Why Security Is Key to Your DevOps Success

Technology operations in government have long been dominated by compliance requirements that dictate the security and reliability of federal systems. But in this era of IT modernization and improved user experience, agencies are exploring new ways of continuously improving and delivering better software in government through DevOps.

This cultural shift to adopt DevOps hasn’t been swift, but much like a cargo ship approaching the harbor — think slow, steady and cautious — both civilian and defense agencies are investing in collaborative approaches that unite their development and operations teams.

“As part of that modernization, I think there’s a reconciliation or a realization that DevOps can enable compliance, security and availability, but also with speed and innovation,” said Brian Dawson, DevOps Evangelist and Product Lead at CloudBees, a leading provider of solutions for continuous software delivery. The Defense Department is among the growing number of agencies using the company’s CloudBees Core offering, which automates and orchestrates the steps in software delivery by binding them together into logical end-to-end workflows.

CloudBees Core is a key part of DoD’s Enterprise DevSecOps initiative, which focuses on enabling automated tools, testing and security to rapidly deliver software capabilities to the military.

In an interview with GovLoop, Dawson explained how DevOps not only helps agencies meet compliance demands, but also exceeds those requirements by empowering more innovative, timely and secure development of critical software. However, to truly capitalize on the benefits of DevOps, security teams must be an integral part of the transformation.

“It doesn’t matter how much speed we achieve on the development side — or independently on the operations side,” Dawson said. “To truly recognize DevOps, we are going to have to involve security. In fact, security should be a consideration from the onset of your DevOps implementation.”

Consider this analogy: Security is to the government what return on investment is to the commercial sector. It’s with this in mind that CloudBees supports agencies to better manage software delivery in a way that infuses government-grade security, best practices and support for on-premise or cloud operations across geographical teams. CloudBees Core, for example, is built on a popular and well-known open source automation server called Jenkins. This combination gives agencies the best of what open source has to offer while also meeting government’s rigorous security and scalability demands.

In addition to DoD, the U.S. Citizenship and Immigration Services (USCIS) and the Centers for Medicare & Medicaid Services (CMS) are two examples of agencies achieving great success with DevOps. At USCIS, in particular, the agency is seeing a higher frequency of software deployments and low failure rates when changes are made to software. Dawson noted that outcomes at USCIS are on par with what top tech companies are experiencing through DevOps.

“DevOps creates the collaborative environment that’s needed to automate the rote and tedious tasks throughout the software delivery pipeline,” Dawson said. “The efficiency gains in these agencies’ software factories are freeing up staff to reclaim time wasted on manual processes and instead focus on mission-critical activities.”

TAKEAWAY: Although it may seem daunting, implementing DevOps and DevSecOps enables teams to collaborate and deliver software rapidly, reliably and repeatedly.

This article is from GovLoop’s recent guide “Your Guide to DevOps in Government Today.” Download the full guide here.

Photo Credit: Navy Flickr

Leave a Comment

Leave a comment

Leave a Reply