search menu icon-carat-right cmu-wordmark

DevOps: Build Faster and Better Applications

Created May 2018

DevOps combines development and operations—and involves a wide array of stakeholders—to improve efficiency and outcomes by focusing on shared business goals. Secure DevOps is DevOps with an emphasis on security throughout the entire process. DevOps follows and expands on key principles of Agile software development and represents a fundamental shift in how large, distributed enterprise organizations develop, test, and deliver software. We help you introduce DevOps principles and practices to your organization by assessing its current state, helping to establish its integrated development pipeline, and building monitoring metrics to be used throughout the application lifecycle and beyond.

The Challenges of Combining Development, Operations, and Security

Today, software development means more than just meeting the needs of your end users. You must involve operations to address stakeholder requirements quickly and in competitive, continuously changing, complex environments.

How do you introduce DevOps into your organization? How do you adapt DevOps into complex systems of systems? How do you respond when you discover vulnerabilities in your software? How do you build an acquisition process that supports an Agile development process? Organizations are challenged by these problems and more.

Organizations often struggle to release new or updated software and add new features that meet stakeholder needs quickly and that leverage state-of-the-art processes and tools. DevOps can be the answer to that struggle. However, since DevOps affects the people, processes, and technology of an organization and the cutting-edge practices the organization implements, adapting a DevOps approach can be daunting.

Secure DevOps builds security into the development and operations lifecycle. However, some organizations find it challenging to apply Secure DevOps. This is particularly challenging for highly regulated environments (HREs), which must comply with various mandated policies for areas such as security, intellectual property, and segregated environments.

For these reasons and more, DevOps can be difficult to take on, particularly because it relies on cross-functional teams that must deliver software builds frequently. We can help.

Our Solutions

Using DevOps enables your organization to have a continuous feedback loop from its stakeholders. With DevOps, cross-functional teams improve software continuously to meet that feedback, incorporate security throughout the DevOps process (Secure DevOps), develop improvements that operate as designed, and release improvements as often as necessary to meet business needs.

We offer multiple channels of support that can help you implement DevOps or take it to the next level. Our experts can help you apply DevOps to your organization’s development, testing, and operational processes and create synchronous environments that enable you to apply patches to software, confident that they will work across these environments.

We can also help you leverage DevOps to better meet the requirements set forth in various standards (e.g., IEEE P2675 DevOps and NIST 800-160), frameworks (e.g., DOD Architecture Framework), regulations (e.g., DoDD 5000.01 and DFARS), and strategic plans (e.g., the DISA Strategic Plan).

We provide online training that teaches DevOps to managers, technical teams, and other stakeholders. We offer hands-on workshops that provide comprehensive training, including exercises using DevOps tools and techniques throughout the SDLC. We provide mentoring support by collaborating with your teams and stakeholders to support your organization’s DevOps strategies. We offer engineering support by helping you implement and measure your organization’s DevOps tools and processes.

Using a process that combines analyzing, designing and developing, applying and measuring, and monitoring, our experts support you as you establish or refine robust DevOps capabilities in your organization.

Looking Ahead

We are advancing DevOps concepts. Specifically, we are researching and developing a model to help HREs adopt DevOps. We are also researching and developing a Secure DevOps Model as well as a prototype model that demonstrates continuous security.

Forward-thinking approaches to processes, including automated DevOps techniques and tools, enable our researchers and developers to systematically implement, maintain, and monitor high standards of efficiency, security, and functionality for each project and product we work on.

Our goal is to help other organizations embrace the full automation and high standards that you can achieve with DevOps. Follow the progress of our research by reading our DevOps blog, finding us at prominent events such as RSA, and reading our collection of publications in the SEI Digital Library.

Learn More

Agile and DevOps: Your Questions. Our Answers.

Agile and DevOps: Your Questions. Our Answers.

April 27, 2018 Webinar
Hasan YasarEileen Wrubel

Watch this lively discussion in which we answered attendee questions on all things Agile and DevOps.

watch
Agile DevOps

Agile DevOps

April 19, 2018 Podcast
Hasan YasarEileen Wrubel

Eileen Wrubel and Hasan Yasar discuss how Agile and DevOps can be deployed together to meet organizational needs.

learn more
The CERT DevSecOps Model: Building Secure Applications

The CERT DevSecOps Model: Building Secure Applications

April 12, 2018 Brochure

DevOps is a modern software development approach where stakeholders and development and operations teams collaborate to improve efficiency and results.

read
Oh No, DevOps is Tough to Implement!

Oh No, DevOps is Tough to Implement!

March 27, 2018 Presentation
Hasan Yasar

This presentation explains DevOps, common misconceptions and roadblocks, and how you can use DevOps to help your organization reach new heights of efficiency and productivity without getting frustrated.

read
How Risk Management Fits into Agile & DevOps in Government

How Risk Management Fits into Agile & DevOps in Government

February 01, 2018 Podcast
Timothy A. ChickWill HayesEileen Wrubel

In this podcast, Eileen Wrubel, technical lead for the SEI's Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together.

learn more
Integrating Security in DevOps

Integrating Security in DevOps

June 29, 2017 Podcast
Hasan Yasar

In this podcast, Hasan Yasar discusses how Secure DevOps attempts to shift the paradigm for tough security problems from following rules to creatively determining solutions.

learn more
Secure DevOps

Secure DevOps

January 26, 2017 Fact Sheet

The DevOps team delivers innovative engineering methods and solutions to challenging cybersecurity problems.

read
SEI Cyber Minute: DevOps for Better Software Build

SEI Cyber Minute: DevOps for Better Software Build

January 04, 2017 Video
Hasan Yasar

Watch Hasan Yasar in this SEI Cyber Minute as he discusses "DevOps for Better Software Build".

watch
Security Practitioner Perspective on DevOps for Building Secure Solutions

Security Practitioner Perspective on DevOps for Building Secure Solutions

October 31, 2016 Webinar
Hasan Yasar

This webinar covered the perspectives of security practitioners on building secure software using the DevOps development process and modern security approach.

watch

Related Courses

Secure DevOps Process and Implementation

ONLINE

This 4.5 hour virtual, asynchronous course is designed for managers, developers and operational teams to offer a comprehensive training on DevOps principles and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this course will expose attendees to reference architectures and...

Register

DevOps in Practice Workshop

1 - Day Course

This DevOps workshop is intended to offer a comprehensive, hands-on review of DevOps topics and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this workshop will expose attendees to reference architectures and hands-on experience with Continuous Integration (CI) tools and...

Register