This article is an excerpt from GovLoop’s recent report titled “Your Guide to Key Advancements in Government Cybersecurity.” Download the full report here.
Managing a seamless and secure IT enterprise is no small task in today’s complex environment.
For starters, your agency relies on a host of systems and applications to meet daily demands from internal and external customers.
Ensuring that those systems are updated with the latest code, operating smoothly and running securely requires a joint effort across multiple teams. But those teams’ varying missions can clash at times.
Developers work to push code that corrects glitches, providing user enhancements and fixing software vulnerabilities. The IT operations team keeps these systems running and functional for the hundreds or thousands of people who depend on them. And equally important is the security team that must ensure the same systems are secure, up-to-date and compliant with federal standards.
To bridge the divide between development, operations and security teams and ensure that systems stay updated, running and secure all at the same time, agencies are investing in a new approach known as DevSecOps. At its core, DevSecOps is “a cultural and engineering practice that breaks down barriers and opens collaboration between development, security, and operations organizations using automation,” according to the General Services Administration’s definition. The focus is on rapid, frequent delivery of secure infrastructure and so ware to production, which a growing number of agencies are prioritizing.
The purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale, according to Shannon Lietz, founder of the DevSecOps Foundation, a community focused on incorporating security within Agile and DevOps practices.