ExecTech
validation, performance testing and
configuration management, and tools extend into project management sys- tems that permit prioritization, issue tracking and team collaboration.
• People. The people component of DevSecOps is often the most chal- lenging in DOD. Conway’s law says that organizations tend to build prod- ucts whose design reflects the orga- nization’s communication structure. Siloed organizations trend toward applications built into silos. Given the tight integration of roles required for effective DevSecOps adoption, many government agencies are seeing a need to flatten their organizational structure and integrate IT professionals into cross-functional teams rather than maintaining role-based internal orga- nizations that communicate through ticketing systems.
The restructuring and alignment of
personnel help drive results-driven out- comes by bringing everyone together to work toward the same goal: the suc- cessful release of their product.
The advantages and hurdles to DevSecOps adoption
DevSecOps has several advantages for DOD agencies, including shorter time to value, faster fielding of new capabilities and the ability to address security considerations earlier in the development process (referred to as moving to the left). The most valuable advantage is shortened time to value, whether that value is measured as innovation, reliability or reduced rollout lead time.
By contrast, the waterfall process — the most common traditional develop- ment process — focuses on extensive requirements documentation and devel- opment upfront. The approach can set
goals for the development of features and capabilities for a product’s first release that do not all offer significant impact or wide-reaching value across the user base.
DevSecOps can bring more value to the enterprise and do it more quickly through its iterative feedback process.
One of the significant hurdles to the adoption of DevSecOps in govern- ment can be the concept of the mini- mum viable product. However, MVP is a key component in the value achieved by moving risk to the left.
The Pareto principle, or 80/20 rule, resonates even in product development. Often, 80% of users take advantage of only 20% of a product’s capabilities. If a product is developed through the tradi- tional waterfall model, 80% of users may be blocked from getting value out of the product while they wait for the develop- ment and testing of features they won’t
40
September/October 2020 FCW.COM