CNCF published the sixth edition of the end-user Technology Radar. The theme for this edition was DevSecOps, the integration of security at every step of the software development lifecycle. The radar team highlighted there are many DevSecOps tools today and the space is growing and changing rapidly.
Courtesy of the Cloud Native Computing Foundation
The Technology Radar team reported three key themes that came out of this survey. The first theme is that available tools today are designed to meet the needs of security teams better than developers. While there are many promising tools available, there is no one tool that can provide a holistic approach to solving all the challenges.
According to the radar team findings, some of the very promising tools available include Cilium, Linkerd, and Trivy. Such tools are good at solving at least one problem, but there is room for consolidation.
Keith Nielsen, director of cloud architecture at Discover Financial Services, one of participating companies in the survey illustrated how his organization is dealing with such challenge:
Unless you’re going all-in with a cloud provider set of tools, you’re stitching things together yourself. The tools have gotten better in terms of how you interact with them and the information they give you back. However, there is no silver bullet here.
The second theme is that the DevSecOps space is changing rapidly. The radar team underscored that practitioners today have a plethora of security tools to evaluate, decide on, and integrate into their environments. In part, because the rate of new services coming out of the major cloud providers is increasing combined with the rise of Kubernetes. Those two factors make it harder to consume services securely and integrate them with emerging security tools.
Sergiu Petean, head of DevOps at Allianz Direct, commented on the struggles practitioners are facing today:
The speed of innovation and digitization currently is a very important factor. Often, you find yourself in a place where the old way of doing security doesn’t work anymore and you’re looking for different ways of doing security.
The third theme is about microsegmentation, a network security technique of logically dividing and isolating workloads and then applying security controls on such individual units. The radar team pointed out that microsegmentation is a significant challenge not only in terms of adopting the right technology but in terms of changing the mindset of practitioners in the enterprise who are used to traditional network security practices.
Some of the tools included in the radar for microsegmentation include Istio, Calico, and the Open Policy Agent (OPA).
In this survey, 21 companies participated and contributed 171 data points with a total of 252 votes from end-users.
Per the webinar about this edition, the results of the survey conducted in September 2021 were limited to 21 end-user companies, including Spotify, Intuit, Squarespace, Zendesk, and Discover Financial Services.
End users can recommend or vote on the next tech radar. In addition, feedback can be sent to info@cncf.io.