The ReleaseTEAM Blog: Here's what you need to know...
State Government and DevSecOps
Adopting DevOps to improve efficiencies and day-to-day delivery of state government services is not a new phenomenon. Still, many states needed to accelerate digital transformations during the pandemic quickly. The Department of Motor Vehicles moved services like vehicle registration to contactless, online fulfillment, and those changes have persisted even after offices reopened because they were more efficient. The ability to quickly respond to changing needs, and reduce citizen waiting times, results in improved government agility and customer experience.
Government agencies that already have a DevOps or DevSecOps initiative in place are more likely to be able to pivot in response to threats or opportunities.
DevOps Challenges for State Governments
Embarking on or maturing a DevSecOps practice in state government is challenging. There are likely to be many agencies operating separately, using different tools and inherited IT projects. They may be so focused on “keeping the lights on” that they do not have the bandwidth to focus on strategic initiatives. Budgets, procurement processes, and software license renewal periods may vary between the agencies. Some agencies may have trouble hiring people with existing DevOps or cloud experience.
Overcoming these obstacles requires a top-down initiative that unites agencies in a common goal, leverages buying power to secure the best bids on the necessary tools, and sets employees up for success. States can supplement their workforce with contractors or consultants to cover short-term gaps in skills. However, training and upskilling employees should be a requirement for successful completion.
Although the vision and sponsorship require a top-down approach, survey employees to discover what they need to improve efficiencies and developer experience. Their insights and buy-in will ensure that whatever processes and tools the state implements are successful instead of creating more red tape or buying shelfware.
Benefits of DevSecOps
Implementing DevSecOps makes it easier for state governments to modernize their systems and move faster with more confidence.
Before adopting DevSecOps, the State of Colorado spent two years developing a project before running its first security scan. When they finally ran that scan, they identified over 10,000 vulnerabilities. In 2019, they launched their Azure DevOps MVP Implementation program. By the end of 2019, security scans had increased 40%, leading to better confidence and more secure releases.
Since 2019, there’s been an increased focus on software supply chain security in both the public and private sectors. The SolarWinds breach resulted in presidential directives on cybersecurity. State governments, which comprise several state agencies, benefit from the standardized processes and toolsets when adopting DevSecOps at the top level. Knowing what tools and components are used in their various environments makes it easier for states to scan for vulnerabilities and keep components updated.
The ability to move fast, leverage new technology, and having a good developer experience are all crucial for state governments to attract and retain top developer talent. Developers want to work on interesting challenges, not spend their time frustrated with legacy waterfall projects that move slowly. Existing employees will benefit from upskilling, and they’ll be able more easily move between agencies because the processes, tools, and culture will be similar. This allows for a deeper bench of talent and more career opportunities within the government.
Get Help With Public Sector DevOps
With customers spanning government, defense, aerospace, and military, ReleaseTEAM is uniquely positioned to help state governments implement and improve their DevSecOps practice. We can help with planning, tool selection and implementation, workforce augmentation, and training.
Contact Us to find out more.