Clicky

CNCF Publishes Latest Technology Radar Focused on DevSecOps

CNCF released the sixth edition of the End User Technology Radar. The theme of this issue was DevSecOps, the integration of security into every step of the software development lifecycle. The radar team highlighted that there are many DevSecOps tools out there today, and the area is growing and changing rapidly.

Courtesy of the Cloud Native Computing Foundation

The Technology Radar team reported on three key topics that emerged from this survey. The first issue is that the tools available today are better tailored to the needs of security teams than developers. While there are many promising tools out there, there is no one that can offer a holistic approach to solving all challenges.

According to the results of the radar team, these are among the most promising tools available eyelash, Left, and useful information. Such tools are good at solving at least one problem, but there is room for consolidation.

Keith Nielsen, Director of Cloud Architecture at Discover Financial Services, one of the companies taking part in the survey, illustrated how his organization deals with such challenges:

Unless you’re going all-in with a cloud provider’s set of tools, put things together yourself. The tools have improved in terms of how they interact with them and the information they give back to you. However, there is no silver bullet here.

The second issue is that the DevSecOps space is changing rapidly. The radar team emphasized that practitioners today have a variety of security tools that they can evaluate, decide, and integrate into their environment. In part because the rate of new services coming from the big cloud providers is increasing along with the rise of Kubernetes. These two factors make it more difficult to use services securely and to incorporate them into new security tools.

Sergiu Petean, Head of DevOps at Allianz Direct, commented on the difficulties practitioners are facing today:

The speed of innovation and digitization is currently a very important factor. Often times you find yourself in a place where the old security method no longer works and you are looking for other security measures.

The third topic is about Microsegmentation, a network security technique for logically dividing and isolating workloads and then applying security controls to such individual entities. The radar team indicated that microsegmentation is a significant challenge not only in terms of getting the right technology in place, but also in terms of changing the mindset of business practitioners who are used to traditional network security practices.

Some of the tools included in the microsegmentation radar include The same thing, calico, and the Open Policy Agent (OPA).

21 companies took part in this survey and contributed 171 data points with a total of 252 votes from end users.

Per Webinar For this edition, the results of the survey conducted in September 2021 were limited to 21 end-user companies, including Spotify, Intuit, Squarespace, Zendesk and Discover Financial Services.

End users can recommend or Vote on the nearest tech radar. In addition, feedback can be sent to info@cncf.io.