Federal Agencies and DevSecOps: Booz Allen’s Guidance for Moving Forward

Jan 25, 2019 1:30 PM ET

By bringing together traditionally separated teams and automating tasks like code deployment, DevOps makes it quicker and easier for organizations to update applications and software. DevSecOps brings security tools and processes into the mix, increasing the speed and efficiency by which organizations discover and correct system flaws.

DevSecOps is essential for federal agencies that handle classified data and comply with stringent security and data privacy requirements. Yet many agencies hold certain misperceptions about it: it’s purely about technology or speed, it’s a replacement for Agile, and it requires a massive investment in “super developers” or relinquishment of control—all of which stand in the way of DevSecOps adoption and realization of its full value.

In a recent issue of Nextgov magazine, Booz Allen Principal Jimmy Pham and Chief Technologist Martin Folkoff clarified common misperceptions in five areas and offered guidance for moving forward with DevSecOps the right way.  

  1. DevSecOps and control: By reducing variability, strengthening predictability, and removing human error from the development process, DevSecOps empowers organizations to gain—rather than give up—control.  

  2. DevSecOps and cost: Because universal DevSecOps methodology and processes involve the whole development team, throughout the delivery lifecycle, DevSecOps doesn’t require a big investment in “super developers.”  

  3. DevSecOps and technology/tools: DevSecOps is about communication and culture as well as architecture and processes. When organizations implement DevSecOps purely through the use of tools, they miss the core idea and don’t realize its full value.

  4. DevSecOps and Agile: DevSecOps is not a substitute for Agile. To move features and changes through the full development and deployment lifecycle, federal agencies need both.

  5. DevSecOps and speed: DevSecOps’ foundational value is its ability to build stability and security into every stage of the development lifecycle. Velocity is simply a byproduct of these benefits.   

Read the full Nextgov article and learn more in the Booz Allen Enterprise DevOps Playbook.