DevSecOps Drives Reliable and Secure Software

BACKGROUND

DEVSECOPS EVOLVED: DEVSECOPS  CENTER OF EXCELLENCE AND EGT LABS®

eGlobalTech (eGT) established eGT Labs as a forward-leaning research and development environment to solve challenging client problems and to create high-value products and services. eGT Labs, in turn, launched the DevSecOps Center of Excellence to develop best practices and technical guidance on successful DevSecOps deployment. The DevSecOps CoE defined the following best practices as critical to deployment:

1. Establish the Culture – DevSecOps is not a singular process, nor is it a single lifecycle. It is an innovative approach to system engineering that focuses on teamwork, integration of cross-cutting concerns, and success through frequent repetition.

2. Coaching Is Key – Coaches should be heavily engaged during early adoption to help transform managers, engineers, and even contracting staff to fully understand DevSecOps and effectively interact with it.

3. Security-First Design – Security should be applied not only to the code, but also to the processes involved in coding. This provides an accelerant from project initiation that helps streamline deployment and delivery.

4. Automation – DevSecOps performed the eGT way features automation at all levels, including code generation, deployment, testing, and security testing to maximizing the impact of DevSecOps. Build Often/Deploy Often/Test Often – One of the key aspects of DevSecOps features daily builds and deployments with testing in every build. Products built with DevSecOps are better tested and more secure than products built without it.

5. DevSecOps Friendly Acquisition – DevSecOps thrives when teams are fully integrated and encouraged to collaborate. Enhancing acquisition strategies that favor integration of cross-functional teams is essential to reducing costs and developing better products.

GT Labs developed a framework which enables rapid delivery of secure solutions of superior quality by incorporating security and operations readiness from day one. Our leading, end-to-end framework and toolkit, DevOps Factory®, includes the following critical elements:

1. Implements security-first design and development.

2. Automates security governance and controls consistent with Ongoing Authorization (OA).

3. Secures the continuous delivery/continuous delivery pipeline through authentication, secure storage of build artifacts, key management, etc.

4. Automates security testing, static code analysis, configuration management, incident response and forensics, secure backups, log monitoring, and continuous monitoring and mitigation.

5. Incorporates compliance with FISMA, NIST, and other applicable federal standards and guidelines.

DEVSECOPS APPLIED

A public sector eGT client had a complex geospatial system prototype composed of Microsoft and open source applications with a growing number of ArcGIS services. This prototype was used in a production capacity and encountered frequent outages and performance issues.

To solve this issue, we applied DevOps Factory® to re-engineer the target architecture, implement security-first design, and automate the end-to-end cloud migration process onto our managed AWS infrastructure.

Results included:

1. Migrated and operationalized a secure geospatial cloud ecosystem to AWS within three months, compliant with federal security standards.

2. Securely on-boarded over a dozen complex applications and systems.

3. Seamlessly supported 400+% growth of geospatial services.

4. Achieved 99.99% operational availability.

CONTACT US AT: Info@eglobaltech.com if you would like more information on this topic!

Copyright 2018 | eGlobalTech | All rights reserved.