DEVSECOPS @ NASA CASE STUDY

DevSecOps Implementation at NASA

Gartner defines DevSecOps as “the integration of security into emerging agile IT and DevOps development as seamlessly and as transparently as possible. Ideally, this is done without reducing the agility or speed of developers or requiring them to leave their development toolchain environment”.

TekFive takes this definition to new heights by adding years of proven federal IT enterprise domain at NASA to enhance DevSecOps with a visual pipeline that allows strategic dashboard optics empowered with Human In The Loop (HIL) participation.  The TekFive approach supports both Human In the Loop (HIL) user judgement reviews for key stakeholders and fully automated build/deployment pipelines.  Our solution enables an operational shift-left of security testing in the early phases of the development cycle with increased security compliance, decreased development times and associated rework.

In other words, we enable our government partners/customers to automate the SDLC to the extent that is governance tolerable, leading in many instances, to a Continuous Authority to Operate (cATO) environment.  TekFive utilizes an automated DevSecOps build/test/validate/comply/deploy/continuous scanning approach on pre-vetted platforms, introducing increased automated ATO process leading to fully acceptable cATO where the ATO is organically part of the DevSecOps pipeline and fully integrated with Information Assurance (IA) and CyberSec compliance requirements.

Our Results

At NASA, for our Agency Applications Office (AAO) customer, TekFive implemented a hybrid cloud Container platform and DevSecOps Continuous Integration/Continuous Delivery (CI/CD) visual pipeline, hosting over 900 containerized applications.

What does all of this mean to the customer, it means “automating the hard stuff” with the potential to reduce and redirect costs associated with historical/legacy SDLC projects.  We have documented our DevSecOps federal agency added value impact below.  This added value can and should be a part of your federal IT enterprise.

  • The TekFive DevSecOps approach reduced NASA Agency SDLC from 3 months to 2 weeks with Annual savings $2M in labor/infrastructure

  • Key Metrics

    • 80% reduction in the development lifecycle

    • 50% reduction in operations costs

    • 30% reduction in infrastructure costs

    • 2K% increase in supported applications with no increase in staffing

    • 16K% increase in application traffic

    • 90% of security vulnerabilities caught during the build process (shift left)