Insight by Booz Allen

Software factory approach can help quickly deliver cyber capabilities at scale

This content is sponsored by Booz Allen.

Cybersecurity threats are evolving as rapidly as the environments they threaten, from the rise of ransomware to supply chain attacks like SolarWinds. To protect themselves, federal agencies need a continuous delivery model to develop and field cybersecurity capabilities. That requires a framework built around modern software factory approaches.

One of the biggest challenges is enterprise visibility. The increased threat surface driven by massive adoption of cloud services and remote delivery due to the pandemic means more endpoints, which means more endpoint data. Traditional security operations centers are overwhelmed by the amount of data generated by the adoption of cloud services. But if cloud is causing the challenge, it also provides the solution.

“Organizations are rapidly adopting cloud services to develop advanced cyber analytics to process through large amount of sensor data. Cloud provides on-demand access to high-performance compute and data storage resources to enable organizations to scale their artificial intelligence/machine learning initiatives. There are cloud native capabilities that provide you with the ability to develop advanced cyber analytics by establishing an easy-to-use continuous integration and continuous delivery (CI/CD) service that then can be applied to this large volume of data while being cost efficient. Cloud provides that scalable infrastructure and easy to establish analytics pipeline that can accelerate threat detection” said Imran Umar, director at Booz Allen.

DevSecOps, an emerging model for integrating security and operation requirements within the development lifecycle, is well suited to leveraging and taking full advantage of cloud. Designing solutions to cyber operations against the security requirements within scalable infrastructure, rather than re-working solutions to address deficiencies, enables faster delivery and more robust compliance.

While DevSecOps is the right model, there are too many disparate teams and stakeholders working on delivering these capabilities. What agencies need is a mechanism to bring them together. The Scaled Agile Framework (SAFe®) allows them to deliver more rapidly and scale the size, quantity and speed of what they’re delivering. But having distributed teams and stakeholders with different schedules and budgets presents limits on that scale in the form of staffing and resources agencies can leverage.

It’s all about shifting from a project to a product focus.

“A software factory approach deals with that when we scale our operations in a SAFe, agile, compliant manner, so that we’re creating cross functional teams that can deliver the features from start to finish. Then bring and manage the work to them, rather than spinning up a team every time we get a new requirement or a new feature that needs to be implemented,” said Chris Harney, chief technologist at Booz Allen. “The factory model allows us to approach our staffing, our team in the same way we do our requirements. We’re continually evolving the work that we’re doing, completing it, and moving on to the next set, but the staffing and the resources stay in place. I think it’s the evolution of a development organization based on SAFe principles. The CI/CD piece of it, if you want to deliver it that way, why aren’t you also resourcing it that way?”

That kind of approach is what’s needed now for cybersecurity.

“The same agile and CI/CD principles we use for traditional software development and integration can be applied to deliver advanced analytics” Umar said. “You need advanced analytics for faster threat detection, and you can apply agile methodology to accelerate development and deployment of these analytics.”

And that’s where SAFe comes in. It provides the framework that agencies need to build that federated architecture that provides enterprise visibility, and allows them to develop a smart data strategy that integrates the cloud native analytics tools they need to detect threats and take action. It’s what allows them to deliver advanced cybersecurity capabilities for visibility.

Because SAFe isn’t just a framework for the delivery of software, it’s a framework for scaling agile delivery principles throughout an organization. That includes management of teams and portfolios, coordination of risks and dependencies, and prioritization of a human-centered design approach.

“While implementing SAFe to an organization certainly provides some initial benefits to delivery, speed, and adaptability, really leaning into SAFe enables much more robust and mature human-centered design and DevSecOps capabilities. They really do integrate well and go hand in hand,” Harney said. “And I might argue that you can’t really do good DevSecOps without at least some SAFe and human-centered design, and vice versa. Our experience working on very large and complex programs, and implementing SAFe for agencies across the federal government laid the foundations for implementing DevSecOps. We couldn’t do one without the other.”

As your organization looks at delivering cyber capabilities at the speed and scale necessary to stay ahead of the evolving threats, consider adopting Scaled Agile and DevSecOps workflows to improve collaboration across teams, break down silos and lead to consistent and accelerated delivery to production.