Today's technical landscape continues to evolve faster and faster, and the need for a DevSecOps culture becomes extremely necessary.
Through support from Capacitas, the United Kingdom Health Security Agency (UKHSA) recognised the significance of this culture shift, and we have embarked on a journey to integrate DevSecOps best practices into its technical ecosystem. Let us explore how this transformation is taking shape within UKHSA and why it is crucial in the modern software development landscape at any organisation.
At the heart of a DevSecOps approach is a commitment to automation and cloud technologies. UKHSA acknowledges the importance of standardising toolsets, ensuring that teams across the organisation have access to the same automation capabilities. This standardised tech stack forms the foundation for efficient and secure software development and delivery.
Quality and Security Assurance Throughout the Lifecycle
DevSecOps is not just about security but also about democratising quality assurance and monitoring. UKHSA aims to empower DevOps teams to take ownership of security, quality, and monitoring. By integrating these aspects throughout the development lifecycle, teams can identify and address issues in real-time, reducing the risk of vulnerabilities and defects reaching production.
Culture of Ownership
A crucial aspect of DevSecOps is fostering a culture of ownership within teams. Every team member is encouraged to follow the DevSecOps operating model. Maturity assessments are conducted to ensure that all teams are aligned with best practices and continuously improving their processes.
Optimising the Delivery Triangle
DevSecOps aims to optimise the "delivery triangle" composed of speed, cost, and delivery quality. It's not about cutting corners or overspending but achieving a balance through the principles mentioned above. By prioritising tech, ensuring quality, and instilling a culture of ownership, UKHSA seeks to streamline the software delivery process.
Benefits of Embedding Engineering Culture
Fundamental DevSecOps Principles
Through joint efforts, the importance of adhering to key DevSecOps principles has been reinforced across UKHSA product delivery teams. The primary principles to consider in any DevSecOps engagement are as follows:
The journey towards a DevSecOps culture within UKHSA is driven by a commitment to optimising software delivery while maintaining high quality, security, and compliance. By prioritising automation, quality assurance, and a culture of ownership, UKHSA is well on its way to achieving a more efficient and secure technical landscape. This cultural shift not only benefits the organisation but also contributes to the broader transformation of software development practices in today's dynamic world.
At Capacitas, we have worked with various clients to ensure that their CI/CD pipelines cover these 10 fundamental steps, which has helped – along with offering guidance across the rest of their DevSecOps journey – enabling them to increase overall capability and organisational maturity supporting the technology growth, with use of automation to speed up development cycles without sacrificing quality and security.
For more information or to ask for more practical advice on the topics covered in this blog, please reach out to us via our website or reach out via email at contact@capacitas.co.uk