How to Embrace DevOps in the Federal Sector | #government | #hacking | #cyberattack

Pinpoint the Challenges to DevOps Adoption

DevOps thrives on collaboration and cooperation. American sociologist Ron Westrum illustrated this best when he created the Three Cultures Model, which shows how organizational cultures shape performance.

In the model, organizations can have either a “pathological” do-it-this-way-or-leave culture; a “bureaucratic,” rule-oriented one; or a “generative” culture focused on getting things done by working together.

By its very nature, DevOps requires a generative environment that welcomes change and has been shown to deliver wide organizational benefits, attract talent, win customers and create a virtuous cycle of innovation. Since government-sector organizations are more likely to have a bureaucratic culture, change starts here.

In addition to adopting a generative culture, cybersecurity threats and data privacy stand on equal ground when pinpointing challenges to DevOps adoption.

Cybersecurity and risk management have consistently topped the National Association of State Chief Information Officers’ annual list of the top 10 policy and technology priorities of state CIOs.

Addressing these risks starts at the database level for most companies, and this approach should be no different for the federal sector.

As Gartner notes in a 2021 report: “As attack surfaces increase, the need to address physical threats and cyber threats will lead to the need for higher levels of adoption of emerging technologies to address an array of environments spanning across critical infrastructure.”

READ MORE: Software factories help the military scale DevSecOps.

3 Steps That Help Make DevOps a Reality

Cybersecurity threats are only one side of the coin. There are also risks posed to the personal privacy of the millions of people who interact with federal government agencies each day. The federal edition of the “2021 Thales Data Threat Report” reveals that 66 percent of that risk comes from staff inside organizations making mistakes, rather than traditional external attackers and nation-states.

To get these issues resolved more quickly, there must be a change in the mindset and approach of the sector to better protect data as well as people. This starts with greater collaboration and a focus on the organization’s application and data security.

Overcoming the challenges to DevOps adoption can be accomplished in a few straightforward steps.

Establish a DevOps culture. This starts with making a clear shift from a bureaucratic culture to a generative one. While this may not be completely practical for all parts of the federal government, change can still start within the IT team and even one project being worked on by the team.

To enable this, leaders need to build trust with their people, empower them with autonomy, and rely on strong communication and cooperation to ensure that everyone understands their roles and overall objectives. Doing so will help break down the silos that are limiting collaboration.

Strengthen the cybersecurity framework. Most federal CIOs will be familiar with the Framework for Improving Critical Infrastructure Cybersecurity from the National Institute of Standards and Technology (NIST). This provides a common approach for understanding, managing and expressing cybersecurity risks to internal and external stakeholders.

The five core functions within the framework (identify, protect, detect, respond and recover) enable organizations to build a profile that describes how their current cybersecurity efforts help to mitigate risk and identify where improvements need to be made.

Introduce a data privacy framework. The third step is to shine a spotlight on how data is managed and processed. A good place to start is the NIST Privacy Framework, which was published to help companies take privacy into account as they design and deploy systems.

This can also translate to the federal sector, since it provides a roadmap for how to build a profile of current privacy practices and highlights where and how changes need to be made. Areas that need to be addressed will become clearer, as will the steps required to move forward.

EXPLORE: How IT service providers can help agencies transition to modern processes.

DevOps Is Receiving More Positive Attention

The advantages of introducing DevOps to software and database development are already well known. For the federal sector, this means welcoming the openness it requires, encouraging experimentation and innovation, and working across departmental silos.

It’s no easy task, especially when the culture that typically exists at the government level depends on siloed work, in some instances.

That said, the federal sector is showing signs of change, and attitudes are slowly shifting. The “Government Trends 2021” report from Deloitte, for instance, found that 78 percent of U.S. government executives believe the use of agile and DevOps methodologies is having a significant positive impact on their organizations.

Even though every sector has challenges when introducing DevOps methodologies, the NIST-driven cybersecurity and data privacy frameworks provide accessible methods of identifying which key areas to tackle first.

When in doubt, consider working with a trusted company already in the federal space to help ease the transition. The key, as with any digital transformation initiative, is to start small with one team or one project, demonstrate that it works and build out from there.

Original Source link

Leave a Reply

Your email address will not be published.

sixty seven + = seventy three