A case-by-case DevOps strategy
Connecting state and local government leaders
DevOps tools can help government agencies speed up their IT processes, but agency officials caution against using them for all projects.
For the Securities and Exchange Commission, one of the biggest drivers accelerating the rollout of new IT solutions was the creation of cloud implementation team that meets once a week that brought individuals from security, applications and network teams to identify the most pressing issues.
“We are thinking in an agile way, but not necessarily working from an agile process,” SEC Branch Chief Michael Fairless said at a June 21 FCW DevOps workshop. “It is building relationships that pay off" down the road, he said.
The cloud implementation team meetings make it easier for SEC IT staff to communicate with each other when issues arise. When there's a problem with security, Fairless said, other team members "can go to the person that they have been dealing with for the past eight weeks and work collaboratively to solve a problem."
“For us, our customers are the people that we work with,” he added. We have to show value to our customers in everything -- from continuous delivery to reducing the cost and [providing] support to really get to true vulnerability management.”
Fairless said he's found DevOps works best for smaller IT problems rather than for wholesale solutions for the agency.
Fairless realizes that the SEC can’t deliver near-constant DevOps implementations like Turbo Tax or Netflix does, but he said the agency can shorten the time it takes to deploy solutions to identify bad actors in the market from three to five years down to six to 12 months.
Likewise, the Defense Threat Reduction Agency wants to get new tools into warfighters' hands faster. But Leonel Garciga, the agency’s J6 chief and CTO at the Joint Improvised Threat Defeat Organization, acknowledged that DevOps automation doesn’t entirely make sense for all systems where human review is needed.
“My honest answer is that we need to look at the capabilities that we are deploying and make a conscious decision about we are doing today,” Garciga said. “Three to five years from now it could look very different … but we need to be really smart on the software that we are pushing to DevOps.”
Department of Homeland Security Deputy CTO Rob Palmer sees automation in DevOps also helping to reduce the amount of time that it takes to deploy new solutions from 2.5 months to 2.5 minutes.
“We are midway through building a foundation,” Palmer said of efforts to use DevOps across his agency. “We started with a particular cloud vendor to prove out the use case, and we are actively working through the process with our stakeholders.”
To implement DevOps in a Defense environment, Garciga advised agencies to put out the first 20 percent of their IT solutions for agency use as soon as they are completed to “push capabilities out there even faster.”
Citizenship and Immigration Services CIO Mark Schwartz agreed with Garciga that large IT projects with long cycle times impede government progress.
“There is a strong imperative to get the cycle time down in general, which requires working with smaller pieces,” Schwartz said. However, government's oversight and program structure "is completely built around bigness, which is the important conflict that stops us from getting the value out of DevOps.”
When it comes to finding new IT solutions that work for DOD, Garciga said he has found the most success from reaching out to executives at Docker to develop products with containers.
“We need to be more aggressive on the government side to really engage these companies on a technical level and have mature discussions,” Garciga said. “They understand our constraints and what it means to be an insider at DOD, so they can start working on their products and adding new capabilities to support DOD into their core capabilities.”