The Homeland Security Department's CIS is using a continuous delivery model where it automates reviews of software code to ensure security and quality. DHS is u...
wfedstaff | April 17, 2015 5:58 pm
The Citizenship and Immigration Services is trying to reduce the time it takes to go from concept to implementation for software.
Traditionally, the government takes years to develop requirements, go through the acquisition process and eventually implement a new system or application.
Mark Schwartz, the chief information officer at CIS, not only wants to change that arduous process, but already has begun instituting industry best practices to cut the time it takes to design and put mission-critical software into action.
“It’s something called continuous delivery and a sort of a partner approach to that called dev-ops. This is something that has been spreading very quickly in the private sector since 2009,” Schwarz said Tuesday after a panel discussion at the Federal Cloud Computing Summit conference in Washington sponsored by MobileGov. “Flickr, the photo sharing site, gave a presentation at a conference where they described the way they were deploying software. They said they were doing 10 deploys a day of their systems, and that sort of shocked everyone, and it turned into a whole new branch of this process called continuous delivery. The idea is that we create a complete, automated pipeline from development to production.”
Schwartz said the goal is to simplify the process for application developers by letting them run their software code through a series of checks called the automated build process that run tests to cover everything from security to accessibility to anything else.
“If we have a successful build, then we can use scripts to deploy the build to production or staging environments. So end-to-end, there is automation, and what we do with that is the dev-ops aspect of it … we combine the functions of operations and development. We have cross-functional teams that can do both. There isn’t the ‘toss it over the wall when you are done developing’ mentality. We have operations involved from the beginning and we have monitoring of what’s going on in production that can then feed back to the developers to make changes to their code that they can deploy through the automated pipeline.”
Best practice across DHS
This continuous delivery model quickly is becoming the standard for DHS. The department developed a similar approach for mobile apps, called the Carwash.
Peter Chin, chief of product and provisioning at DHS, said at the conference the Carwash concept moved into full production in November and is available for all agencies to use.
“It’s a mobile center of excellence, and we’d like to make it available to a wider audience in government,” he said. “It’s innovative, customer-centric and it supports a lot of federal mandates. It also reduces the development cycle time.”
CIS started implementing its software development process about six months ago. Schwartz said the automated pipeline process is operating in the DHS private cloud as part of the development/test-as-a-service.
He said the next step is to complete the path to production from test and development.
“We’ve been very successful with the pipeline up through the testing environments,” Schwartz said. “What we find is it brings a lot of discipline to our process. It brings a lot of speed. It forces us to think a lot about testing and make sure we have good coverage on testing, and it’s letting us address security issues, especially very early in the process.”
Citizenship and Immigration Services already has applied this expedited software development process to modernize its case processing systems through the $244.5 million USCIS Transformation Program, and to build new internal functions for the employees.
In fact, CIS modified the Transformation Program in May 2012 to use agile development methodology instead of the waterfall approach. Former DHS CIO Richard Spires told a House Homeland Security Committee in March that USCIS has about a dozen teams of 10 developers and testers working on the program.
The Transformation Program struggled to provide functionalities in a timely manner during its first release. After a TechStat session, Spires said he decided to, among other things, change the software development approach.
Taking advantage of open source
Schwartz said the automated process is well defined by industry, including a community of practice in industry, and a book on this topic by Jez Humble and David Farley called “Continuous Delivery”.
“We are using common open source tools to manage the pipeline, and anybody who has familiarity with how this sort of continuous integration, continuous delivery is done would be pretty familiar with the approach we are taking,” he said. “The difficulty is getting people to think in a way that is required to do it. That takes a little bit of shaking people up and training them. We do a lot of coaching in our organization. The mindset is very different. The mindset is all about taking small batches of requirements and pushing them through to production, and being very focused on responsiveness and quick turnaround.”
The move to this continuous delivery process cost CIS very little because they are using open source tools.
Schwartz said with the cloud CIS can provision virtual machines as needed, so they are only spending as much as they need to.
The Carwash approach also uses open source software in the cloud.
Chin said the idea behind the Carwash is to run software code through the process to analyze how it meets the requirements for cybersecurity, quality assurance and Section 508 accessibility.
“It’s nice to identify problems early on and fix them,” Chin said. “We want to avoid having a list of issues at the end of the development cycle when we have no time or resources to deal with it. The Carwash helps us identify them on day one and fix them immediately.”
Schwartz said the continuous delivery and Carwash approaches are similar in many regards.
He said automating testing frees up the developers to create new functionality without having to worry too much about breaking the system.
“This is a continuous improvement approach so what we want to do is have a complete end-to-end baseline process that we know can get our work from beginnings of requirement to all the way through deployed capability and production. Once we have that complete pipeline set up and it’s reliable for us, then the next step is to continuously improve it. We take a lean manufacturing approach. We map out the process, look for potential sources of waste and we find ways to streamline those processes.”
RELATED STORIES:
Federal mobile apps lack standard security processes
New mobile tools give agencies giant innovation permission slip
Agencies face clunky switch to agile IT development
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Jason Miller is executive editor of Federal News Network and directs news coverage on the people, policy and programs of the federal government.
Follow @jmillerWFED