DevSecOps Across an Enterprise in a Multicloud Environment

Implementing SecDevOps across a DHS enterprise customer to enable rapid deployment of 100+ mission-critical applications in a cloud-agnostic environment spanning all three major cloud platforms.

Customer

ITC Federal customer that delivers IT operations and solutions to meet daily mission objectives.

Challenge

Our customer maintains over 100 mission-critical enterprise applications within a secure and stable IT infrastructure to drive mission objectives. These applications require 24x7x365 availability with a large nationwide user base. At the same time, they require continual upgrades and enhancements requiring development, staging, and meeting production needs.

Solution

To meet the challenge, ITC Federal implemented and maintained an enterprise SecDevOps solution to significantly improve the speed of application enhancements while improving the quality of releases and integrating security into every phase of our customers’ software development process. By establishing an enterprise-level SecDevOps capability, our team has built 90 CI/CD pipelines with end-to-end automation and workflow to support continuous upgrades and enhancements to their mission-critical applications. ITC uses cloud-agnostic architecture solutions to ensure that these mission-critical applications are running seamlessly in an environment with thousands of users reliant on these applications to support mission operational success. Finally, agile approaches provide oversight and management of the projects successfully.

ITC Federal is leading the effort to modernize and deliver the cloud-native infrastructure, networks, mobility solutions, projects, and SecDevOps pipelines that enable swift delivery of new capability in the office and the field for this federal customer. ITC provides optimized and secure cloud services, networking, and solutions using cloud native technologies AWS, Azure, and Google Clouds to support development, testing, and production environments to support the CI/CD pipelines, Office365, and Chatbots. ITC continues to advance the customer’s Infrastructure as Code (IaC) to support automation and maintain the infrastructure using containerization. We are increasing their speed and enhancing their security for deploying environments and delivering new functions and capabilities daily.

ITC is maximizing the use of cloud-agnostic tools for SecDevOps pipelines and IaC while utilizing the most beneficial cloud services to maintain contract flexibility. To ensure the success of the migration, our team has written nearly a thousand playbooks to support the migration of SecDevOps pipelines to the new platform, including enhancing automated security scanning.

Results

Our team’s expertise, deep knowledge of the environment and processes, and exceptional IT and management skills help resolve critical issues. The customer saw immediate results in reducing operational costs and significant time savings through faster updates and releases with minimal downtime. The solution also enables vital collaboration across all technical stakeholders and provides greater functionality of applications to end users.