FNN Expert Edition: Best Practices for Implementing DevSecOps
- OMB defines software security requirements going forward
- GSA, Smithsonian museum and VA share lessons learned
- NGA launches development strategy, metrics and release environment
- Army leans into DevSecOps for ERP consolidation
- NSA issues ‘post-quantum’ guidance
It’s not surprising that the development, security
and operations approach to building software is
the darling of IT teams across the government.
It’s essential given the current mandate that
agencies move toward zero trust environments.
Having secure software is fundamental, and DevSecOps helps agencies
get there and deliver user-tailored applications faster.
Ultimately, secure software is essential for transformation, says Federal Chief Information Security Officer Chris DeRusha. “We want everybody to be truly adopting secure development practices, not for the sake of adopting them but because security is an enabler to our future — a future of everything digital,” DeRusha told Federal New Network.
Less clear is the best path for implementing DevSecOps. That’s in part because the missions and goals of agencies vary, points out Derrick Curtis of the Office of Information and Technology at the Veterans Affairs Department. Evens so, he adds, “almost every scenario has been covered by someone at least once.” Therefore, people should reach out to others in government for advice, Curtis recommends.
No matter where your agency is on adopting DevSecOps, it’s critical to realize that — like most things IT — moving to a methodology for software that integrates development, security and operations is not just a matter of making the right technology choices. There’s a major people and workflow component that requires people teaming up and collaborating in new ways.
“Historically, we’ve let different teams choose their tools and their different processes of how they build software,” notes Alex Loehr, chief technology officer, at the National Geospatial-Intelligence Agency. “That led to some really important things, but it also led to a lot of fragmentation, and what we’re trying to do is build one set of tooling and one set of processes.”
Federal News Network
Download the full report to learn how the lessons learned by federal agency and industry experts will help you as your agency embraces DevSecOps. Featuring insights from 5G leaders at Red Hat, Datadog, Second Front, Invicti and Atlassian.