FNN Expert Edition: Best Practices for Implementing DevSecOps

FNN Expert Edition devsecops cover
This eBook explores the lessons learned and best practices shared by federal agency and industry software experts. Featuring insights from government agencies, including:
  • OMB defines software security requirements going forward
  • GSA, Smithsonian museum and VA share lessons learned
  • NGA launches development strategy, metrics and release environment
  • Army leans into DevSecOps for ERP consolidation
  • NSA issues ‘post-quantum’ guidance

It’s not surprising that the development, security and operations approach to building software is the darling of IT teams across the government. It’s essential given the current mandate that agencies move toward zero trust environments. Having secure software is fundamental, and DevSecOps helps agencies get there and deliver user-tailored applications faster.
Ultimately, secure software is essential for transformation, says Federal Chief Information Security Officer Chris DeRusha. “We want everybody to be truly adopting secure development practices, not for the sake of adopting them but because security is an enabler to our future — a future of everything digital,” DeRusha told Federal New Network.
Less clear is the best path for implementing DevSecOps. That’s in part because the missions and goals of agencies vary, points out Derrick Curtis of the Office of Information and Technology at the Veterans Affairs Department. Evens so, he adds, “almost every scenario has been covered by someone at least once.” Therefore, people should reach out to others in government for advice, Curtis recommends.
No matter where your agency is on adopting DevSecOps, it’s critical to realize that — like most things IT — moving to a methodology for software that integrates development, security and operations is not just a matter of making the right technology choices. There’s a major people and workflow component that requires people teaming up and collaborating in new ways.
“Historically, we’ve let different teams choose their tools and their different processes of how they build software,” notes Alex Loehr, chief technology officer, at the National Geospatial-Intelligence Agency. “That led to some really important things, but it also led to a lot of fragmentation, and what we’re trying to do is build one set of tooling and one set of processes.”

Vanessa Roberts
Content Editor
Federal News Network

Download the full report to learn how the lessons learned by federal agency and industry experts will help you as your agency embraces DevSecOps. Featuring insights from 5G leaders at Red Hat, Datadog, Second Front, Invicti and Atlassian.

View and download complete report below.

By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.