DevSecOps Is Supporting the VA’s Mission
Daniel McCune, deputy CIO for software product management at the Department of Veterans Affairs, says that DevSecOps is not only an IT strategy but also a way to help meet the VA’s mission.
“Our passion is improving the lives of our heroes,” McCune says. “That means giving them access to the services they’ve earned and giving them confidence that we’re protecting their data. Given our size and complexity, the only way to do that is through software automation.”
McCune says that three technologies have powered the department’s shift toward DevSecOps.
First, cloud resources procured through Azure and AWS have helped the VA to rapidly scale up applications when needed, including telehealth offerings during the COVID-19 pandemic.
Next, application performance monitoring through tools like Dynatrace have had a “transformational” impact on application uptime, McCune says, resulting in a 40 percent improvement in one year.
DISCOVER: Why the U.S. military is embracing telehealth for service members and veterans.
Finally, continuous integration/continuous delivery (CI/CD) capabilities such as those provided by GitHub promote standardization and consistency within the DevSecOps pipeline.
DevSecOps tools and practices helped the VA to respond quickly during the COVID-19 crisis, adapting to changes in how veterans were able to use their education benefits. The department now releases new code for its education benefits portal twice a month.
As recently as 2018, it took the VA nearly 17 months to release new software, but 80 percent of applications now see a new release at least once every 90 days, McCune says. Much like other agencies, the VA is seeing security improvements even as it accelerates development.
“We run automated testing on every iteration,” he says. “Now, when we go to production, we have confidence that our code is secure.”
“All of this helps us to improve life for our heroes,” McCune adds. “If we’re not doing that, we’re doing the wrong thing.”
