Recent Government Accountability Office studies on information technology and information security found that the federal government’s aging IT infrastructure and systems are becoming increasingly obsolete, costly and vulnerable. Couple this with the traditionally slow-moving pace of government, and we find that agencies are in urgent need of solutions designed to handle changing mandates, increased cloud adoption and serve citizens in the digital age.
Many government agencies, such as the United States Air Force, have turned to DevOps approaches to help increase and improve the velocity at which applications and services are delivered. Like many of my contemporaries, we have seen the age of DevOps coming for some time as we watched production support evolve into this: an integrated approach to development and delivery.
Still, for the government to effectively embrace DevOps and more agile approaches to IT, agencies will need to demolish the cultural barriers that are keeping our government’s approach to IT stale. Specifically, the government will need to rethink procurement, security and compliance requirements and simplify the end-to-end life-cycle requirements through automation.
As the concept is easily related to Agile, the term “DevOps” is its own biggest risk. Government agencies aren’t looking for an only Agile process; they are looking for something that they can apply across all their systems. So, why would they adopt a solution that is only associated with Agile? The truth is, DevOps isn’t just for Agile projects, or projects in general; DevOps is a concept for creating and introducing solutions into production environments.
While it is true that DevOps is Agile, to gain a foothold in government, it’s important that DevOps be recognized as an agnostic concept that embraces analog and digital, waterfall and Agile, development shops and system implementers, and integrates the organization’s needs into a process — automating when possible and willing to change regularly. Purists can argue that DevOps is an Agile concept, and they’d be right. But the evangelist must accept that it needs to work in all aspects of IT if it is to flourish.
The process of DevOps is distinct because of its agility, allowing IT professionals to integrate security earlier in the software development and deployment process. This collaboration between operations and development is crucial for government, as agencies are now required to do continuous routine software checks and have the security in place to address issues that might arise later in the development process.
DevOps, when compared to production support, is rather different, as production support entails a team of engineers with varying backgrounds to perform specific tasks along a change request lifecycle. This is a very analogous process with many handshakes along the way. DevOps, while not completely different, offers to expedite this effort usually through automating the IT delivery chain. By automating, and then cross-training team members, IT professionals can help prevent bottlenecking along the way, as well as improve and increase communications by utilizing multiple mediums of communications.
While some might think that with automation techniques comes breaking regulations for compliance, DevOps automation can help organizations to stay compliant, increasing their awareness on breach of regulations and dealing with both security and compliance concerns in real-time, rather than later in the release cycle. As technology continues to advance and more regulations are put into place, this immediate response and the automation of both tests and audits will be essential to the success of DevOps within the government.
Ultimately, DevOps is more than technology or processes; it is a philosophy. Philosophies aren’t normal requests for proposals or quotes that can be procured. Above all else, government agencies must instill the culture of DevOps before it can be successful. Change is a painful process for many organizations, sometimes limping along until it is forgotten. There is no magic bean to bury, nor is there a system to implement based on an RFP. It’s work. It requires vision, and likely a change in mission — not to mention acquiring DevOps experts to assess, advise and recommend a path for implementation.
Jay Bercher is a deputy program manager at IT system modernization and support company Solutions By Design II, LLC.