Compliance as code adoption in 2022

Prashanth Nanjundappa is VP of Product Management at Progress. He has spent his entire career of over 20 years in the tech world, managing cross-functional high-performance teams, focused on building and launching enterprise and consumer products globally.

In the first 12 years of his career, Prashanth worked as a developer, technical lead, and architect for mobile, video-broadcast, and OTT, SaaS, and PaaS products. Prior to joining Progress, he led the product management teams for high-tech B2B and enterprise products at companies like Cisco and Knowlarity. He has spent time working in Italy, France, and South Korea.

Prashanth has an engineering degree in Electronics & Communication from Bangalore University and an MBA from the Indian School of Business (ISB) Hyderabad. Nanjundappa discusses his 2022 predictions about the increased adoption of compliance as code.

Increased adoption on compliance as code

The threat landscape continues to evolve in tandem with hybrid workplace models. Yet, despite the shift to hybrid work and increased vulnerabilities, many organizations have not fully implemented compliance measures that meet the growing need for documentation or support automation’s role in enhancing security. Policies need to be clear, especially as organizations continue to build out and expand their cloud resources. They should also be testable, shareable, and trustworthy. Security and compliance issues arise when policies are ambiguous and not clearly defined - policies should not be open to interpretation or unambiguous. As DevOp leaders enter 2022, development test environments will see an increase in adopting compliance as code.

More traction on Policy as Code

We have seen IaC, i.e Infrastructure as Code and Compliance as Code being seen as first-class citizens in many organizations who have matured in the DevOps journey. As organizations move more workloads into the cloud, the need for security and compliance automation has accelerated. IT teams must continuously deliver change in their technology environments while maintaining adherence to business policies ranging from governmental regulations to security best practices. Consequently codifying policy to code or Policy as Code approach to automate the implementation, validation, and governance of business policies will see traction. “Policy as Code” has become a more reputable way for companies who need an agile way to continually modulate their security policies as a security best practice. Its ability to provide specific compliance visibility and alignment for varying internal groups and practice requirements at scale makes its adoption a high priority next year.

Attracting DevOps Talent

The DevOps responsibility landscape is evolving rapidly - leaving practitioners unsure if their current skill set matches an organization’s future need. Leaders need to invest in upskilling as the expectations and responsibilities continue to expand within developer roles. If they don't, DevOps positions will continue to be empty and reinforce the current labor shortage.

DevOps seeks to align those teams that contribute to the production environment, so naturally, seek agile, integrative tools in an effort to decrease:

Disparate skill sets in applications and code that create complexity.

Expensive overhead and administrative costs.

License agreement alignment.

To this, customers will continue to look for ways to consolidate their toolsets and divert that expense towards investments in their workforce. They will either develop stronger internal talent or seek out the best talent that can take them to the next level. In 2022, organizations will need to provide safe and protected testing environments that will allow developers to train, fail and feel safe for in-role learning.

Shifting Left

Building strong, secure products throughout the software development life cycle requires continuous security integration in the delivery pipeline. Silos between developer, business development, and testing teams continue to create gaps in the feedback loops leading to a slower product rollout. However, with the increased adoption of DevSecOps principles for continuous testing and deployment, teams across all business units should codify their shift left practices with automation and increase communication in an effort to reduce failure. As organizations look ahead to 2022, automation will be a priority in maximizing shifting left principles and maintaining higher security standards. Building security into code during development and including initial verification runtime testing will be essential in realizing automation's contribution to workflow speed and product delivery velocity.

Microservices and DevOps

As we look forward to 2022, more organizations will implement microservices while keeping the DevOps mentality top of mind. Microservices and DevOps are not new concepts, and yet managing architecture, security and compliance remain a challenge. There are several layers to microservices and how they are managed with the deployment of automation. The first is container architecture, Kubernetes, and other services that create the challenge of managing architecture. The second is the posture of security, compliance, and governance of the container system. Microservices and DevOps will continue to converge and become more complicated to manage as time goes on with multiple layers of architecture.