What is DevSecOps?
The incorporation of security into DevOps practices has spawned a new term, DevSecOps (aka SecDevOps). The primary goal of DevSecOps is to ensure Security and Operations team members are engaged and collaborating with Development and Testing from the very beginning of project development.
Implementing DevSecOps requires building a single group of engineers (developers, admins, testers, security engineers) that have end-to-end responsibility of the application from requirements to deployment to monitoring and back to implementing new changes. This process forms a set of stages that can be carried out in a continuous loop until the desired product is achieved.
The Pragmatics DevSecOps Approach
The Pragmatics DevSecOps approach focuses on two underlying drivers for the next generation of system development (Dev), security (Sec) and operations (Ops). First, delivering value to the customer faster and in a secure manner, and secondly, implementing the “shift-left” principle throughout the system processes. The “shift-left” principle involves having teams focus on quality, work on problem prevention instead of detection, and begin testing earlier in the development process.
Establish Agile Fluency and Maturity
Automation of the Continuous Integration / Continuous Delivery (CI/CD) pipeline is foundational for DevOps and DevSecOps. Pragmatics has been developing high quality software systems for more than 33 years and has been performing Agile development since 2004. We have tailored our Agile practices into Pragmatic Agility, encompassing best practices and tools from Extreme Programming (XP), Scrum, Kanban, User-Centered Design (UCD), Test-Driven Development (TDD), and DevOps CI/CD. Additionally, Pragmatic Agility applies continuous improvement and Quality Assurance (QA) through the integration of CMMI Maturity Level (ML) 5.
ITERATIVE DEVELOPMENT
- Early and frequent delivery of working, tested software to allow frequent inspection and adaption by stakeholders.
TEST-DRIVEN DEVELOPMENT(TDD)
- Proves code actually works much faster.
- Provides an automated regression test suite.
- Reduces costs for fixing bugs through more immediate attention.
- Provides better and simpler designs and higher quality code in less time.
CONTINUOUS INTEGRATION (CI)
- Significantly reduces impact of integration problems by finding and addressing bugs quicker.
- Improves software quality.
- Reduces the time it takes to validate and release new software updates.
Security Integrated into Agile CI Practices
Our Information Security (InfoSec) Engineers train our agile developers on Secure Software Design, Security Trends, Access Control, Cryptography, Security at the Network Layer, Security at the Application Layer, Security Policies, and industry best practices. During implementation, our InfoSec Engineers and developers perform lightweight treat modeling.
Establish Continuous Delivery
With foundational Agile and CI practices in place, we establish continuous delivery by automating platform instantiation, configuration and deployment through the development, test and production pipeline.
Our Pragmatics DevSecOps approach focuses on leveraging and expanding the existing capabilities of an organization and the industry into a dynamic engine for value-delivery. To request more information, we invite you to contact our corporate headquarters at 703-890-8500, or visit our Contact Us page.