, ,

Embracing DevSecOps in 3 Steps

If you haven’t heard of DevSecOps yet, don’t worry – you will. DevSecOps is a software development philosophy that’s quickly gaining steam with agencies. As a mindset, DevSecOps is increasingly attractive to agencies as it makes their software development cheaper, quicker and more collaborative.

But in the grand scheme of things, DevSecOps is also relatively young. And agencies aren’t ready to move on from waterfall, which is the more established software development method. Waterfall involves designing software in linear, sequential phases; DevSecOps, meanwhile, features continuously delivering high-quality software by combining software development, IT operations and security into one process.

According to James Harmison, a Senior Solutions Architect at Red Hat, agencies might prefer swapping their waterfall practices for a newer, DevSecOps model. Red Hat is an open-source software provider. On Wednesday, during GovLoop’s latest virtual summit, Harmison argued DevSecOps can make agencies more agile, innovative and unified.

If your agency’s looking to make waterfall ancient history, Harmison listed three ways it can embrace DevSecOps:

1. Pinpoint Pain Points

The first step in solving a problem is admitting one exists. According to Harmison, waterfall has been well-established at agencies for decades. Despite this, many agencies are now realizing the waterfall framework isn’t what it used to be.

“There’s no feedback embedded in the process, so it results in bad software,” Harmison said of waterfall. “The implementation is risky and invites failure.”

Traditionally, Harmison added, waterfall would eventually result in finished software at agencies. Currently, however, agencies need more speed and agility while creating software.

“You can’t afford to stagnate,” Harmison said. “DevSecOps is about continuous integration, continuous delivery and continuous compliance. If you do everything continuously all the time, it is only going to get better.”

2. Tackle Teamwork

Harmison suggested teamwork is the secret ingredient need for DevSecOps. According to Harmison, synergy is the heart of thriving DevSecOps.

“All of us is smarter than any of us,” he said. “If we work together, we can come up with better solutions than even the smartest of us could on our own. You have to establish that mutual trust.”

Harmison recommended agencies adopting DevSecOps practice bringing their development, IT operations and security teams closer together.

“It’s about having a common framework to communicate,” he said. “And it is about empathy for each other. It is understanding each other’s concerns and articulating them to each other.”

3. Enthusiastically Endorse Automation

Automation happens when processes and procedures are performed with little to no humans. According to Harmison, automation fuels powerful DevSecOps for agencies.

“Automation is key to this,” he said. “Always improve your security posture. Continuously develop new code. Always get better on an infinite time scale.”

Using automation, agencies can reduce the time their employees spend on manual, time-consuming software development tasks such as patching vulnerabilities.

The Bottom Line

The old way of doing things isn’t always the best way. Agencies eager to upgrade their software development should consider trading waterfall for DevSecOps.

Don’t miss out on other virtual learning opportunities. Pre-register for GovLoop’s remaining 2020 virtual summits today.

This online training was brought to you by:

Leave a Comment

Leave a comment

Leave a Reply