Pentagon Revamps Tech Strategies to Advance DevSecOps
Updated Pentagon software development strategies streamline processes, enhance security and drive operational innovation.
The Defense Department released a series of new guidelines and initiatives this year to advance modernization, embrace DevSecOps and enhance security.
“The department started this back in 2019,” DOD Director of Cloud & Software Modernization George Lamb said during a meeting of the GovCIO Media & Research DevSecOps Working Group on Friday. “That’s when the true transformation for DevSecOps first kicked off. A lot of what we do is at strategy and guidance level.”
In October, DOD updated its DevSecOps fundamentals document , which outlined a modernized approach to software development. The revised edition emphasized faster delivery, tighter security and improved collaboration across the software development lifecycle. Lamb said the document used to be more of an “aspirational guide” and that the updated version is more practical.
“[The version released in October] takes us to the current state of where we are after four years of the journey,” Lamb explained. “This fundamentals document is designed for the department and programs that are trying to understand where they are, how to adopt cloud and how we take the different authorities and equities that are distributed across the department.”
Lamb also highlighted the Pentagon’s shift from point-in-time security checks to continuous authorization in the DevSecOps process. Lamb said that the “DoD Continuous Authorization Implementation Guide” document released in April, outlines a more dynamic approach.
“It’s a concept that’s been around for a while, but we’re trying to drive that home as the new standard to replace [authority to operate] really looking at the supply chain, the secure supply chain, making that the fundamental premise for how you do ATO,” said Lamb. “Getting rid of that concept where ATO is something that happens at the end you hand over a product, and then your security team comes in and they look at it without context.”
Lamb noted that the continuous authorization process can identify and address security vulnerabilities much faster, reducing the time it takes to deploy software. By integrating security into the development process, DOD aims to build more secure software from the ground up, Lamb said.
“We believe that security without context is really not secure,” said Lamb. “That context is how you get a lot of the smarts, and the supply chain is where you get that context.”
Additionally, Lamb emphasized the department’s recent document, which aims to optimize cloud spending and ensure the department gets the most value for its investment in cloud. Released in October 2024, the “DoD Cloud Financial Operations Strategy” outlined ways to manage cloud computing costs within modernization plans and efficiently manage cloud resources and budgets.
“Each of the services have their own cloud service offices, and that’s where we’re seeing inconsistent ways that financial operations are happening,” said Lamb. “We’re trying to bend the best practices from using the cloud effectively into the department, turning that into department-wide policy.”
Lamb said the department’s DevSecOps updates help modernize DOD by accelerating software delivery, streamlining processes, managing cloud more effectively and prioritizing security throughout the software development lifecycle.
“[It’s a] transformational process, trying to get DevSecOps encoded through the department,” said Lamb.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
How AI Will Shape the Future of Cancer Care
Cutting-edge technology is transforming health care, with solutions like artificial intelligence helping agencies like the National Cancer Institute (NCI) improve screening, diagnosis and treatment.
3m watch -
Navy’s New Playbook, Enterprise Services Boost Tech Acquisition
The Department of the Navy is leading the charge in innovation, speeding up the federal acquisition process to improve tech adoption and remain competitive in the evolving tech landscape.
3m watch -
Defense Leads Prioritize Data Governance Over Emerging Tech
Officials said they are tackling data challenges and measuring data success to prepare for modernized technology.
3m read -
How Marines' Project Dynamis is Supporting CJADC2 Data Effort
Col. Jason Quinter delves into the origins of Project Dynamis and how the program builds upon the Pentagon's larger strategy.
5m read