Not surprisingly, the COVID-19 pandemic loomed large for some.
2020 has been the year of rapid tech acceleration, with 74% of Australian technologists reporting that digital transformation projects which would typically have taken more than a year to be approved were signed off in a matter of weeks. As we approach the New Year, developers should not be resting on their laurels but instead focus on maintaining momentum and continuing to innovate for their businesses," says AppDynamics regional chief technology officer Gregg Ostrowski.
That acceleration, combined with the number of people working from home, has had an effect on network traffic.
|
|
"The pandemic has led to a surge in Internet traffic around the world. We think that this surge will persist through 2021. The virus isn't going to be beaten soon, and new internet use habits, at home and at work, are now ingrained," observes Cloudflare CTO John Graham-Cumming.
"We also think high variability (from day to day and morning to evening) will continue. So, developers should look for platforms that scale with their own product's growth and growth of internet use. And not be locked into platforms that make them reserve capacity (and pay for it) just to handle the spikes."
Developers have a key role to play in meeting consumers' expectations of high-quality digital experiences, even when face-to-face interactions start to bounce back, suggests Nuance Communications senior vice president of R&D and conversational AI David Ardman.
"I'm a believer that a good developer experience is more likely to generate a good customer experience, and that developers should prioritise DIY approaches and maintain their creative freedom to help brands differentiate themselves in the experiences they offer."
"There's currently a realisation in the community that the DIY route and building rather than buying can support more impactful digital engagements, and I strongly support that trend and encourage developers to prioritise approaches that enable experimentation and autonomy in 2021."
The scale of working from home has brought renewed attention to security, and that's likely to persist.
"Security has never been more important. In the second quarter of 2020, Cloudflare observed the number of L3/L4 DDoS attacks doubled compared to the first three months of the year. Keeping a site online during COVID-19 can be the difference between a business staying afloat or going under," says Graham-Cumming.
To some extent, security issues can be prevented rather than fixed after they become a problem.
"As DevOps begins to take the infrastructure build lifecycle away from traditional corporate IT teams, resulting in both agile development and accelerated innovation, it's pivotal to ensure security checks and controls are also included in this streamlined initiative," says McAfee director of systems engineering Sahba Idelkhani.
"Failing to include security into this lifecycle will not only inhibit the agility the business is seeking, but also lead to wasted efforts on both sides. Security teams will inevitably end up chasing alerts for insecure environments already built (e.g. misconfigurations and vulnerabilities), whilst developers may end up gaining additional technical debt as a result of having to rework code and rebuild to mitigate the risks highlighted by their security teams
"As we move into 2021, the changing, volatile threat landscape means DevOps teams should work in tandem with their security counterparts. This will ensure their organisation's security tools can be incorporated into their DevOps process as early as possible — ideally in their CI/CD pipelines during the build process. Developers should also provide visibility into the types of architectures they're proposing to use in future projects to their security counterparts.
"For example, a company may typically develop using monolithic architectures, but the DevOps team is now looking at building using microservice-based or event-less serverless architectures. This insight can help lead security teams to leverage cloud security platforms, rather than bespoke siloed security tools — which is incredibly important considering the acceleration in cloud-based attacks as prompted by COVID-19. McAfee's latest threats report revealed that attacks on cloud services users reached nearly 7.5 million."
Secure Code Warrior CEO and co-founder Pieter Danhieux says "This year we've seen technology adoption skyrocket as businesses across the globe went remote to ensure business continuity. As IT departments grappled with how to secure their dispersed workplaces, cybercriminals continued to scan for vulnerabilities, leading to a spike in the number of data breaches. While cybersecurity may have cemented its place as a top priority for business leaders, there's still tipped to be at least one zero-day exploit per day by 2021, meaning there is an urgent need for developers to create code that is not only functional but also secure from the outset.
"For years, industry leaders have sought to 'shift left', but this isn't enough — we need to start left and embed security right at the code level to drive more positive outcomes. While the decision to shift to a DevSecOps program needs to come from the top, developers in the trenches should be security-aware and their organisations should enable a secure coding mindset. This will not only elevate the business' security posture but more importantly, it will prevent recurring vulnerabilities from infiltrating their software development lifecycle from the very beginning."
Such changes don't just happen: they require an investment in training.
"As business leaders and CIOs evolve their digital vision to keep in pace with and adapt to today's increasingly virtual landscape, developers and IT teams are at the vanguard of executing. So from a developer's point of view, a commitment to continuous learning is a must-have," said software architect and Pluralsight author Duncan Hunter.
"A recent survey of developers revealed that 75% say they learn a new technology at least every few months or once a year. This is a testament to how quickly the tech landscape will transform in 2021. The prioritisation of upskilling has truly never been more important for developers who are, right now, on the cusp of digital innovation.
"From experience, a commitment to my own tech skills development has not only unlocked my potential and opened the doors to new opportunities within the industry, but enabled me implement emerging DevOps principles and languages, and so adapt to an advanced and changing landscape."
Danhieux says continuous learning through the right tools and knowledge is essential.
"Developers need to actively upskill, build their knowledge and engage in professional development opportunities to enhance their secure coding prowess. It's the only efficient and long-term solution to significantly reducing the number of security bugs that have been and continue to be, responsible for allowing attackers in through the back door."
Such messages are getting through.
"In 2021, developers will need to use telemetry and observability data to gain meaningful and actionable insights, as the application landscape continues to evolve into a space where everything is code, and app visibility and security are simply not optional," says F5 solution architect Scott Van Kalken.
Encouragingly, a recent F5 report revealed that 48% of DevOps people classified the deployment of an application without security, as one of the worst things they could do.
But it's not just about what happens in house.
Ivanti NZ area vice president Matthew Lowe notes that "Trust and reliability quickly became the most valuable asset in 2020, a year characterised by great uncertainty. With this sentiment unlikely to falter, developers must prioritise the investigation and scrutiny of their third-party suppliers as they impact cybersecurity and performance.
"Developers who take shortcuts on the vetting process in favour of technology partners risk losing the trust of their end-users if things go pear-shape. Leaving it up to chance is a poor choice.
"Investing time in analysing vendors patching and update release cadences, and responsiveness to security vulnerabilities should become second-nature for developers especially due to the increasingly volatile cyber threat landscape targeting their business and partners."
Automation has an important role to play in keeping up with these changes, he says.
"As digital transformation continues to be the top priority for many businesses heading into 2021, developers should turn to automation for an extra layer of reliability. Regardless of the third-party vendor, automation affords the confidence that any patches or updates are applied in real-time and security vulnerabilities are rectified as soon as, if not before, they are discovered."
Van Kalken adds "Applications are the engines of the digital economy, and now more than ever before, various industries are moving to a virtual or digital format.
"To keep up with technology's evolution and release applications with speed, developers must tap into low code and Software-as-a-Service solutions which are crucial for continuous application deployment, delivery, and observability.
"In tandem with this approach, developers should be prioritising the use of data and insights to make their applications adaptive, as this will become the new imperative for applications."
Rackspace Technology ANZ senior manager professional services Glenn Mason takes a broad view of the year ahead.
"DevOps in 2021 should be about embracing simplicity and focusing back on delivery of customer value, through application and solution architectures designed to provide fast feedback. New application delivery frameworks such as the recently released Hashicorp Waypoint is a perfect example of allowing teams to focus on fast deployments. GitLab has its Auto DevOps functionality, which is a similar approach, concentrating on the application and the outcome.
"Another change I envisage, on the way to fast feedback, is organisations creating company-specific application initialiser frameworks. Initialiser frameworks can be started by forking the already popular start.spring.io or start.steeltoe.io. From there, organisations can build in their standards for integration, security, logging, authentication, the list of goes on.
"This evolution of DevOps is about moving away from having an infrastructure mindset to a team focused on capturing customer value. By creating an innovation starter kit, we allow teams to move fast with the architectural guard rails built-in from the first line of code. Leveraging these new application delivery frameworks and having company-specific application initialisers are practices that help set a culture that values simplicity and fast delivery cycles.
"Looking ahead, DevOps should be about building systems designed to work in modern digital transformation environments. Systems that allow rapid customer feedback, through a lean product development process, that will unlock the value of these digital transformations."
Ostrowski has a similar view.
"There is the need to shift their mindset from just 'getting things done' to acting as agents of transformation and harnessing the potential of AIOps — the integration of big data analytics, machine learning (ML) and other artificial intelligence (AI) technologies — into IT operations.
"With budgets decreasing and workloads increasing, the implementation of such technologies will allow developers room to be more innovative and forward thinking, rather than becoming caught up in the daily mundane tasks.
"With AIOps, IT teams can evaluate whether a new approach is working by analysing data on an hourly basis compared with waiting days, weeks, or even months for feedback and data to come through. It is integral for developers to be provided with the ability to respond and pivot and make rapid modifications to achieve desired business results."
