Cloud Native DevSecOps in the US Government
This talk addresses how DoD Enterprise Level Services like Cloud One and Platform One are enabling the Department to embrace cloud native development and DevSecOps.
We were privileged to host Nicolas Chaillan, Chief Software Officer for the US Air Force, as the opening keynote for our webinar summit.
This talk addresses how DoD Enterprise Level Services like Cloud One and Platform One are enabling the Department to embrace cloud native development and DevSecOps.
It’s truly quite a remarkable presentation, providing a stunning insight into just how much enterprise software development has transformed in recent years.
Nicolas provides a brief but comprehensive overview of the end-to-end Cloud Native development landscape for the DoD, based on foundations of Kubernetes and OCI containers providing reusable lego building blocks, DoD-wide DevSecOps Managed Services, Baked-in Zero Trust Security via their Sidecar Container Security Stack (SCSS) and standardizing metrics and acceptable thresholds for DoD-wide Continuous Authority to Operate (cATO).
The scale of this new technology landscape and its adoption implications is vast – This is the largest organization on the planet, impacting jets, bombers, tanks and even nuclear systems. Over 100,000 people will be trained this year, and they are working with partners like the Linux Foundation, the Cloud Native Computing Foundation and O’Reilly books to enable self-learning of the latest DevSecOps best practices.
The benefits this new approach has realized are equally staggering:
- 106x faster Lead Time from development to deployment.
- 208x more frequent code deployments.
- 7x lower change failure rate.
- 22% less time on unplanned work/rework.
- 50% less time remediating security issues.
- 2,604x faster Mean Time to Recover.
- Development costs reduced by 40%.
- 44% more time focused on new capabilities vs maintaining legacy code.
- Employees 2.2x more likely to recommend their organization.
From 6m:10s Nicolas provides a detailed review of their technology stack, an environment of over 300 tools that Kubernetes is central to, and enables the implementation of GitOps best practices ensuring there is no drift across the multitude of deployments they operate, a concept he explains in-depth from 16m:25s.
In conclusion Nicolas answers questions on the skills challenges such a massive advance in technologies presents, how they are addressing the absorption of legacy systems into this new world and the potential for this approach to become standardized across the entire US Government.
