Abonnez-vous au flux

We spend a lot of time defining DevOps and outlining what it means to developers, operations, and organizations as a whole. But there's one aspect of DevOps that doesn't get the attention that it deserves: its role in helping to maintain a good security posture for all organizations, particularly federal government agencies.

 

This is an important topic that a panel of experts recently spoke at length about at Red Hat's Defense in Depth conference (listen to the recording here). During that session, representatives from Red Hat and elsewhere laid the groundwork by explaining what DevOps is – essentially, a methodology and outgrowth of agile application development that involves developers and operations managers coming together to continuously innovate and update new and existing apps at a very rapid pace.

 

This is something that is very unfamiliar to many government organizations. Over the years, these groups have become accustomed to long-term vendor contracts that offered the promise of periodic software updates over months or, in some cases, years.


Today's threat environment is far too accelerated for that type of approach. Agencies are at a point where security vulnerabilities are coming at them hard and fast, and threat vectors change on a regular basis; today's Shellshock could easily lead to tomorrow's who-knows-what.

 

Agency IT personnel need to be able to react in real time. Therefore, they need a system that allows for continuous software development that will help them keep pace with current and potential threats.

 

DevOps can be that system because it offers a blueprint to which federal IT managers can map their ongoing vigilance. Through continuous integration and delivery, and by updating software every few days (rather than months or years), they can quickly respond to potential threats while helping to keep hackers on their heels. In this sense, one could say that DevOps is a great way to significantly cut down the time it takes to address the timeless problem of maintaining an effective security posture.

 

However, like many new approaches, adopting a DevOps approach can be a challenge, particularly in the federal space, which has a culture that is very steeped in traditional roles and responsibilities. A committed DevOps approach requires that these roles and responsibilities must change; people must take on new assignments and workloads, learn to work with different teams, and more. Therefore, it's incumbent upon everyone in the organization to adhere to that old security adage “trust, but verify.” Everyone needs to be accountable for their team members and make sure they are all doing their respective jobs. Not doing so can cause cracks to appear in a DevOps methodology – and, as a result, the security posture it's helping to solidify.

 

Adopting DevOps is important, not just to federal administrators, but also to the defense of government IT as a whole. Technology can only do so much, and the technology that allows governments to secure their information and networks is already fully in place. Now, it needs to be complemented by processes and policies that match its capabilities.

 

Adopting a DevOps methodology can help federal IT administrators match a suitable process to the fantastic technology they have at their disposal. In the process, it can help both them and the warfighters they support by greatly assisting in their age-old effort to maintain rock-solid security.


À propos de l'auteur

UI_Icon-Red_Hat-Close-A-Black-RGB

Parcourir par canal

automation icon

Automatisation

Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements

AI icon

Intelligence artificielle

Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement

open hybrid cloud icon

Cloud hybride ouvert

Découvrez comment créer un avenir flexible grâce au cloud hybride

security icon

Sécurité

Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies

edge icon

Edge computing

Actualité sur les plateformes qui simplifient les opérations en périphérie

Infrastructure icon

Infrastructure

Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde

application development icon

Applications

À l’intérieur de nos solutions aux défis d’application les plus difficiles

Original series icon

Programmes originaux

Histoires passionnantes de créateurs et de leaders de technologies d'entreprise