 2021 - Executive Order on Improving the Nation’s Cybersecurity
- June 02, 2021 - NTIA issues the Software Bill of Materials Elements and Considerations
- August 2021 – ISO introduces ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1
- September 27, 2021 – NTIA introduces Vulnerability-Exploitability eXchange (VEX)
- October 10, 2021 – NTIA issues Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)
- September 15, 2022 – EU introduces Cyber Resilience Act
Entering 2023, government agencies and private sector vendors (including Cloudsmith) have and will deliver solutions that solve the SBOM challenge. One of our customers detailed the first step in their plan; a need for a read-only list of all software packages used across all of their applications, including their dependencies and vulnerabilities. Seems easy to get right, but not at all! They identified a significant challenge due to the lack of visibility of packages across every aspect of the business. Due to a variety of package management solutions across distributed teams, they are now rethinking their strategy to become more universal and holistic. With Cloudsmith, they will have a universal distribution and package management solution that lets them search for transitive dependencies across their software supply chain.
The trend of SBOM is only heating up and will be a key talking point in 2023 to reduce complexity and ensure application security.
You can read more about the intricacies of SBOMs by checking out the blog "Understanding and Implementing a Software Bill of Materials" by CEO Alan Carson from last year.
External forces have caused Application teams to take on more responsibility. Writing code was once the standard for software developers. Not anymore. Today, developers attempt to be experts in infrastructure, data modeling, resiliency, platforms, and more.
Developers will focus on getting back to their core competencies in 2023. The need to understand and know about the overarching dependencies will remain the same. Specialty teams will continue to form, offering freedom of choice to developers while ensuring business applications and services are delivered securely.
DevOps is Alive in Platform Engineering
Seriously, I have worked at and with organizations with Platform teams for several years. So why all the rage? I have my opinions, but those are better saved for other mediums like Reddit and Twitter.
Platform Engineering is Built on DevOps Principles
It would be impossible to predict the definition of DevOps! Every organization and team have created a definition and method for execution, but the core principles of DevOps have not changed:
- Continuous improvement
I will skip collaboration because it fits into the next prediction.
Self Service Automation
While I disagree with some aspects of Platform Engineering, the principle definition is solid.
Platform engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in the cloud-native era.
This definition sounds like DevOps, no? Yes! Tools, Cloud Native, and workflows are all key tenants of DevOps; no one can dispute that.
Self Service will become the key focus in 2023 but in more ways than CI/CD, Shift Left Security, etc. Self Service will include services, package dependencies, RBAC, configuration variables, and debugging tools.
Yes, a trend for 2023 will be focused on Continuous Improvement. Why would I include this as a prediction? Simply put, every organization is challenging the status quo.
Think about the evolution of “as Code.” We started with Infrastructure as Code, moved on to Policy as Code, and expanded with Compliance as Code; it only makes sense to deliver a Platform as Code.
Platform Engineering is the next step in the evolution of software development to ensure business value, application security, and developer freedom! And DevOps will continue to be the basis for that trend.
Collaboration amongst Distributed Teams
Gitlab championed the asynchronous workplace as a key principle for their all-remote workforce.
Asynchronous work is a simple concept: Do as much as you can with what you have, document everything, transfer ownership of the project to the next person, then start working on something else.
My prediction for 2023 is that teams and organizations will take the all-remote approach and extend that effort to every aspect of the software development organization. And I don’t mean more and more time zones and continents. Over the past decade, we have seen the expansion and creation of Platform teams, Data teams, AI teams, Infrastructure teams, SRE teams, Cloud teams, Security teams, Pizza teams, etc.
I am talking about collaboration between the expanding specialty teams. With the added specialty teams and areas of focus, the complexity has grown with it.
Think about the basic concepts from Gitlab and add a software development twist:
- Document your code: We should have been doing this anyway
- Transfer ownership when required: Think about all of those teams that can help
- Transition to the new application: Legacy debt increases complexity
- Do what you can with what you have: Think about the password management story
Tear Down the Complex, and Improve for the Future
In closing, 2023 is the year of reducing complexity while delivering secure software and services for the business. If we don’t, the business and the rest of the ecosystem will leave us behind. Or we will all burnout along the way!