Platform engineering, SBOMs and off-the-shelf solutions -- development predictions for 2023
Developers are under more pressure than ever to deliver projects quickly, but at the same time applications and the supply chain need to be kept secure.
So, what things can we expect to see for development in 2023? Here are some expert views on the key trends.
Hugh Njemanze, founder and president of Anomali, says it's important to maintain oversight of the development environment. "Awareness of your assets and supply chain vectors has never been more critical. Particular attention should be given to your shared development environments, where you work with third parties and contractors in developing and maintaining your applications. Maintaining oversight over the security and access to these environments, assuring development practices, maintaining adequate segregation of code bases, data, and documentation, and assuring the integrity and fidelity of the code base and build procedures is critical."
Haseeb Budhani, co-founder and CEO of Rafay Systems, sees platform teams taking some of the pressure off developers. "In 2022, technology leaders recognized that their developer productivity was being mired by the complexities of Kubernetes and cloud infrastructure. Many leaders started considering the institution of platform teams to address these complexities in a holistic, enterprise-wide fashion. In 2023, platform teams will become the norm in enterprises, and will develop self-service capabilities that abstract these complexities from developers, allowing them to get back to what they do best -- rapidly deliver new application capabilities to customers. These self-service capabilities will allow developers to move fast via automation, but will also enforce guardrails through tools and workflows that enable enterprise-wide standardization"
Tobi Knaup, CEO at D2iQ, also thinks platform engineering may displace DevOps. "With the rapid development of Kubernetes and cloud-native applications, organizations are realizing the inadequacies of their IT teams to leverage DevOps practices. We've seen that DevOps workload is difficult to practice in small and medium-sized enterprises, as well as in large enterprises that lack sufficient talent. The gradually accumulated cognitive load ultimately leads to a less agile and efficient collaboration between teams. Given these issues, more organizations in 2023 will reassess the DevOps model and adopt platform engineering as an alternative. With the rapid development of cloud-native applications, platform engineering will gradually replace DevOps in many organizations by providing the Internal Developer Platform that provides a 'golden path' to more easily deploy, manage, and scale Kubernetes and applications on top."
Ryan Davis, CISO of NS1, says software bills of materials will become industry standard:
Software Bill of Materials -- lists of all the third-party components a certain piece of software uses -- will become an industry standard for software vendors in 2023. Biden's SBOM executive order in May 2021, and subsequent memorandum in September 2022, played a major role in this, but so has the sheer utility of having an SBOM in place. SBOMs offer much greater accountability than the questionnaires companies typically send vendors, allowing for more detailed insights into their software supply chain. If zero-day threats occur, you can see which vendors have compromised components, and then contact them to see how they are addressing the situation.
That said, SBOMs will lead to new challenges. Greater scrutiny of the software supply chain will trigger challenging conversations regarding any software you create or use, as your partners develop more rigorous demands about the software components you source. Vendors will become more rigorous in keeping security measures up to date, but it won’t be feasible to remove every suboptimal software component immediately. CISOs will need to think tactically about the risk of a certain component versus the disruption caused by replacing it.
Lacework's chief architect, Ulfar Erlingsson, thinks moving to the cloud will drive a move to continuous development culture. "The complexities of the cloud are only increasing as more applications and workloads are migrated to the cloud. This dynamic will likely never change. Cloud capabilities continue to expand, and most companies' workloads already comprise several generations of cloud technologies, often span multiple different cloud providers, and increasingly involve a web of third-party SaaS services. The cloud is different from on-prem operations, and in many ways more difficult, which is why you need security tools and processes in place as soon as possible. Some companies are just starting their move to the cloud and while others are already well on their way, they're all learning about the many challenges that come with that transition. In particular, moving to the cloud necessitates developing a continuous development and operations culture, since the cloud is based on frequently-upgraded services and open-source software -- which itself requires adopting secure software development practices and a shift-left organizational change."
APIs will mean reduced need for software engineering skills says Rapid's CEO and founder Iddo Gino. "APIs make it easy to adjust, transform, enrich and consume data -- traditionally there was a need for hundreds of highly paid engineers to manage the data and data scientists were needed to understand algorithms. In 2023, we will see a shift towards APIs technologies managing data as a way to gain insights and also control data related costs which means people will no longer need to have highly developed engineering skills to harness the power of data."
CEO and co-founder at Leapwork, Christian Brink Frederiksen, thinks low-code and no-code solutions are over-hyped:
A quick search will show you how much noise there is around the low-code and no-code automation space. As an area of technology, it is often discussed, but seldom understood.
The market is full of businesses claiming to offer 'no code' tools. When you take a look under the hood though, they still require an understanding of coding and some, albeit minor, coding skills to operate. This is confusing decision makers at businesses that are going to be faced with tough decisions over the next year.
As we lurch towards an economic downturn, we'll likely see automation discussed more frequently as a solution to keeping basic functions moving. 2023 is supposed to be the year of the rabbit according to the Chinese zodiac. Unfortunately in the automation space, it will be year of the waffle. We'll see more 'noise' around what solutions can offer and how ‘easy’ they are to rollout and use. This does nothing to help executives make informed choices about what their business needs to navigate the turbulence that is coming.
Business decision makers need clarity about what is low code, what is no code, and whether either is the right choice for their teams.
EvolveWare CEO Miten Marfatia believes we'll see legacy systems migrate to off-the-shelf solutions. "Next year we will see a surge in IT leaders migrating legacy applications to commercial-off-the-shelf (COTS) products. This will allow organizations to exit the time-consuming business of developing and maintaining code, and instead rely on out-of-the-box applications, thus accelerating the modernization process. The COTS approach will gain more traction as modern platforms are developed with standard business rules and workflows that meet most of the requirements to perform specific functions. The key to successfully implementing this approach will be to first determine whether an available COTS product will address the flow and primary logic of the original application by thoroughly assessing that application and its existing business rules. The modernization effort then required will be to extract rules from existing systems and export the 'delta' rules into these off-the-shelf products."
Jacob DePriest, VP and deputy CSO at GitHub, suggests there'll be more collaboration to safeguard the software supply chain. "We've seen greater mainstream emphasis on supply chain security, with events like SolarWinds and Log4j providing key reminders of the importance of securing critical code. The White House's Open Source Software Security Summit was a timely gathering of government and private sector stakeholders to discuss improving the security of open source software, and it's clear that there must be a collective industry and community effort to secure the software supply chain. I expect 2023 to bring even greater collaboration, with the public sector looking to the private sector to help inform policy, more organizations and working groups like the OpenSSF focused around shared security goals, and more direct partnerships between companies. Supply chain attacks do not recognize roles, corporate boundaries, or even national lines so it will require unprecedented collaboration to defend against them. At its core, supply chain security is about how the world builds software, so to drive true impact, these efforts will need to operate in support of the developers who design, build, and maintain the open source projects we all depend on."