FNN Expert Edition: How to
Scale DevSecOps
- Army begins to scale DevSecOps pilot projects
- GSA 10x puts ‘moonshot’ pitches into practice with agile development
- CISA pushes tech buyers to seek ‘secure by demand’ products
- As USCIS expands into the cloud, automation helps it securely manage ‘explosion’ of data
The push is on. Agencies across the federal
government increasingly are scaling up their
development, security and operations programs.
Interestingly, the coalescence of multiple governmentwide technology
initiatives appears to have helped pave a path toward agile development and
the broadening implementation of DevSecOps.
Both the expansion of cloud adoption and the push toward zero trust have
prompted agencies to fully define and begin scaling up DevSecOps policies
and practices.
The Army and U.S. Citizenship and Immigration Services are prime examples.
As Young Bang, principal deputy assistant secretary of the Army for
acquisition, logistics and technology, said of the service’s Defensive Cyber
Operations pilot: “That set us on a journey beyond just going to agile and to
get to continuous integration, continuous delivery.”
And at USCIS, the move of its primary infrastructure to the cloud created
the opportunity to meet the zero trust mandate to stand up a secure CI/CD
pipeline, explained Chief Information Security Officer Shane Barney.
“Zero trust does require some new initiatives in that space that are really
important. And in fact, the most recent one … added was the change to how
you deploy code, automating your pipeline deployments into production,” he
said. “When we first started cloud, we weren’t able to do that. And we just
didn’t do it. And so we kind of got into a practice of not doing it.”
That’s changed now, Barney said.
And the Army and USCIS are not alone in efforts to standardize around
DevSecOps.
Vanessa Roberts
Editor, Custom Content
Federal News Network
Download the full report to learn how DevSecOps can enable your agency to streamline and secure production. Featuring insights from DevSecOps leaders at SecondFront, Red Hat, Venafi and VMware.
By supplying my contact information, I authorize Carahsoft and its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.