Four strategies to achieve a true DevSecOps culture.
For federal agencies, achieving mission success increasingly hinges on modernizing legacy systems and transforming operations. So it’s no surprise that a growing number of government programs and IT departments are turning to DevSecOps software development methodologies and technologies to automate toolsets and centralize IT workflows. DevSecOps builds on the learnings and best practices of general DevOps, with the addition of security verification as an active, integrated part of the development process. When leveraged correctly, a DevSecOps approach delivers the agility and flexibility to speed up capabilities for citizens while streamlining redundant and time-consuming processes.
Yet, with any major change comes challenges, and not every federal agency is using DevSecOps to its full potential. In findings from an Atlassian-sponsored Federal News Network survey, it appears that many still have work to do in their quest for a true DevSecOps culture.
The survey highlights a disconnect between IT and federal employees outside of the IT field. The majority of non-IT employees surveyed were unaware of DevSecOps methodology and benefits, indicating they were often not included in requirements gathering, nor were they invited to provide feedback on new capabilities. And for their part, IT professionals said the department staff neither knew nor cared about how systems work or why they work the way they do. This discord between development and operations staff is at the heart of the challenge.
To support agency teams as they work to bridge this gap, we compiled a list of four recommendations that can enable agencies to realize the full potential of DevSecOps.
1. Develop cross-agency collaboration
Cross-team collaboration is at the very core of successful DevSecOps workflows – but collaboration is often confused with communication. IT may inform non-technical stakeholders that they’re working on an application, but fail to truly collaborate with them in a productive, two-way process to understand their requirements. Collaboration happens when two or more people work together – the key here is advancing the effort.
Rather than treating non-technical staff as end-users, IT can encourage true collaboration by getting them involved at the start of a project. Working with staff as they demonstrate their current needs, and truly understanding their process, can significantly enhance the end product and ensure that the implementation of new functionality will be successful.
2. Create open work environments
Open work requires information to be shared across teams, rather than protected. The following three essential practices can help create an optimal environment for open work:
- Share appropriate context throughout the working group and agency-wide. Discuss what decisions must be made and why.
- Encourage direct and honest feedback, regardless of rank or position.
- Deliver appropriate access to information.
Fostering an open work environment often requires breaking down departmental silos to give program teams visibility into what development teams are working on – and then actively asking for feedback. It’s about getting end-users and stakeholders involved early and often in the development process – in other words, incorporating input, seeking feedback, and tracking results for accountability.
3. Provide training opportunities
Even the best teams can’t transition to DevSecOps overnight. Training is an essential part of building success, whether through team-building, software training, or sharing tips and best practices. Training is most effective when it adapts to the learning styles of multiple user types. This means focusing on developing skills that enable teams to become more agile, improving decision-making, and mastering specific software features.
4. Fuel repeatability and responsiveness
There’s measurable value in developing highly repeatable processes and automating as many tasks as possible. For example, when version control is handled the same way throughout the team, everyone knows what version they’re working on. Using automation to create repeatable environments enables self-documenting processes that are easier to understand, improve, secure, and audit.
Making DevSecOps work for you
We know it’s not always easy to get started. But no matter where you are in your DevSecOps journey, Atlassian software solutions, combined with our comprehensive Team Playbook, can deliver the framework and automation your agency needs to support and drive your DevSecOps transformation.
The four practices outlined here may take time to incorporate into your agency’s processes, but they will pay dividends. The result is a culture of trust and collaboration that adds value, transforms operations, and delivers mission success. Check out the report for complete results from the survey, and click through to learn more about Atlassian DevOps solutions and DevSecOps perspectives.