½ÃÇÁÆ® ·¹ÇÁÆ® º¸¾È°ú ¿£µå Åõ ¿£µå ¼ÒÇÁÆ®¿þ¾î °³¹ß ¼ö¸íÁֱ⠰¡½ÃÈ ¿ä±¸ÀÇ Áõ°¡°¡ SSCSÀÇ ¼ºÀå °¡´É¼ºÀ» Çâ»ó
¼ÒÇÁÆ®¿þ¾î °ø±Þ¸Á º¸¾È(SSCS) ¼Ö·ç¼Ç µµÀÔÀº ÇâÈÄ 5³â°£ ¾ÈÁ¤ÀûÀÎ ¼ºÀå¼¼¸¦ À¯ÁöÇÒ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù. ±× ÀÌÀ¯´Â µðÁöÅÐÈ¿¡ µû¸¥ SSCS ¸®½ºÅ© Áõ°¡, ±âÁ¸ ¿ëµµ º¸¾È Á¢±Ù ¹æ½ÄÀ¸·Î´Â ¿ëµµ º¸È£ ¹× SSCS ´ëÀÀÀÌ ºÒ°¡´ÉÇÏ´Ù´Â Á¡, ¿ÀǼҽº ¹× ¼µåÆÄƼ ÄÚµå, Åø, ¼ÒÇÁÆ®¿þ¾îÀÇ »ç¿ëÀÌ ±ÞÁõÇÏ°í ÀÖ´Ù´Â Á¡, ¾ö°ÝÇÑ ±ÔÁ¦¿Í º£½ºÆ® ÇÁ·¢Æ¼½º ÇÁ·¹ÀÓ¿öÅ©°¡ Á¸ÀçÇÑ´Ù´Â Á¡ µîÀÔ´Ï´Ù. º£½ºÆ® ÇÁ·¢Æ¼½º ÇÁ·¹ÀÓ¿öÅ©°¡ Á¸ÀçÇÑ´Ù´Â Á¡ µîÀÔ´Ï´Ù.
°³¹ßÀÚµéÀº ¼ÒÇÁÆ®¿þ¾î °³¹ß½Ã ¹Îø¼º°ú º¸¾ÈÀ» µ¿½Ã¿¡ È®º¸Çϱâ À§ÇØ ¼µåÆÄƼ Åø, ¶óÀ̺귯¸®, ¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î¸¦ È°¿ëÇÔÀ¸·Î½á ºñÁî´Ï½º ¿ä±¸»çÇ×À» ÃæÁ·½Ãų ¼ö ÀÖ´Â ±âȸ¸¦ ¾òÀ» ¼ö ÀÖ½À´Ï´Ù. ƯÈ÷ ÇâÈÄ 1-3³â µ¿¾È Ŭ¶ó¿ìµå ³×ÀÌƼºê ±â¼ú°ú ¼µåÆÄƼ ¶Ç´Â ¿ÀǼҽº Åø°ú ¼ÒÇÁÆ®¿þ¾îÀÇ »ç¿ëÀÌ ±ÞÁõÇÏ¸é¼ ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸ÁÀÌ º¹ÀâÇØÁö°í SSCS ¸®½ºÅ©°¡ Áõ°¡ÇÒ °ÍÀ¸·Î ¿¹»óµË´Ï´Ù.
±âÁ¸ÀÇ ¿ëµµ º¸¾È Á¢±Ù ¹æ½ÄÀº ´õ ÀÌ»ó À§Çù¿¡ ´ëÀÀÇÏ°í ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸Á Àü¹ÝÀÇ º¸¾ÈÀ» È®º¸ÇÏ´Â µ¥ È¿°úÀûÀÌÁö ¾Ê½À´Ï´Ù. µû¶ó¼ Á¶Á÷Àº ¼µåÆÄƼ ¹× ¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î¸¦ Æ÷ÇÔÇÑ ¼ÒÇÁÆ®¿þ¾î °³¹ß ¼ö¸íÁÖ±â(SDLC)ÀÇ ¸ðµç ´Ü°è¸¦ °¡½ÃÈÇÏ´Â Á¾ÇÕÀûÀÎ SSCS Á¢±Ù ¹æ½ÄÀ» ¿ä±¸ÇÏ°í ÀÖ½À´Ï´Ù. Á¾ÇÕÀûÀÎ SSCS´Â ÄÚµå, Á¾¼Ó¼º, ¶óÀ̺귯¸®, °³¹ßÀÚ Åø, ¿ëµµ, ¿öÅ©·Îµå ¹× Ŭ¶ó¿ìµå ÀÎÇÁ¶ó Àü¹Ý¿¡ °ÉÃÄ °¡½Ã¼º, ÄÁÅؽºÆ® ¹× º¸¾È ¹üÀ§¸¦ Á¦°øÇϱâ À§ÇØ ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸ÁÀÇ ¿©·¯ ´Ü°è¿¡ °ÉÃÄ º¸È£ ±â´É°ú º£½ºÆ® ÇÁ·¢Æ¼½º¸¦ Á¦°øÇÕ´Ï´Ù. ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸ÁÀÇ ¿©·¯ ´Ü°è¿¡ °ÉÃÄ º¸È£ ±â´É°ú º£½ºÆ® ÇÁ·¢Æ¼½ºÀÇ ¼ö·ÅÀ» ÃËÁøÇÏ´Â ÅëÇÕµÈ Á¢±Ù ¹æ½ÄÀÌ ÇÊ¿äÇÕ´Ï´Ù.
½ÃÇÁÆ® ·¹ÇÁÆ® º¸¾ÈÀÌ Á¡Á¡ ´õ Áß¿äÇØÁü¿¡ µû¶ó ¼ÒÇÁÆ®¿þ¾î °³¹ßÀÇ ¸ðµç ´Ü°è¿¡¼ °³¹ßÀÚ Áß½ÉÀÇ º¸¾ÈÀÌ ¿ä±¸µÇ°í ÀÖ½À´Ï´Ù. Á¶Á÷Àº Äڵ忡¼ Ŭ¶ó¿ìµå, Ŭ¶ó¿ìµå¿¡¼ Äڵ忡 ´ëÇÑ °¡½Ã¼º, Æò°¡, ÃßÀû¼º, º¸È£ ±â´ÉÀ» Á¦°øÇÏ´Â SSCS¸¦ äÅÃÇÏ¿© ½ÃÇÁÆ® ·¹ÇÁÆ® º¸¾ÈÀ» ½Ç½Ã°£, Áö¼ÓÀûÀÎ Ä¿¹Â´ÏÄÉÀ̼ǰú ½ÇÇàÀ¸·Î ½ÇÇöÇÒ ¼ö ÀÖ¾î¾ß ÇÕ´Ï´Ù.
ÀÌ Á¶»ç´Â µ¶¸³Çü SSCS ¶Ç´Â Ç÷§ÆûÀÇ ÀϺηΠSSCS¸¦ Á¦°øÇÏ´Â ±â¼ú °ø±Þ¾÷ü¸¦ ´ë»óÀ¸·Î Çϸç, SDLCÀÇ ÃÖ¼Ò µÎ ´Ü°è(ÄÚµå, ¹èÆ÷, ¹èÆ÷ ¶Ç´Â ·±Å¸ÀÓ)¸¦ Æ÷°ýÇÏ´Â º¸¾È ±â´ÉÀ» Á¦°øÇÏ´Â SSCS Æ÷Æ®Æú¸®¿À¸¸À» ´ë»óÀ¸·Î ÇÕ´Ï´Ù. Æ÷Æ®Æú¸®¿À¸¸À» ´ë»óÀ¸·Î ÇÕ´Ï´Ù. ÄÁÅ×À̳Ê/K8, ¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î, GitOps ¼ÒÇÁÆ®¿þ¾î °³¹ß ÇÁ·¹ÀÓ¿öÅ©¿Í °°Àº ÃֽŠ¿ëµµ °³¹ß ÅøÀÇ »ç¿ëÀÌ Áõ°¡ÇÔ¿¡ µû¶ó À̹ø Á¶»ç¿¡¼´Â Ŭ¶ó¿ìµå ³×ÀÌƼºê ȯ°æ¿¡¼ÀÇ SSCS¿¡ ÃÊÁ¡À» ¸ÂÃè½À´Ï´Ù.
¼¼°è ½ÃÀå °³°ü ÀλçÀÌÆ®¿¡´Â ºÏ¹Ì(NA), À¯·´-Áßµ¿ ¹× ¾ÆÇÁ¸®Ä«(EMEA), ¾Æ½Ã¾ÆÅÂÆò¾ç(APAC), ¶óƾ¾Æ¸Þ¸®Ä«(LATAM) ½ÃÀå ¼öÁ÷ ¹× ¼öÆòº° Áö¿ªº° ºÐ¼®ÀÌ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. Á¶»ç ±â°£Àº 2022-2028³âÀÔ´Ï´Ù.
Shift-left Security and Increasing Need for End-to-end Software Development Life Cycle Visibility Drive SSCS Growth Potential
Adoption of software supply chain security (SSCS) solutions will maintain steady growth during the next 5 years, mainly because of increasing SSCS risks that result from digitization; the inability of traditional application security approaches to safeguard applications or address SSCS; the surging use of open-source and third-party code, tools, and software; and stringent regulations and best practices frameworks.
As developers juggle between meeting agility and security when developing software, third-party tools, libraries, and open-source software offer opportunities for them to meet their business needs. The surging use of cloud-native technologies and third-party or open-source tools and software will continue, especially in the next 1 to 3 years, adding complexity to the software supply chain and increasing SSCS risks.
The traditional application security approach is no longer effective in addressing threats and securing the entire software supply chain, which leaves organizations seeking a comprehensive SSCS approach to gain visibility into every stage of the software development life cycle (SDLC), including third-party and open-source software. Comprehensive SSCS entails a consolidation approach that drives the convergence of protection capabilities and best practices across different phases of the software supply chain to provide greater visibility, context, and security coverage across the code, dependencies, libraries, developer tools, applications, workload, and cloud infrastructure.
As shift-left security is increasingly prioritized, developer-focused security is needed in every stage of software development. It is necessary for organizations to adopt SSCS that offers visibility, assessment, traceability, and protection from code to cloud and cloud to code, and that is able to deliver shift-left security as a real-time continuous practice of communication and enforcement.
This study covers technology vendors that provide stand-alone SSCS or SSCS as part of a platform, but the scope only includes SSCS portfolios that offer security capabilities covering at least two stages of the SDLC (either code, distribute, deploy, or runtime). Due to the increasing use of modern application development tools, such as containers/ K8s, open-source software, and a GitOps software development framework, the study focuses on SSCS in the cloud-native environment.
Insights into the global market landscape include regional breakdowns for North America (NA); Europe, the Middle East, and Africa (EMEA); Asia-Pacific (APAC); and Latin America (LATAM) by market vertical and horizontal. The study period is 2022 to 2028.