Playbooks are familiar territory for sports teams and agencies alike. As basketball teams have trotted out motion – instead of isolation – offenses, agencies have taken a page of the same principle: that all parts of IT should be moving in unison.
The old waterfall approach had different parts of the software process working in isolation. First went development, then security and finally operations. Flaws were tossed back to be resolved, and a major incongruence often relegated the product back to square one. The process took a while.
The viability of that approach has trickled off, especially now as agencies use the cloud to promote high-speed innovation and maintain competitiveness with top tech. Agencies prefer DevSecOps as a software motion offense approach that has development, security and operations players all working together simultaneously. DevSecOps is comparatively breakneck.
“The traditional software process can’t keep pace with the event of innovation,” said Dean Pianta, Cloud Director at SAP NS2, which uses DevSecOps to drive secure innovation.
In an interview with GovLoop, Pianta explained how DevSecOps improves speed, scale and security.
Government adoption times can be taken for granted – people aren’t surprised when something takes three years to build or 12 months to implement. Those are common refrains that often go unquestioned. They shouldn’t, Pianta said.
Cloud changed the game by allowing agencies to spin up networks instantaneously. And that was just the beginning. Throw in microservices architectures and agile development methods that have security and operations built in; now you’re getting down the court, faster than before.
“What used to take six to 12 months can be done in six seconds,” Pianta said.
With development, security and operations players all working together, the door is opened to large-scale automation. The application assembly line is geared up with the digital equivalence of conveyor belts, robotic arms and sensors. Identical to Henry Ford’s first moving assembly for mass production of an entire automobile, costs are reduced and mass scale is achieved.
“The beautiful thing about code is that it can be part of an automation cycle. And now that everything is code, it can all be scripted,” Pianta said.
Many times, the same application needs to be reproduced – with minimal or no alterations – to work in multiple environments. Automation-driven software factories usher applications along in no time, from commercial to government markets. Software engineers can then turn their attention to innovation, not replication.
Of course, none of that matters if security isn’t up to scratch. But just like development, implementation and monitoring, security can be embedded into the assembly line.
Security protocols are activated as soon as applications are. Those protocols make sure that if something happens, servers don’t falter. The breach can be stopped at the source.
The biggest risk to agencies is seeing security and innovation at odds. The right industry partner doesn’t do that. Rather, they attach security to cutting-edge technology to enable innovation securely.
“My goal is to make sure that no one protecting the country is using 10-year-old software,” Pianta said.
This article is an excerpt from GovLoop’s recent guide, “Agencies Build Foundation for DevSecOps Success.” Download the full guide here.