By Gologic with the collaboration of Alexandre Couëdelo.
As 2023 marks the 15th anniversary of DevOps, we can expect to see the maturation of other approaches born out of the DevOps example. These are sometimes called xOPS (DevSecOps, FinOps, DataOps, BizDevOps, GitOps, etc.). This means that we should expect each of them to provide more specialized tools and frameworks to tackle specific challenges.
We anticipate a lot of focus on security/DevSecOps. The software supply chain is increasingly at risk and, with recent news of high-profile attacks, it is becoming now more important than ever. Additionally, new regulatory rules and compliance requirements, such as the Loi 25/Bill 64, push organizations to take a more proactive stance toward security and data privacy. To address these issues, we expect to see an increased focus on security in the form of Policy as code, and Zero Trust architectures.
GitOps is an increasingly popular DevOps application that we should expect to see propagate and be adopted by many companies. In the SRE (Site Reliability Engineering) space, we expect to see more emphasis on better SLO/SLI instrumentation in order to measure system performance and availability.
We should also see the rise of (Cloud) FinOps to help with financial management and cost optimization. Finally, AIOps and ChatOPs are expected to become game changers in the field, as they offer automated operations and self-service capabilities.
In this article, we will delve deeper into the eight top trends that are expected to take the DevOps world by storm in 2023.
1- DevSecOps — Software Supply Chain
Software Supply Chain Security is increasingly important in the DevOps world, as the number of attacks targeting open-source repositories has grown significantly in recent years. The Solar Winds supply chain attack is a key example of this and is not an isolated case.
The need for Software Bill of Materials (SBOM) in pipelines has become essential to evaluate the potential risk related to dependence. Additionally, the OpenChain project is leading the way in helping enforce high standards and compliance with open source, while Pyrsia is a tool designed specifically to increase the trust and traceability of open-source packages. As always, improvement born in the open-source community should spread to the corporate world.
2- DevSecOps — Continuous Compliance
Continuous compliance is a proactive approach aiming to maintain the organization’s requirements set by regulations, such as the Loi 25/Bill 64. The fine for not adopting such regulations is astronomical (up to CA$25 million or 4% of the worldwide turnover of the preceding year). Similarly to Europe’s GDPR, the new Canadian regulation requires each organization to appoint a Privacy Officer (DPO). But how can that officer control and audit the organization continuously? How could we better share compliance responsibility across the company? Both are important questions that companies will need to answer this year.
The first steps toward that goal will be to couple data science tightly with best practices, such as data catalogue, which is an inventory of all data assets across an organization, and data mapping, which is an inventory of all data pipelines and transactions of an organization, also known as data lineage.
3- DevSecOps — Policy Framework
Policy framework allows for the declarative writing of policies as code. This can be used to allow or deny different actions based on compliance or safety rules, such as validating Kubernetes manifest configuration, Terraform configuration, and even network traffic and user authorization. OPA (Open Policy Agent) is an example of such a framework; it provides an easy-to-use policy language called Rego, allowing the same language to be used for policies of different services and tools. There is also an awesome-opa repository that lists useful OPA-related tools and projects. Other alternatives do exist, for instance, Kyverno, but it is Kubernetes-only.
4- DevSecOps — Zero Trust architecture
Zero Trust architecture is gaining in popularity as a way to rethink how we manage access to corporate resources, especially internal applications and sensitive data. The underlying principle of Zero Trust is to never assume that someone with access to the corporate network is necessarily trusted and to always verify identities and credentials before lending access. This requires short-lived credentials and on-demand access provisioning to be used, as well as authentication, authorization, and encryption protocols.
Something to be wary of is that many vendors are using the term Zero Trust as a marketing buzzword without providing a complete Zero Trust solution. Hashicop Boundary seems to be really interesting and just reached GA, so it’s definitely something to keep an eye on in 2023.
GitOps is a modern DevOps methodology that is becoming increasingly popular. GitOps uses Git repositories to store and version infrastructure configuration (Kubernetes manifest, terraform code, etc.). In 2022, two popular GitOps tools, Flux CD and Argo CD, were graduated from the Cloud Native Computing Foundation (CNCF). This has made GitOps a mainstream practice, and organizations that still need to adopt it should strongly consider doing so. In the future, Kubernetes-style manifest will be the preferred way to define the infrastructure and we may see the use of Terraform replaced by tools that better follow the GitOps approach.
6- SRE — SLO/SLI instrumentation
SLO/SLI (Service Level Objective/Service Level Indicator) is one of the main SRE practices and an essential way to measure system performance and availability. This approach promised to help engineers reduce alert fatigue, by having a structured approach to the observability and alerts that are connected to the business values and user experience. However, the lack of tools and integrated solutions prevented its adoption in many companies, making it the holy grail of SRE. To facilitate the adoption of SLI/SLO, tools such as Kubernetes (version 1.26) added support for SLI metrics. Other open-source and commercial solutions should definitely put in the effort, to make SLI/SLO mainstream.
By leveraging SRE expertise and tools, it is possible to optimize the cloud infrastructure in terms of cost and usage. CloudFinOps focuses on understanding the cost of the entire cloud infrastructure, from computing and storage to networking, to SaaS and third-party services. This bridges the gap between technology, finance, and data. We will definitely see more tools like KuberCost and InfraCost to improve visibility, best practices and automation of cost optimization processes.
Unless you were living under a rock in 2022, you must have heard of GPT-2, GPT-3 and GPTChat, the latest and highest-performing language models. They can do a great variety of things, from generating text, translating, writing code to answering complex questions. Undoubtedly, this technology will come into the industry and will aim to help with IT operations and support. This could be anything from chatbots helping with access and security protocols to self-service architecture provisioning. Who knows what’s to come? DevOps practitioners may achieve their ultimate goal: automate everything and replace themselves.
2023 promises to be an exciting year for DevOps. We should expect to see an explosion of DevOps-inspired methodology that will come to fill the gaps in the software supply chain.
Security with DevSecOps will be the major focus for 2023. In response, we may see numerous emerging best practices with Software Supply Chain Security, Continuous Conformity, Policy Frameworks, and Zero Trust Architectures.
GitOps and SRE keep shining and are becoming mainstream across the industry. GitOps is becoming the standard way to manage infrastructure, and SRE should become more and more accessible with better SLO/SLI instrumentation.
Finally, CloudFinOps, AIOps, and ChatOps are revolutionizing the IT market, providing even more automation and cost optimization. 2023 is only the beginning of these changes!
These trends will continue to shape how DevOps is practiced in the future and help organizations better meet their goals.
Do you want to implement some of the xOPS approaches presented previously? Explore our services or contact us to learn more about our strategic approach. Gologic is a company specializing in DevOps, and which has been supporting local organizations in digital transformation for more than 10 years.
By Gologic with the collaboration of Alexandre Couëdelo.