DevSecOps in the DOD: The key to better collaboration

Last fall, the two leading software-innovation organizations within the Air Force, Platform One and Kessel Run, inked an important collaboration agreement. The accord covers both cultural and technical issues around creating common application development, security and IT platform standards. The goal is to share tools and code to eliminate organizational silos, improve resource use and optimize the development of software.

The memorandum is a meaningful step forward in the Air Force’s ongoing adoption of modern approaches to development and platforms. It’s worth noting that Kessel Run brought “development, security and operations,” or DevSecOps, methodologies to the Defense Department, and Platform One led the way in use of the Kubernetes container orchestration platform.

The memorandum not only documents shared beliefs but also highlights specific calls to action. For example, the organizations “intend to establish a framework other software teams can join to collaborate and build across multiple programs.”

Executing on such goals will require these software factories to take practical steps and to implement effective tools. In particular, collaboration across these organizations will require a centralized, mission-focused collaboration platform.

Building on the DevSecOps playbook

DOD’s DevSecOps Fundamentals Playbook calls for teams to break down information silos and foster new cultural practices. These include project and stakeholder transparency, accessible resources and ChatOps to maximize workflow efficiency.

The playbook is a good first step to integrating teams and successfully implementing DevSecOps. It focuses on capability delivery and allows software factories to use a Kubernetes-based, vendor-agnostic solution to deliver value. Teams have the flexibility to select from many tools that meet the requirements of the DOD’s Enterprise DevSecOps Reference Design.

Yet more remains to be done to advance this cultural change. Other organizations, in both the military and the private sector, must also be able to engage with software factories to further break down silos.

That’s where an effective collaboration platform, purpose-built for DevSecOps, can add real value. A mission-focused collaboration platform supports secure, inter-agency communication, breaking information silos by allowing teams to access important context and expediting the informed decision-making process. It also promotes adoption of configuration as code (CaC) and GitOps, which are effective ways to introduce DevSecOps techniques to teams.

CaC places configuration files – which specify settings for applications, operating systems and server processing – in a repository. The result is better version control, plus the ability for teams to leverage the config files without having to develop their own scripts, saving time and reducing error. GitOps, on the other hand, is an operational framework that applies DevSecOps best practices – including version control, continuous integration/continuous deployment (CI/CD) and collaboration – to infrastructure automation.

DevSecOps culture

In a typical development environment, developer teams and business stakeholders use a wide range of communication, collaboration and project management tools. Separate information streams, each tracking different parts of the development process, result in a fragmented understanding of how a project is evolving among stakeholders. They also hinder the ability to respond to the inevitable changes.

Building off of the collaboration agreement between Kessel Run and Platform One, agencies that adopt a team collaboration platform can enable a single source of truth for all parties involved, at every stage of software development and delivery. Teams have access to the right information at the right time and can therefore take the right actions.

An effective collaboration platform should centralize real-time and asynchronous communication into customizable channels that organize conversations across topics. It should also offer boards for Kanban-style project and task management, and integrations with popular development tools.

Built-in playbooks can provide prescribed workflows to streamline recurring development processes. Checklists, automated triggers and actions, status dashboards and updates as well as retrospective timelines and reports can make structured processes repeatable and predictable.

Collaboration and zero trust

Strong security is essential in military development environments. A centralized collaboration platform reflects the security principles embodied in the DOD’s Zero Trust Reference Architecture.

A security-focused platform will be able to be deployed in an environment without the need for external connections. By centralizing chat communication in topic-based channels, a collaboration platform can support trusted bring-your-own-device communication while maintaining zero-trust security.

Ultimately, effective collaboration will enable informed decision-making. After all, a decision is only as good as the information that underlies it. A collaboration platform puts all decision-making context in a single location, where multiple stakeholders can access it and layer on their own context. That approach also accelerates decisions, especially in cases where decision authority is decentralized.

The collaboration agreement between Platform One and Kessel Run promises more effective application development for the DOD. A collaboration platform can help bring that promise to fruition.

Barry Duplantis is vice president and general manager of public sector for Mattermost.