DoD + DevSecOps: A path toward speed and agility
As the US Department of Defense’s (DoD’s) Software Modernization Strategy is put into place, agility, cloud adoption, and the software-factory methodology are top of mind. But according to a new study from the Hudson Institute, the DoD’s current approach to software and software updates isn’t fast enough to keep pace with modern warfare. The authors write: “The DoD needs to act in a way that recognizes software, not legacy warfighting platforms, controls the speed and efficacy of the modern kill chain and military dilemma.”
While the study’s authors recognize that acquisitions reform is a necessary component to modern software strategy, a dynamic DevSecOps-style approach to leveraging data is also a key element to increasing agility and speed. Many DoD agencies are already pioneering their own “software factories,” which advances this idea and enables quick software updates but also leads to potential conflicting methodologies in how those systems find and use their mission critical data.
The software-factory methodology focuses on DevSecOps processes, policies, and structure to facilitate agility. It includes standardized processes for rapid prototyping, orchestration, deployment, and feedback. This focus on constant monitoring, testing, and development forms the basis for a continuous authority to operate (ATO), putting the emphasis on security and stability of the process versus the software itself. A continuous ATO reduces time waiting for traditional approval and therefore increases responsiveness and resilience.
[Related article: What’s the future of DevSecOps?]
Monitoring and measuring the DevSecOps continuum
The success of a DevSecOps approach relies on the ability to see across your entire environment — and take immediate action when necessary. Observability solutions offer the DoD end-to-end monitoring capabilities across all environments — including disconnected, denied, intermittent and/or with limited bandwidth (DDIL) — plus the ability to report on deployment and container orchestration, thereby reducing the mean time to detection and resolution for any use case.
Per the DoD’s Software Modernization Strategy, “DoD must establish requirements for a reasonable number of approved enterprise providers to efficiently scale software factories, minimize unnecessary platform duplication, and advance DevSecOps.”
Elastic Observability can be directly integrated into multiple phases of the DevSecOps continuum to capture and analyze logs and metrics to monitor a software factory’s CI/CD pipeline availability and key performance indicators. Many of those same data streams that are used to monitor the operational systems and performance can also help identify and protect against cybersecurity threats.
The Elastic platform is also intrinsically suited to reduce unnecessary technology and point products. When data is unified and accessible within the Elastic platform, you can use it for many purposes — from logging to monitoring to security. The entire platform is sold as a single SKU and priced via a transparent resource-based consumption model.
Integrating the power of AIOps as a strategic advantage
Beyond monitoring and measuring, an advanced observability solution should offer machine learning (ML) and AI capabilities that provide an integrated view into your environment and data, to detect anomalies, and offer immediate, data-based insights and actionable solutions to detected issues. Artificial intelligence for IT operations (AIOps) capabilities can be a strategic advantage, especially when applied holistically to your data.
Globally, the AI market for the military is predicted to reach US$14.39 billion by 2030, for a compound annual growth rate (CAGR) of 11.99%. As global militaries increase AI spend, it’s essential to incorporate this technology into existing processes so as to not fall behind.
The authors of the Hudson Institute study write: “The DoD needs to formally recognize the digital triad of software, data, and AI/ML as equal peers. The triad symbolizes the principled belief that AI/ML model research cannot occur without troves of relevant digital data, and the only way to create digital data is through software. Completing the feedback loop that validates AI/ML models in an operational environment is possible only if the DoD deploys the model — via software.”
Machine learning is often difficult to implement at scale — primarily because of a lack of a unified user interface that can operate on and operationalize the data at every stage of the ML model building, testing, and application stages. Unlike our competitors, Elastic offers built-in machine learning that anyone can leverage regardless of technical skill, in effect democratizing machine learning.
Elastic’s free, open, and iterative approach
Elastic Observability enables DoD DevSecOps teams to quickly develop, iterate, and release software. (In fact, Elastic Observability was recently named a “Strong Performer” in the Forrester Wave: Artificial Intelligence for IT Operations (AIOps). And we don’t just enable your teams — we also walk the walk. We release updates to our own software on a regular basis (about every five to ten weeks, including updates to ML jobs and detection rules). Our free and open foundation enables users to iterate, collaborate, and build on our software.
Data can also be searched, analyzed, and presented without the restrictions of proprietary solutions, freeing data to flow wherever and as needed. This ensures all allied forces, in a low-side, high-side or Delayed/Disconnected, Intermittently-Connected, Low-Bandwidth (D/DIL) environment, can easily access both their own data and interconnected resources to extract relevant information.
Additionally, this free and open approach means that you can build solutions without an initial cost investment, giving you the agility to build what you need, when you need it. Build in the lab/software factory with OpenSource, then pivot to supported product with subscription features needed for your production mission-critical systems.