DevSecOps & Department of Defense, Separating Agile Hype From Legitimate Practice

Agile software development has become a tried and true practice for delivering high quality and effective software in the modern age. Due to its effectiveness, agile development is not only being used by tech companies; it has also been picked up by the Department of Defense (DoD). With the advancement of technology to the forefront of the battlefield, the DoD has embraced the need to get effective software tools into the hands of the warfighters quickly and efficiently.

With all the excitement surrounding agile, there are bound to be groups who claim to be agile while not actually following the agile methodology. In order to counteract this, the DoD has invested time and effort in identifying the indicators of who is faking agile practices. This effort ensures that software developed in the DoD is cutting edge and truly useful to the warfighter. The Defense Innovation Board has created a document that highlights some of their findings for those wanting more detail.

Even though emphasis has been placed on moving quickly while developing software, the Department of Defense cannot compromise the security of their products. This is where DevSecOps comes in. The U.S. government has adopted a DevSecOps approach to its software development, putting an emphasis on speed and automation while also not compromising security. Groups like Platform 1 have been pioneering what it means to implement agile and DevSecOps in the government space, providing hardened environments to software developers that allow them to quickly develop software that serves a mission without compromising security.

The benefits of modernizing development practices are usually described in concrete terms; increased productivity (faster delivery, decreased maintenance), increased resilience (fewer and shorter outages with a lower cost of issue resolution). Going to the next step and integrating security teams by using a DevSecOps approach provides even further benefits. Security issues that would require an entire cycle to resolve in a traditional workflow can be resolved earlier (and hence, faster) and the resulting software in production becomes more robust.

The crucial concept here is that integrating security into the development and deployment of your apps at every stage, rather than treating security as an outside process that is imposed upon your production environment at the end of the pipeline, will pay massive dividends. Good security practices evolve over time, and DevSecOps approaches are quickly becoming understood as the new standard for not only modern enterprise applications but the Department of Defense as well. With the ever-changing software landscape that faces us today, it is crucial that software is delivered quickly, effectively and securely.