While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
For federal agencies, accomplishing in just a matter of weeks IT tasks that typically take months or years is a dream come true. That’s the promise of the DevOps methodology; some agencies are embracing it, but IT leaders say it takes courage to implement a new approach to IT.
DevOps is a way of thinking that encourages software developers to work with IT operations staff on testing and quality assurance to develop software more quickly and automate infrastructure changes. It’s a collaborative mentality designed to produce software faster and more efficiently.
Some agencies, like the U.S. Citizenship and Immigration Services (a component of the Department of Homeland Security) are further along than others. However, many agencies are testing out DevOps on a small scale.
At USCIS, CIO Mark Schwartz has been embracing DevOps for some time now, and the approach has already produced results. Speaking at the Federal DevOps Summit hosted by the Advanced Technology Academic Research Center on Aug. 18, Schwartz described how the agency has used DevOps to improve its E-Verify service, which lets employers check to be sure prospective employees are U.S. citizens.
According to FCW, Schwartz said implementing DevOps requires jettisoning the traditional way of approaching IT and long-held processes and practices, and even what the agency’s inspector general might think.
And as Federal News Radio reported, USCIS is testing out a DevOps practice called “impact mapping.” In this exercise, Schwartz said, the developers and IT staff working on the E-Verify program had a goal of increasing the number of cases that a verifier can perform per day from about 70 to an undetermined higher amount.
With that goal in mind, the team then maps out the behaviors that would need to change in the agency, and those who have those behaviors.
“Then they map out for each of those behavior changes, what IT capabilities could be offered that might accomplish those behavior changes,” Schwartz said, according to Federal News Radio. Then they take each of those capabilities, think about it and say, ‘If we were to provide this capability, we think it would increase the number of cases a day by X amount, whatever the X is.’ They really don’t know. It’s just a hypothesis. They think if they do ‘this’ it will increase it by this much and if they do this other thing, it will increase it by ‘this’ much. This is all at the level of capabilities. There are no requirements here.”
After that, the development team submits their ideas to the governance board, which is composed of business owners, IT executives and other interdisciplinary leaders for approval and funding. After the governance board approves the ideas, Schwartz said the agile sprint begins. Programmers sit with users of the system, and every time a programmer finishes creating a new piece of functionality, it automatically gets run through a series of compliance and security tests, as well as tests to ensure the new functionality does not break the existing system. Then it all gets deployed to the cloud.
“So in the first hour of the developers working, they are already deploying to a production environment in the cloud and it miraculously appeared,” Schwartz said. As they do that, people can start using it. The users start playing around with it. They give feedback. The programmers make changes and every time they make an adjustment and hit the commit button, automatic tests are run.”
The goal is to let users of the system drive what gets fixed and what gets deployed. According to Federal News Radio, the approach produced immediate results. The site reported: “On a program where USCIS spent the previous four years just developing and documenting requirements, through impact mapping and using DevOps methodology, the agency delivered its first update to the system in six weeks.”
Other agencies are also gingerly implementing DevOps methodologies. Ann Dunkin, CIO of the Environmental Protection Agency, said at the event that her agency is not as deep into the process as USCIS, but added that EPA is relying on the General Services Administration’s digital services unit, 18F, and its Cloud.gov platform as a service to “do the heavy lifting,” according to FCW.
According to Federal News Radio, Duncan said that approach allows her staff to focus on the business side of projects to ensure continuous improvements. Duncan said that the challenge with moving to an agile development process and a DevOps methodology is overcoming cultural resistance to change. The traditional “waterfall” development process often turned out to be a high-risk gambit because it did not produce what users wanted. Moving to DevOps and agile development requires a new approach, she said.
“There is no solution without risk, but we and a lot of people believe that it reduces risk by constantly interacting,” she said. “You’re constantly interacting with your vendor or development team, depending on how you are doing the work. You are constantly able to change who is doing the work for you.”
Meanwhile, Cris Brown, master data management program manager at the Nuclear Regulatory Commission, said she “couldn’t spell DevOps last summer” but has since reached out to her team for help with two projects, according to FCW.
“We received a report that two major pieces were going to be delayed for four and seven months. We couldn’t live with that delay, so I actually reached out to our friends at 18F,” Brown said, according to Federal News Radio. “We actually did two DevOps pilots and we were very successful in moving projects forward. As a result of that, we realized that the DevOps needed to be a part of the culture, and we are working to codify the use of DevOps through an internal project management tool that we have so we can continually have that reference. It hasn’t been easy. It’s a huge culture change that we have just started.”