As more agencies demonstrate the success of DevSecOps, the once widening gap between the business outcomes that agencies desire and the tools and processes they use to achieve them is diminishing.
“We’ve seen multiple cycles of agencies transforming from legacy-style development to a modern approach, and there’s a proven way of this methodology now,” said Brad Sollar, Business Development Manager for Presidio’s Digital Transformation Group. Presidio specializes in digital transformation solutions that are built on agile, secure infrastructure and deployed in a multi-cloud world.
Agencies have at their disposal reference architecture, or blueprints, for how to align development, security, and operations teams and tools. Plus, technologies such as cloud computing and containers make the technical side of transformation more palatable.
But how can agencies practically transition from where they are today and accelerate business outcomes? Sollar shared three ways to support this shift.
1. Take an API-first, microservices approach
When designing applications, ensure that what you’re building today will support future needs, Sollar said. Think of APIs, or application programming interfaces, as a contract for how you interact with services now and into the future.
A microservices approach is about scalability and the freedom of choice, whether you’re choosing a programming language or database. Microservices also break applications down into mini services. So rather than having to update or replace a monolithic application, you can quickly and seamlessly refresh and plug in new features as needed.
2. Implement security by design
“One of the biggest changes that people are finally starting to grasp is that security is ongoing and not just the responsibility of a security team,” Sollar said. “The earlier you can start in this process, the better your outcomes are going to be.”
This fundamental change is known as shifting left. From the time the first line of code is written, take steps to regularly check for vulnerabilities. With the DevSecOps pipeline, or set of automated processes, there are security gates where code is regularly checked and remediated if vulnerabilities are discovered.
3. Adopt infrastructure as code
The key to accelerating business outcomes is making processes agile, secure and repeatable. That’s what infrastructure as code aims to do by turning assets, such as your network configuration and server attributes, into a machine-readable format.
This code becomes the source of truth for what your infrastructure should look like, and you can use it to recreate infrastructure from scratch, among other benefits.
“Having pre-packaged solutions, from the infrastructure layer to procuring software in the DevSecOps pipeline, is vital,” Sollar said. “We’re a go-to partner for agencies that need to build out their environment.”
This article is an excerpt from GovLoop’s recent guide, “Agile for Everyone: How to Improve Everyday Work Processes.” Download the full guide here.