GovLoop Guide: Agencies Build Foundation for DevSecOps Success

Created in partnership with GovLoop and supported by Atlassian, Contrast Security, F5, Palo Alto Networks, Red Hat, SAP NS2 and Venafi.

GovLoop DevSecOps Guide cover

Since the development of the internet, IT professionals have been in an “arms race” with bad actors, whether they are corporate spies or attackers from hostile nations. DevOps emerged as a way to restructure the development process by bringing developers and operations teams together to create new applications, thus ending the cycle of vulnerabilities and software patches. But security still needed a seat at the table. The newest approach is DevSecOps — both a software engineering approach and a culture that promotes security automation and monitoring throughout the application development lifecycle.

DevSecOps is designed to break down barriers to collaboration among development, operations and security teams so they all can contribute to creating new applications. Organizations can deploy new apps with secure, efficient, functioning code — but with security as the foundation. The approach is gaining a foothold in federal, state and local agencies, especially the Department of Defense (DoD), where its model of continuous testing, integration and delivery is seen as the optimal way to deliver capabilities to warfighters as quickly as possible. In military parlance, DevSecOps “shifts left” the integration of security; the earlier in app development that security is incorporated, the better — a sound military practice.

Since the development of the internet, IT professionals have been in an “arms race” with bad actors; DevOps emerged as a way to restructure the development process by bringing developers and operations teams together to create new applications, thus ending the cycle of vulnerabilities and software patches. But security still needed a seat at the table. DevSecOps is designed to to break down barriers to collaboration among development, operations and security teams so they all can contribute to creating new applications. Organizations can deploy new apps with secure, efficient, functioning code — but with security as the foundation.

In May 2020, the Defense Innovation Board released its Software Acquisition and Practices Study. The study recommended “the ten most important things to do (starting now!).” They included changes that Congress and the Office of the Secretary of Defense needed to carry out, focusing on reworked statutes, regulations and processes for software. In another demonstration of DevSecOps's increasing importance to government agencies, GSA has developed a governance model, with the Office of the Chief Information Security Officer’s DevSecOps Program providing agencywide leadership on DevSecOps to ensure consistent use of good security practices.

Download the guide to read more about how DevSecOps can benefit your agency. In one study, DevSecOps:

  • Reduced lead time by 93 percent, from 169.83 to 12 days
  • Increased deployment frequency by 891 percent, from 11 to 98 releases
  • Reduced mean time provision by almost 100 percent, from six months to two hours
  • Reduced operating costs by 91.66 percent

Plus, hear from DevSecOps leaders at the DoD, GSA, Air Force, Army Futures Command and U.S. Transportation Command as well as Carahsoft's technology experts when you download the guide.

By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.