Move to DevOps takes some fearlessness

Imagine a world in which an agency can identify a process problem, such as an inefficient electronic application form, come up with some ideas on how to fix it in hours and have a constantly self-testing solution up and running in days.

That process would be far speedier than the federal government's traditional months- and years-long development cycle. Achieving that goal means not being overly concerned about traditional processes or even what the inspector general thinks, said Mark Schwartz, CIO at U.S. Citizenship and Immigration Services.

In remarks at the Federal DevOps Summit hosted by the Advanced Technology Academic Research Center on Aug. 18, Schwartz and other top agency IT executives said DevOps is melding into federal practice, though some agencies are further ahead than others.

Schwartz has been running a DevOps implementation for his agency's E-Verify service, which lets employers check that prospective employees are U.S. citizens. He said the system is being developed using the strategy described above, with new service capabilities identified and addressed within weeks.

Other agencies are at various stages of implementing the practices. Ann Dunkin, CIO at the Environmental Protection Agency, said she isn't as far along as Schwartz but is using resources such as Cloud.gov's platform as a service to "do the heavy lifting."

Cris Brown, master data management program manager at the Nuclear Regulatory Commission, said she "couldn't spell DevOps last summer" but has since reached out to the General Services Administration's 18F team for help with two projects.

Dunkin, Brown and Schwartz all said they had committed themselves to adopting DevOps because of its speed, security and cost-effectiveness compared to waterfall development methods.

Despite criticism to the contrary, Schwartz said DevOps results in more secure applications because the security has been built in from the start and tested along the way rather than waiting until the end of the process to do either.

An audience member said DevOps practices, which don't align with traditional waterfall methodology, can draw the attention of agencies' inspectors general and the Government Accountability Office.

"The IG and GAO want successful outcomes," Schwartz said, who acknowledged that things can go wrong if the processes haven't been worked out beforehand. However, successful results can educate IGs and GAO about DevOps practices, he added.

Schwartz said the approach also allows agencies to retain some competitive leverage with vendors because the frequent "sprints" give agencies the opportunity to switch contractors if one is not producing adequate results.

Dunkin and Brown said cultural resistance has been one of the biggest hurdles as their agencies begin adopting DevOps practices. Team members must be able to shift among the various tasks in a development sprint, from developing ideas to solving problems.

"Soft skills," such as the ability to work on a team, are essential, Dunkin said.