BLUF

DevSecOps elements incorporated as a design feature drives an innovative culture, boosts productivity and security quality.

Summary

In Defence, 'security is everyone's business'. The goal of DevSecOps is to deliver 'security as code' through automation, increase incident response times, and reduce error margins. A DevSecOps culture in an organisation has significant advantages that only collaboration enables. Bringing IT operators and developers together to explore DevSecOps tools and practices, from the project's get-go, not only creates a continuous loop of learning and improvement through conversation, it also streamlines the overall development process and accelerates results. Large organisations like Paypal have adopted DevSecOps to exploit the ability to quickly create and implement secure solutions that maintain the trust in their products and services. Applying this corporate example to the Defence context allows us to consider the benefits to engaging early with industry, and other government security and cyber agencies to discover new tools, practices and automation for embedding into Defence strategies. It also raises the proposition that re-engineering Defence's extant core systems using a DevSecOps architecture has the potential to reduce hefty IT overheads and consolidate government's technology footprint.