DOD Needs DevSecOps for Continuous Modernization, DISA Scientist Says

The Department of Defense needs to implement DevSecOps across its enterprise to be able to support continuous information technology modernization, one expert said.

Steve Wallace, a systems innovation scientist at the Defense Information Systems Agency, said DevSecOps prevents situations where the DOD needs to update everything at once, leading to a “technical deficit,” Federal News Network reported Tuesday.

DevSecOps is the concept of ingraining security into the DevOps process, a software development and IT operations philosophy aimed at shortening development time while maintaining high quality.

Wallace added that new IT must be pursued not because of its novelty but because of its ability to satisfy a requirement.

“You could create the best widget, if you will, in the world, but if it doesn’t satisfy the actual need, that widget goes on a shelf, and is never useful to anyone, and it never sees the light of day,” Wallace told Federal News Network.

He advised government agencies to look to each other for existing IT solutions rather than heavily investing in new technology.

DISA is a combat support agency responsible for providing IT and communications support to government components that contribute to the defense of the United States.

Raju Shah, director of DISA’s enterprise engineering and governance directorate, highlighted the importance of reliable data in delivering IT at the speed of relevance.

He said concepts like zero trust and automation accelerate IT delivery while reducing human error. DOD components, including the Defense Logistics Agency, have already adopted robotic process automation for business processes and security.