Jul 14 2022

How to Embrace DevOps in the Federal Sector

Culture and procedures both must change for the environment to take hold.

There’s no shortage of recommendations on the benefits DevOps brings to almost any industry, and that includes the federal space. With so many older systems in place, government is one of the sectors that could use it most.

The federal sector has a real need to adopt DevOps practices to speed up software development and help IT teams work more collaboratively.

Like any industry, however, there are often challenges to adopting new ways of doing things when they disrupt legacy systems, and it’s not always clear where efforts should focus to help move things forward.

Perhaps as a result, Redgate’s “The 2021 State of Database DevOps” report shows that only 65 percent of the government sector has adopted DevOps in some form, a stark contrast to the 85 percent of organizations observed in the technology sector.

And while the latter does allow for more innovation and flexibility, there’s a need to speed up software delivery, free up developer time and encourage more collaboration in the federal sector as well.

That said, the first step toward DevOps adoption starts with identifying the roadblocks to rolling it out, then addressing how to overcome them. Here’s what that means for the federal sector.

Click the banner below to get access to exclusive cloud content by becoming an Insider.

Pinpoint the Challenges to DevOps Adoption

DevOps thrives on collaboration and cooperation. American sociologist Ron Westrum illustrated this best when he created the Three Cultures Model, which shows how organizational cultures shape performance.

In the model, organizations can have either a “pathological” do-it-this-way-or-leave culture; a “bureaucratic,” rule-oriented one; or a “generative” culture focused on getting things done by working together.

By its very nature, DevOps requires a generative environment that welcomes change and has been shown to deliver wide organizational benefits, attract talent, win customers and create a virtuous cycle of innovation. Since government-sector organizations are more likely to have a bureaucratic culture, change starts here.

In addition to adopting a generative culture, cybersecurity threats and data privacy stand on equal ground when pinpointing challenges to DevOps adoption.

Cybersecurity and risk management have consistently topped the National Association of State Chief Information Officers’ annual list of the top 10 policy and technology priorities of state CIOs.

Addressing these risks starts at the database level for most companies, and this approach should be no different for the federal sector.

As Gartner notes in a 2021 report: “As attack surfaces increase, the need to address physical threats and cyber threats will lead to the need for higher levels of adoption of emerging technologies to address an array of environments spanning across critical infrastructure.”

READ MORE: Software factories help the military scale DevSecOps.

3 Steps That Help Make DevOps a Reality

Cybersecurity threats are only one side of the coin. There are also risks posed to the personal privacy of the millions of people who interact with federal government agencies each day. The federal edition of the “2021 Thales Data Threat Report” reveals that 66 percent of that risk comes from staff inside organizations making mistakes, rather than traditional external attackers and nation-states.

To get these issues resolved more quickly, there must be a change in the mindset and approach of the sector to better protect data as well as people. This starts with greater collaboration and a focus on the organization’s application and data security.

Overcoming the challenges to DevOps adoption can be accomplished in a few straightforward steps.

Establish a DevOps culture. This starts with making a clear shift from a bureaucratic culture to a generative one. While this may not be completely practical for all parts of the federal government, change can still start within the IT team and even one project being worked on by the team.

To enable this, leaders need to build trust with their people, empower them with autonomy, and rely on strong communication and cooperation to ensure that everyone understands their roles and overall objectives. Doing so will help break down the silos that are limiting collaboration.

Strengthen the cybersecurity framework. Most federal CIOs will be familiar with the Framework for Improving Critical Infrastructure Cybersecurity from the National Institute of Standards and Technology (NIST). This provides a common approach for understanding, managing and expressing cybersecurity risks to internal and external stakeholders.

The five core functions within the framework (identify, protect, detect, respond and recover) enable organizations to build a profile that describes how their current cybersecurity efforts help to mitigate risk and identify where improvements need to be made.

Introduce a data privacy framework. The third step is to shine a spotlight on how data is managed and processed. A good place to start is the NIST Privacy Framework, which was published to help companies take privacy into account as they design and deploy systems.

This can also translate to the federal sector, since it provides a roadmap for how to build a profile of current privacy practices and highlights where and how changes need to be made. Areas that need to be addressed will become clearer, as will the steps required to move forward.

EXPLORE: How IT service providers can help agencies transition to modern processes.

DevOps Is Receiving More Positive Attention

The advantages of introducing DevOps to software and database development are already well known. For the federal sector, this means welcoming the openness it requires, encouraging experimentation and innovation, and working across departmental silos.

It’s no easy task, especially when the culture that typically exists at the government level depends on siloed work, in some instances.

That said, the federal sector is showing signs of change, and attitudes are slowly shifting. The “Government Trends 2021” report from Deloitte, for instance, found that 78 percent of U.S. government executives believe the use of agile and DevOps methodologies is having a significant positive impact on their organizations.

Even though every sector has challenges when introducing DevOps methodologies, the NIST-driven cybersecurity and data privacy frameworks provide accessible methods of identifying which key areas to tackle first.

When in doubt, consider working with a trusted company already in the federal space to help ease the transition. The key, as with any digital transformation initiative, is to start small with one team or one project, demonstrate that it works and build out from there.

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.