DevOps: Build Faster and Better Applications
Created May 2018
DevOps combines development and operations—and involves a wide array of stakeholders—to improve efficiency and outcomes by focusing on shared business goals. Secure DevOps is DevOps with an emphasis on security throughout the entire process. DevOps follows and expands on key principles of Agile software development and represents a fundamental shift in how large, distributed enterprise organizations develop, test, and deliver software. We help you introduce DevOps principles and practices to your organization by assessing its current state, helping to establish its integrated development pipeline, and building monitoring metrics to be used throughout the application lifecycle and beyond.
The Challenges of Combining Development, Operations, and Security
Today, software development means more than just meeting the needs of your end users. You must involve operations to address stakeholder requirements quickly and in competitive, continuously changing, complex environments.
How do you introduce DevOps into your organization? How do you adapt DevOps into complex systems of systems? How do you respond when you discover vulnerabilities in your software? How do you build an acquisition process that supports an Agile development process? Organizations are challenged by these problems and more.
Organizations often struggle to release new or updated software and add new features that meet stakeholder needs quickly and that leverage state-of-the-art processes and tools. DevOps can be the answer to that struggle. However, since DevOps affects the people, processes, and technology of an organization and the cutting-edge practices the organization implements, adapting a DevOps approach can be daunting.
Secure DevOps builds security into the development and operations lifecycle. However, some organizations find it challenging to apply Secure DevOps. This is particularly challenging for highly regulated environments (HREs), which must comply with various mandated policies for areas such as security, intellectual property, and segregated environments.
For these reasons and more, DevOps can be difficult to take on, particularly because it relies on cross-functional teams that must deliver software builds frequently. We can help.
Using DevOps enables your organization to have a continuous feedback loop from its stakeholders. With DevOps, cross-functional teams improve software continuously to meet that feedback, incorporate security throughout the DevOps process (Secure DevOps), develop improvements that operate as designed, and release improvements as often as necessary to meet business needs.
We offer multiple channels of support that can help you implement DevOps or take it to the next level. Our experts can help you apply DevOps to your organization’s development, testing, and operational processes and create synchronous environments that enable you to apply patches to software, confident that they will work across these environments.
We can also help you leverage DevOps to better meet the requirements set forth in various standards (e.g., IEEE P2675 DevOps and NIST 800-160), frameworks (e.g., DOD Architecture Framework), regulations (e.g., DoDD 5000.01 and DFARS), and strategic plans (e.g., the DISA Strategic Plan).
We provide online training that teaches DevOps to managers, technical teams, and other stakeholders. We offer hands-on workshops that provide comprehensive training, including exercises using DevOps tools and techniques throughout the SDLC. We provide mentoring support by collaborating with your teams and stakeholders to support your organization’s DevOps strategies. We offer engineering support by helping you implement and measure your organization’s DevOps tools and processes.
Using a process that combines analyzing, designing and developing, applying and measuring, and monitoring, our experts support you as you establish or refine robust DevOps capabilities in your organization.
We are advancing DevOps concepts. Specifically, we are researching and developing a model to help HREs adopt DevOps. We are also researching and developing a Secure DevOps Model as well as a prototype model that demonstrates continuous security.
Forward-thinking approaches to processes, including automated DevOps techniques and tools, enable our researchers and developers to systematically implement, maintain, and monitor high standards of efficiency, security, and functionality for each project and product we work on.
Our goal is to help other organizations embrace the full automation and high standards that you can achieve with DevOps. Follow the progress of our research by reading our DevOps blog, finding us at prominent events such as RSA, and reading our collection of publications in the SEI Digital Library.
April 12, 2018 Brochure
DevOps is a modern software development approach where stakeholders and development and operations teams collaborate to improve efficiency and results.read
February 01, 2018 Podcast
In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together.learn more
October 31, 2016 Webinar
This webinar covered the perspectives of security practitioners on building secure software using the DevOps development process and modern security approach.watch
This 4.5 hour virtual, asynchronous course is designed for managers, developers and operational teams to offer a comprehensive training on DevOps principles and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this course will expose attendees to reference architectures and...