Last year’s DevOps statistics showed that half and half of governments either imbibed DevOps or had minimal adoption rates.

In an increasingly applications-driven world, government sectors are constantly challenged with prioritizing resources and delivering services to their peoples while having to meet stringent security and compliance requirements.

In recent times, as more authorities embrace smartphone applications for contact tracing, the authorities of Singapore, Vietnam and Australia have been facing this challenge ever more.

Said Rachel Lew, country manager of automation specialist Puppet: “In the Asia Pacific region, we’ve had a few municipalities coming to us to help them speed up infrastructure to address their disaster recovery plans and enable the automation of applications migration from on-prem to the cloud as needed. Of course, you also get bad actors trying to take advantage in vulnerable situations as well. There is a need, more than ever, to make sure your infrastructure is in its optimal state for you to track any vulnerabilities that might cause disruption.”

According to Lew, government agencies need to empower their teams to find and fix security issues, so that the latter do not inadvertently end up in production. The solution points to the integration of security earlier in the delivery cycle. Although it may sound expensive to adopt new tooling and practices, fixing defects earlier in the delivery lifecycle is much cheaper in the long run, reducing development time and costs.

Application security by design

So, as governments leverage new technologies for better citizen engagement, the DevOps approach stands above the rest. With DevOps, government agencies can address security and compliance requirements, manage heterogeneous environments, and get immediate and ongoing visibility in their IT infrastructure.

As reported by Puppet, one of the key benefits of DevOps adoption in the government sector is the enablement of stress-free IT audits. Customers were able to build security and compliance across their IT estate, significantly reducing audit time from months to weeks. DevOps is a also way for governments to deliver assured security compliance. DevSecOps teams can model security-compliant IT environments—whether cloud-based or on-premises—in an automated fashion to develop and test software so new applications run, operate, and are secure as expected.

Moreover, with a common language, teams can successfully adopt DevSecOps practices, such as version control, code review, automated testing, continuous integration, and automated deployment.

Tackling governmental challenges

When it comes to security integration, the 2019 State of DevOps: Industry Report Card by Puppet had highlighted that there is no real middle ground for governments: 43% of respondents reported either significant integration or full integration while 42% had no or minimal integration.

Overall, although governments have the greatest impact on improving confidence in security posture, they are faced with several challenges, such as:

  • Deployment frequency: Only 41% were able to deploy on demand.
  • Time to remediate vulnerabilities: Government agencies had the slowest time to remediate critical vulnerabilities, and only 3% of respondents were able to remediate in under an hour.
  • Having security integrated in the early phases of the delivery cycle: Government agencies had the lowest percentage of firms with security integrated into the build and design phases.

Lew adds on, “Cybersecurity is not just a matter of who, but also when. With cyber threats continuing to rise, governments around the world need to prioritize automation as a part of their security practice.”