Best wishes to all for 2023! Thank you for your ongoing support and I look forward to writing more helpful posts for you in 2023. You’ll see in this post that I predict that a few topics will be prominent in the coming year, so I’ll be highlighting them myself, and giving you my insights on API security, cloud computing, infrastructure as code, and DevOps.
So, what does the future hold for the world of DevOps? In this blog post, we will take a look at some of the key trends and predictions for 2023, focusing on the four key areas I mentioned earlier.
2023 predictions summary
If you only have 2 minutes, I’ve outlined the key takeaways below. If you want to dive in, you can skip this summary section and go straight to all the details.
As reliance on APIs continues to grow, so too does the need for effective API security. In 2023, we can expect to see a greater focus on securing APIs, with more organizations implementing advanced threat detection and mitigation technologies, as well as implementing best practices for authentication, authorization, and data validation.
We can expect a new OWASP API Top 10 ranking this year, which should restructure the existing 2019 list with an increased focus on new threats.
If you’re new to API security or just want to know more, I created a video series last year called the Fundamentals of API security that covers everything you need to know.
Cloud computing and container orchestration
Both cloud computing and container orchestration have come a long way in the last few years and it shows no signs of slowing down. In 2023, we can expect to see a greater need for organizations to move to hybrid and multi-cloud architectures so to improve their flexibility and scalability. However, this will also introduce new challenges around security and management.
With Akamai’s acquisition of Linode, I will continue to support developers around the world on how to best utilize cloud computing and be more efficient when it comes to both technical and business requirements. I look forward to diving deeper into Kubernetes as well, which is coming up on its tenth anniversary in 2024.
Infrastructure as code
Infrastructure as code (IaC) is a key part of the DevOps toolkit and it is only going to become more important in the coming years. In 2023, we can expect to see more organizations adopting IaC as a way to automate the provisioning and management of their infrastructure, which will help to improve efficiency, reliability, and scalability.
As a devoted Terraform subject matter expert, I will continue to report on HashiCorp’s advancements in the IaC space and, in particular, keep you informed of their upcoming Terraform cloud development kit (CDK) that will allow developers to create infrastructure in their favorite programming languages.
If you are new to Terraform and want to learn more in quick 90-second bites of information, please take a moment to watch my Terraform Tapas video series.
There is much to look forward to in the DevOps field, but many developers are experiencing DevOps fatigue in 2023 because of the rapid pace of change, pressure to deliver high-quality software quickly, and a lack of clear guidelines and standards. To combat this, you can ask your organization to support you and your fellow developers by providing training and education, offering clear guidance and standards, and promoting a healthy work-life balance.
With the DevOps movement rising so rapidly and with hundreds of tools thrown around organizations, teams are getting weary of the changing expectations. Every other sprint, there is a new library or tool that aims at helping manage the chaos, especially those managing the containerized applications in a multi-cloud, multi-CDN landscape. 2023 can and will be used as a year by DevOps-mature organizations to take stock and simplify the tech stack.
Of course, there is so much more to cover in the world of DevOps and DevSecOps, topics such as artificial intelligence/machine learning (AI/ML) and monitoring/reporting tooling continue to play a key role for companies becoming more and more DevOps mature.
Diving into my 2023 predictions
With the key takeaways out of the way, we will dive deeper into each of these topics.
Companies that I consult with are continuing to struggle with protecting their API microservices for several reasons and the attack level has shifted from web application attacks to API attacks.
First, API microservices are typically small, independent components of a larger system, which can make them more difficult to secure. Because they are designed to be lightweight and modular, API microservices often have fewer security controls and are more vulnerable to attack.
Second, the rapid pace of development in the world of microservices can make it difficult for organizations to keep up with the latest security best practices. As new microservices are added and existing ones are updated, it can be challenging to ensure that all of the microservices are properly secured.
Third, the use of APIs has exploded in recent years, which has led to a proliferation of API security vulnerabilities. As more organizations adopt microservices and APIs, attackers have more opportunities to exploit vulnerabilities and gain access to sensitive data.
One of the key challenges in protecting API microservices is the implementation of effective authentication and authorization controls. Authentication, the process of verifying the identity of a user or system, and authorization, the process of determining what actions a user or system is allowed to perform, are critical to the security of API microservices. They help ensure that only authorized users and systems can access and interact with the microservices.
According to the OWASP API Security Top 10, "Broken Object Level Authorization" (BOLA) is a common security risk for API microservices. This risk occurs when an API does not properly implement object-level authorization checks, which can allow unauthorized users to access sensitive data or perform actions that they should not be able to.
This is a critical issue, as it can allow attackers to gain unauthorized access to an API and the underlying data and services. To protect against this risk, organizations should implement robust authentication and authorization controls for their API microservices.
This can include implementing strong password policies, using two-factor authentication, and implementing granular access controls that allow administrators to specify exactly which users and systems are allowed to access specific data or perform specific actions. By implementing these best practices, organizations can help to protect their API microservices from unauthorized access and attack.
I am highlighting BOLA in particular here because it is the most challenging aspect of API security to get right. It would not surprise me if BOLA continues to be the number one risk in the upcoming 2023 OWASP API Top 10.
If you want additional reading on API security, here is an excellent example with data and the attacks that Akamai has seen, covered in Akamai’s State of the Internet reports.
Cloud computing and container orchestration
Both cloud computing and container orchestration have come a long way in the last few years, and it shows no signs of slowing down. In 2023, we can expect to see a greater emphasis on hybrid and multi-cloud architectures.
Adopting a multi-cloud architecture in 2023 can provide companies with many benefits.
First, a multi-cloud architecture can help to improve the availability and reliability of an organization's IT systems. By using multiple cloud providers, organizations can spread their workloads across multiple platforms, which can help to reduce the risk of downtime or other performance issues. This can be particularly beneficial for organizations that need to ensure that their systems are always available, such as e-commerce companies or organizations that provide critical services.
Second, a multi-cloud architecture can help to improve the flexibility and scalability of an organization's IT systems. By using multiple cloud providers, organizations can choose the platform that is best suited to their specific needs and can easily add or remove capacity as needed. This can be particularly useful for organizations that experience fluctuating levels of demand, as it allows them to quickly and easily scale their systems up or down to meet changing requirements.
Third, a multi-cloud architecture can help to reduce the risks associated with vendor lock-in. By using multiple cloud providers, organizations can avoid becoming overly dependent on a single vendor, which can help to protect against the risks of price increases or other changes that could impact their business. This can provide organizations with more control over their IT systems and give them the ability to switch between providers if necessary.
Overall, adopting a multi-cloud architecture in 2023 can provide developers with improved availability, flexibility, and control over their IT systems. By using multiple cloud providers, organizations can better meet their specific needs and can be more agile and responsive to changing business requirements.
However, if we look at container orchestration, there are a few trends that are likely to shape its future:
Reliance on hybrid- and multi-cloud
We can expect to see increased adoption of hybrid and multi-cloud environments as organizations increasingly shift infrastructure strategies. Container orchestration tools will need to be able to seamlessly manage containers across multiple cloud environments. This is where multi-cloud will continue to play a key role. The Linode Kubernetes Engine (LKE) is something I’ve been learning about recently, and it looks like it has the capabilities to manage orchestration easily. Here is an example of an LKE integration done by my colleague Mattia Rambelli.
Integration with artificial intelligence and machine learning
Container orchestration tools are likely to become more integrated with artificial intelligence and machine learning technologies, allowing them to automatically optimize resource allocation and improve efficiency. This will reduce developer time to manually review resource allocation and improve the efficiency of systems automatically.
Focus on security and compliance
As containerization becomes more prevalent, there will be a greater emphasis on ensuring that container orchestration tools meet security and compliance requirements. OWASP released the CI/CD Top 10 in late 2022 and this focuses on containers as well.
The emergence of new platforms and tools
There will likely be the emergence of new platforms and tools for container orchestration, as well as the evolution and improvement of existing ones. Overall, the future of container orchestration is likely to involve a greater focus on automation, optimization, and security as organizations continue to adopt containerization and move towards hybrid and multi-cloud environments.
Of course, with new platforms and new tools comes (re-)education, and more so than ever, I have sensed a feeling of ‘DevOps fatigue’ to start lingering throughout the developer community. I will round out this post with my thoughts on that.
Infrastructure as code
Infrastructure as code (IaC) is a key trend in the world of DevOps, and it is only going to become more important in 2023. IaC refers to the practice of using code to automate the provisioning and management of an organization's infrastructure. This can include things like servers, networks, and storage, as well as the various applications and services that run on top of that infrastructure.
One of the main benefits of IaC is that it allows organizations to manage their infrastructure more efficiently and reliably. By using code to automate the provisioning and management of their infrastructure, organizations can reduce the amount of manual work that is required, which can help to save time and reduce the risk of errors. This can be particularly useful for organizations that need to quickly and easily spin up new environments for testing, development, or other purposes.
Another benefit of IaC is that it allows organizations to be more agile and responsive to changing business requirements. By using code to manage their infrastructure, organizations can quickly and easily make changes to their environment, which can help them to adapt to changing requirements more quickly and effectively. This can be particularly useful for organizations that need to rapidly scale their infrastructure up or down to meet changing demand.
One of the key tools for managing infrastructure as code is Terraform. Terraform is an open-source tool that allows organizations to define and manage their infrastructure using code. It supports a wide range of infrastructure providers, including Akamai and Linode, as well as container orchestration tools such as Kubernetes. Terraform is widely used by organizations of all sizes, and is considered to be one of the leading tools in the IaC space.
In 2023, we can expect to see more organizations adopting IaC and using tools like Terraform to manage their infrastructure. As the importance of infrastructure automation continues to grow, tools like Terraform will become increasingly essential for organizations that want to be more agile and efficient in their use of IT resources.
I am especially interested in the Terraform CDK which will be in early BETA in 2022. Terraform CDK or the Cloud Development Kit for Terraform (CDKTF) allows you to use familiar programming languages to define and provision infrastructure. This gives you access to the entire Terraform ecosystem without learning HashiCorp Configuration Language (HCL) and lets you leverage the power of your existing toolchain for testing, dependency management, etc. For now, they support TypeScript, Python, Java, C#, and Go.
This will lower the threshold for learning and using Infrastructure as Code. Granted, HCL was easy to get started with but in today’s age of having to know multiple programming languages, it becomes a burden on the developer. Why not make things more efficient by only requiring to learn a new library versus an entire programming language?
I will keep an eye out for Terraform CDK and this should integrate nicely with the Akamai Terraform Provider and Linode Terraform Provider that are available. I look forward to seeing the first developer use case in action this year where developers will use the Terraform CDK to set up their cloud computing in Linode and enhance it with content delivery and application security from Akamai.
Alright, I have alluded to this multiple times but let’s unpack the DevOps fatigue trend for 2023.
I shared this quote with DevOps Digest in November: “With the DevOps movement rising so rapidly and with hundreds of tools thrown around organizations, teams are getting fatigued. Every other sprint, there is a new library or tool that aims at helping manage the chaos, especially those managing the containerized applications in a multi-cloud, multi-CDN landscape. 2023 can and will be used as a year by DevOps mature organizations to take stock and simplify the tech stack.”
Many developers are experiencing DevOps fatigue in 2023 because of the rapid pace of change and innovation in the world of software development. DevOps is a term that refers to the practice of combining software development and operations to improve the speed and quality of software delivery. It involves a wide range of tools and practices, including continuous integration and deployment, infrastructure as code, and agile development methodologies.
The rapid pace of change in the world of software development means that developers are constantly being asked to learn new tools, techniques, and technologies. This can be overwhelming for many developers, who may feel that they are unable to keep up with the latest trends and best practices. This can lead to feelings of frustration, burnout, and a lack of motivation.
In addition, the pressure to deliver high-quality software quickly can also contribute to DevOps fatigue. Many organizations are demanding faster and faster delivery times, which can put a lot of pressure on developers to meet tight deadlines and deliver high-quality software. This can lead to long hours, tight schedules, and a lack of time for learning and experimentation.
Finally, the lack of clear guidelines and standards in the world of DevOps can also contribute to DevOps fatigue. Because DevOps is a relatively new field, there is a lack of consensus around the best practices and tools to use. This can make it difficult for developers to know where to focus their efforts and can lead to a feeling of uncertainty and confusion.
Overall, many developers are experiencing DevOps fatigue in 2023 due to the rapid pace of change, pressure to deliver high-quality software quickly, and a lack of clear guidelines and standards. To combat this, you can ask your organizations to support you and your fellow developers by providing training and education, offering clear guidance and standards, and promoting a healthy work-life balance.
One for all and all for one
All the elements that I have laid out so far will come together now in one cohesive vision.
With the growing landscape of multi-cloud computing, container orchestration, API microservices, and infrastructure as code, there are more tools, more programming languages and libraries and of course more security risks out there.
To see OWASP issuing a dedicated CI/CD Top 10 and an API Top 10 shows the need to fully secure every facet of the entire technology stack. DevSecOps-focused developers simply cannot keep up with the sheer amount of security vulnerabilities out there and every single list you will find focuses on ‘misconfiguration’.
There is this focus in the developer community to always improve, and always be more efficient as fast as possible but this can come at a high cost to the developer’s energy levels. This year more so than others, it is time to slow things down and reassess how technology stacks are running, what underlying DevOps tooling is powering them, and see how it can be more efficient.
I for one am glad that although the industry is focused on multi-cloud, multi-CDN, and multi-security, Akamai itself can be a full ecosystem supporting the entire web application and API microservice tech stack.
Orchestrate your containers on the Linode Kubernetes Engine, deliver these web application and API microservices with the Akamai content delivery network, and protect it all neatly with Akamai’s DNS, web application, and API protection solutions and you are good to go.
Regardless of which tool or vendor you use to develop your applications though, “keep it super simple” while keeping these predictions in mind for an efficient year of DevOps! I will be writing my thoughts on 2024 before I know it.
Thanks as always for your support and if you made it through this post, I hope this helps you navigate through the challenging landscape that is DevOps these days. If you have any questions, please feel free to comment below. I am here to help!