It’s an increasingly application-driven world.
DevOps could be a key technology to help government agencies address security and compliance requirements, manage heterogeneous environments, and ongoing visibility in their IT infrastructure.
In an increasingly application-driven world, the government sector is constantly challenged with prioritising resources and delivering services to citizens while having to meet stringent security and compliance requirements.
This is taking place even more so in the recent climate as more authorities embrace smartphone applications for contact tracing, such as the case in Singapore, Vietnam and Australia, said Rachel Lew country manager of software automation company — Puppet.
“In Asia Pacific there is a need, more than ever, to make sure your infrastructure is in its optimal state for you to track any vulnerabilities that might cause disruption,” she said. “DevOps is a way for governments to deliver assured security compliance.”
Lew said DevSecOps teams can model security-compliant IT environments — whether cloud-based or on-premises — in an automated fashion to develop and test software so new applications run, operate, and are secure as expected.
“With a common language, teams can successfully adopt DevSecOps practices, such as version control, code review, automated testing, continuous integration, and automated deployment. One of the key successes of DevOps adoption in the government sector is the enablement of stress-free IT audits,” she said.
However, when it comes to security integration, the 2019 State of DevOps: Industry Report Card highlights there’s no real middle ground for governments — 43 per cent of respondents report either significant integration or full integration while 42 per cent have no or minimal integration.
Overall, governments have the greatest impact on improving confidence in security posture, but they are faced with several challenges, such as:
- Deployment frequency: Only 41 per cent were able to deploy on demand.
- Time to remediate vulnerabilities:Government agencies have the slowest time to remediate critical vulnerabilities, and only 3 per cent of respondents were able to remediate in an hour or less.
- Having security integrated in the early phases of the delivery cycle:Government agencies had the lowest percentage of firms with security integrated into the build and design phases.
“Cybersecurity is not just a matter of who, but also when,” said Lew. “With cyber threats continuing to rise, governments in Singapore and around the world need to prioritise automation as a part of their security practice.”
Government agencies need to empower their teams to find and fix security issues, so they do not inadvertently end up in production – and the solution points to the integration of security earlier in the delivery cycle, said Lew.