Why is DevOps significant in the Defence industry?

DevOps in the Defence industry context

Despite its emergence between 2007 and 2008, the tech industry has still not reached an unanimous consensus of what defines DevOps. For example, Atlassian states it is “a set of practices that automates the processes between software development and IT teams, in order that they can build, test, and release software faster and more reliably”, whereas Amazon defines DevOps as “the combination of cultural philosophies, practices, and tools that increases an organisation’s ability to deliver applications and services at high velocity; evolving and improving products at a faster pace than organisations using traditional software development and infrastructure management processes”. These contradictions continue in the definitions of Google, NetApp, NAVWAR (Naval Information Warfare Systems Command) and Red Hat. 

However, in practice the implementation of DevOps is usually focused to construct dynamic and evolving socio-technical systems that conform to meet business needs; beneficial to profit or cost reduction. As the Navy is not revenue producing (in a more traditional ‘commercial’ aspect), this aim requires a shift of understanding and aims for their unique operations.

Therefore, within a Naval context, DevOps (once again) takes on a new meaning which converts the end users from customers to military personnel and prioritises speed of development and delivery to ensure their safety and efficacy. This form of development requires extensive feedback and clear communication throughout the DevOps implementation for success. To ensure this consistent communication, there needs to be a symbiotic web of constant improvement reliant on the tight integration of development, testing and operations.

A DevOps implementation requires a cultural shift in order to modernise traditional Naval systems and enhance delivery effectiveness of combat systems. This shift is intended to maximise the amount of value provided to the customer and personal responsibility each participation takes in the process. 

In the Navy, they need to leverage capability and lethality for all personnel, whether that be shoreside or sea-faring. In Naval DevOps, this value is gained via the key concepts of traditional DevOps: 

• Open communication and close collaboration
• Continuous experimentation 
• Continuous feedback
• Continuous flow
• Continuous integration

Aerospace Defence

Similarly to the Navy, in the Aerospace industry the demand for software quality is quite literally life or death. Therefore, these tools need to be developed and tested in secure environments with SC cleared and siloed teams; introducing higher risks and challenges. In order to securely deliver effective projects in the Defense industry within an appropriate time manner, DevOps provides secure environments for end-to-end testing to thoroughly investigate and predict errors. This creates conditions where developers can replicate and reproduce infrastructure similar to the end stage in order to develop effective solutions to reduce the risk.

Leverage non-invasive automation 

Whilst more and more industries are adopting zero trust policies, within the Defence industry this has always been an appropriate approach. However, as the need for security clearance is high but the process of obtaining said clearance is lengthy, non-invasive automation provides an effective solution for testing without compromising any security requirements. Through this non-invasive automation and technology (such as 2FA via smart cards or Common Access Cards - aka CACs), this is the best stage to conduct exploratory testing. This phase is intended to deviate from the predetermined paths to ensure heightened discovery to rectify bugs and implement updates earlier before more code is created.

‍Overall challenges of DevOps in the Defence industry

One of the more difficult challenges is communication around contracts in the Defence industry as there are strict limitations on regulations in this sector which do not align with continuous approaches and long durations of any DevOps programs. This incongruence leads to a conflict as it becomes increasingly hard to establish an effective and realistic timeline with shared goals even within the short term, as Jack Leon (CEO of Agile Heuristics, an agile methodology training and workshop provider) explores with daily sprints. 

One way to combat this incompatibility is a well established statement of work. WeShape formulates a statement of work to include:

- Overview of requirement

- Agreed outcomes

- Milestones

- Service level & commercials

- Business/ technical assumptions

- Reporting metrics 

This ensures that organisations reduce their project timeline and expenses by emphasising accountability of project delivery and shared understanding of end goals from the beginning and throughout the project lifecycle.

Another challenge is finding talent with the appropriate security clearances (SC clearance). Due to the increasing adoption of microservices architectures, DevOps engineers are expected to continually be in high demand. This in combination with the fact that 84% of industry experts find the biggest barrier to entry is a skills shortage in the DevOps workforce, partnering this with the requirement of SC clearance means the Defence industry will continue to struggle with meeting their DevOps needs. WeShape combats this shortage by leveraging our wide network of associates that are within the top 5% of the technology market. We remain updated on market trends and talent through our multiple events we organise such as:

• London DevOps - A community of over 9000 DevOps professionals and London’s largest meet-up event of its kind, with expert key-note speakers and being held at venues such as Meta, Microsoft, AWS and KPMG.
• London Tech Leaders - an exclusive networking event and panel session with senior technology leaders from companies such as UK House of Lords, Royal Free London NHS Foundation Trust and Microsoft.
• OOPS - Outage Ops and Incident Response group events where incident managers, SRE’s and developers discuss incident responses and how to combat these. Panellists include companies such as Virgin Atlantic, Darktrace and Citadel Securities.
• Tech Talks - an open forum event focusing on senior experts providing live demos of new technologies, skills and techniques.

As security is continuous, it is particularly important in the Defence industry that suppliers practise the highest security standards. As of 2022, WeShape became ISO 270001 certified to ensure that we are holding ourselves accountable to securely handle our stakeholders data with care.  

‍

To find out more, book a quick chat with WeShape’s DevOps Defence expert, Pat Bate here.