Commonwealth of PA shares DevSecOps Best Practices with NAVSUP

Photo By Lee Mundy | NAVSUP NSS-Supply Logo read more read more

Photo By Lee Mundy | NAVSUP NSS-Supply Logo  see less | View Image Page

PA, UNITED STATES

08.03.2022

Story by Debbie Dortch 

Naval Supply Systems Command

✔ ✗ Subscribe

8

What began as an out-of-office conversation between two friends culminated in a knowledge transfer session delivered by the Pennsylvania Office of Administration, Infrastructure and Economic Development Infrastructure and Economic Development Delivery Center to about 20 Naval Supply Systems Command (NAVSUP) IT experts Aug. 3.

“The IT community has always been a very collaborative culture,” said NAVSUP Enterprise Architect Karl Larson. “Technology evolves at an incredible pace so it’s important to stay in tune with the capabilities of your peers, ask questions and understand the trending industry best practices. In this case, learning about development, security, and operations, also known as DevSecOps, from our neighbors at the Pennsylvania Office of Administration, Infrastructure and Economic Development.”

Department of the Navy’s Cloud Implementation Plan directs NAVSUP to use cloud-based services and resources, and implement DevSecOps best practices “leveraging continuous integration/continuous delivery (CI/CD) capabilities to support and enable agile development practices and speed to fleet.” The plan also directs all systems/applications be migrated to the cloud no later than Oct. 1, 2027.

Leveraging Infrastructure as Code (IaC) and establishing CI/CD pipelines will enable complete automation of release, delivery, and deployment of applications to the cloud, shortening the delivery lifecycle, reducing risk, and allowing teams to deliver higher quality code faster. With these goals in mind, NAVSUP IT experts’ learning mindset is propelling them to look for innovative ideas from a variety of sources, including those outside of the Department of Defense.

The Pennsylvania Office of Administration, Infrastructure and Economic Development (PAOAIE) team explained the workings of some of their CI/CD pipelines, offering a different perspective for NAVSUP IT professionals.

IT experts with PAOAIE explained that while updating applications in 2017, it became apparent that constant fixes to applications were boosting costs and compromising security, specifically in cases where coding at the time of development was flawed. They went on to explain their process to identify root causes and fix bugs and defects to avoid further costly, down-the-road fixes. The PAOAIE team also identified how to work in an ‘in-process” cloud environment and explained that despite the magnitude and variety of the programs they manage, cloud migration is manageable when deliberate, insightful processes and key testing methodologies are put in place.

Embracing industry best practices and tailoring them for specific Navy needs and fleet operations helps unify numerous independent supply chain functions across the Navy by influencing demand and increasing predictability. These efforts align with Naval Sustainment System-Supply (NSS-Supply), a combination of commercial best practices, process improvements, governance and oversight to maximize efficiencies and effectiveness within available means to improve readiness and affordability.

“Our agility in solution development allows us to be more responsive and agile to our end-to-end supply chain mission requirements under NSS-Supply. Effective, continuous CI/CD platforms enable every IT team to collaboratively plan, build, secure, and deploy application to drive business outcomes faster with complete transparency, consistency and traceability,” Larson said.

Larson went on to say, “Knowledge transfer sessions like this help us to employ DevSecOps best practices, which are key components of the NAVSUP IT ecosystem. This session was an excellent opportunity to learn from another organization who has overcome similar obstacles by implementing CI/CD pipelines into their application release process.”
NAVSUP Chief Information Officer Brian Laird added, “Adopting a DevSecOps culture is a key component of our NAVSUP IT Campaign Plan and it all starts with our people. Continuous learning, and embracing a team of teams approach across departments to deliver IT capabilities faster and more efficiently, while strengthening security, compliance, auditability, and improving mission partner satisfaction. This is how we are making strides to Get Real and Get Better, empower our people, and deliver the best products we can.”

Chief of Naval Operations Adm. Michael Gilday issued a call in January 2022 for all Navy leaders to apply Get Real, Get Better principles and best practices to accelerate our competitive edge by applying a set of Navy-proven leadership and problem solving best practices that empower our people to achieve exceptional performance.

NAVSUP is headquartered in Mechanicsburg, Pennsylvania, and employs a diverse, worldwide workforce of more than 25,000 military and civilian personnel. NAVSUP and the Navy Supply Corps conduct and enable supply chain, acquisition, operational logistics and Sailor & family care activities with our mission partners to generate readiness and sustain naval forces worldwide to prevent and decisively win wars. Learn more at www.navsup.navy.mil, www.facebook.com/navsup and https://twitter.com/navsupsyscom.