Security and compliance are the two elephants in the room for agencies at every level, according to two government technology experts.
“We have to approach them and deal with these two big elephants,” Greg Tinsley, a Senior Consultant at Red Hat, said on Wednesday during a GovLoop virtual summit.” Security is a joint responsibility. It’s with all of us. It’s with the product itself. And it’s also with the people. It’s not just the user, but the installer.”
Tinsley spoke alongside Khary Mendez, a Principal Consultant at Red Hat, which is an open source software solutions provider.
On Wednesday, both also argued that agencies who don’t address these elephants can’t reap the best returns from DevOps. DevOps is a set of practices that integrates software development and IT operations to shorten the systems development life cycle.
Agencies that use DevOps are capable of continuously delivering high-quality software that benefits their workforces and the citizens that they serve.
“The mindset is very important,” Mendez said of DevOps. “When we talk about security, it’s about minimizing risk. We need to have it come up at every stage of the development process. It’s making sure that the correct people are informed and involved in what gets deployed in our environment.”
Security is a top priority for agencies as they handle sensitive citizen data including financial, healthcare and personally identifiable information (PII).
Following a cybersecurity incident, agencies may suffer from financial penalties, negative media coverage or even public outrage.
Mendez said that compliance, meanwhile, is another serious concern for agencies in an increasingly connected world.
“Compliance is about abiding by ethical practices and government regulations,” he said. “Security really focuses more on the threats and compromises to your system. Compliance focuses on documenting your security and best practices.”
Regardless of their location, agencies must comply with all applicable international, federal, state and local government regulations. Agencies that don’t comply with such regulations might incur hefty fines, lose relationships with partner governments or forfeit citizen trust.
DevOps, then, helps agencies manage both their compliance and their security elephants at the same time.
By removing the barriers between their software development and IT operations teams, agencies improve the communications between both sides as they launch new applications and services.
The resulting collaboration often produces public services that launch more cheaply, efficiently and securely at agencies.
“The path towards security and compliance is a journey,” Tinsley said. “Your security and compliance postures are a true, honest reflection of your business.”
Mendez and Tinsley agreed that DevOps can assist agencies with adopting cloud computing, which is a computing model for convenient, on-demand resources with little physical infrastructure.
The pair added that cloud’s flexibility, reliability and scalability make it an ideal launching pad for such emerging technologies as automation. Automation involves machines performing procedures and processes with minimal human assistance – for instance, patching cybersecurity vulnerabilities by updating software code.
Mendez additionally commented that DevOps is pivotal for compliance and security, as both topics are collectively about protecting data from risks.
“Data protection is what makes the news,” he said. “If we’re not protecting our data and it becomes compromised, nothing good ever comes out of that.”
This online training was brought to you by: