By Anthony Zech
Senior AI Architect for Cybersecurity
For federal agencies that have just implemented Agile development, DevSecOps may seem like a distant dream. In fact, just the opposite is true: Agile methodology lays the perfect foundation for a transition to DevSecOps. While an Agile delivery model realigns development to focus on delivering value-added functionality, DevSecOps empowers IT shops to achieve such functionality quickly, comprehensively, and securely. DevSecOps focuses not only on processes and tools, but most importantly, on a culture shift that ensures quick delivery of critical changes, comprehensive quality assurance (QA), and robust security.
But how to achieve such a strategy? The move To DevSecOps demands more than simply adopting a new development methodology. IT shops must rely on experienced leadership, design and implement an organizational transition plan, and invest in qualified personnel in order to enact this change. They must focus the day-to-day achievements that allow for gradual success, rather than expecting overnight transformation. When deployed successfully, this strategy achieves not only increased collaboration between stakeholders, but also higher-quality code on a timeline that keeps pace with the speed of mission requirements.
Collaboration Between Development, QA and Testing, IT Operations, and End-Users
At the forefront of any move to DevSecOps is a culture shift towards collaboration and knowledge sharing between development and QA/testing. Rather than keeping these components siloed, DevSecOps facilitates communication and feedback between teams. By coupling development and continuous builds within the operations cycle, the IT shop becomes an integrated engine producing quick wins for the organization and end-user. This integrated DevSecOps approach drastically improves the end-user experience by transforming customer service from an independent apparatus into a systematic function that enables quicker, sustained mission success.
Quality Code
Defects in code lead to rework, which in turn causes schedule delays and cost overruns. Through continuous feedback loops between the development and test phases, DevSecOps greatly minimizes these defects, keeping development on time and within budget. In a microservices architecture—which breaks down applications into collections of smaller services—with clear boundaries in business processes, discrete segments of code are fully tested using automation, then rapidly deployed. Any defects that arise are immediately rolled back, keeping systems fully functional at all times.
This automation is key to increasing the velocity of development. Through the use of libraries, software developers have constant access to the latest and most advanced code. Automated testing allows developers to integrate this code into existing projects without lengthy delays or the risk of incompatibility.
Delivery that Keeps Pace with the Mission
In today’s fast-paced landscape, mission can no longer wait weeks for the development cycle to complete. Cost, security, and overall mission success demand that new orders and changes to policy must be implemented within hours. A top-down approach, which pairs DevSecOps methodology with a migration to microservices architecture and robust automated testing, is critical to getting vital functionality in the hands of end-users at the speed of mission.
DevSecOps marks the latest advance in the evolution of application development. Rather than keeping development, security, QA, and operations siloed, DevSecOps considers these aspects as interconnected pieces of a single puzzle, empowering IT shops to create better, more secure products on a rapid timeline and at a cheaper cost.
