Making the case for database DevOps
- By Hank Prokop
- Jul 20, 2020
Modern DevOps practices have swept through industries as technology teams drive digital transformation and create value for their organizations faster. Redgate’s annual 2020 State of Database DevOps Report showed that 79% of respondents in U.S. financial services had adopted DevOps in some form, along with 75% of IT and tech-sector respondents and 72% of media and retail respondents. Unfortunately, that number falls to only 59% in the government sector, with a full 20% saying they had no plans to adopt DevOps in the future.
What’s sometimes overlooked is the critical role that DevOps can plan in databases. When its principles of continuous updates and faster releases are applied to database management in what’s called database DevOps – it can help government be more agile. It can also act as a second line of defense against cyberattacks, reducing errors earlier in the development pipeline and ensuring that access is restricted to only a few. And because DevOps is focused on collaboration, the process introduces an additional set of checks and balances for everyone.
There’s no lack of awareness or intent to adopt DevOps – the Defense Department has recommended applying DevOps since 2018. Indeed, the benefits of more agile software development were highlighted in a Government Accountability Office report way back in 2012.
And in an industry concerned with breaches -- nearly a third of which were caused by miscellaneous errors (18%) or privilege misuse (12%), according to a 2019 study -- having more control of procedures ensures that agencies can better handle attack prevention and risk management.
So, why aren’t more federal agencies adopting database DevOps?
The challenges facing federal agencies
There are several factors slowing down DevOps adoption: accepting the cultural changes needed for DevOps to be successful, fears about cybersecurity threats and data privacy concerns.
DevOps adoption relies on a cultural shift, giving teams the space to innovate, experiment and work across programs, IT teams and offices. This can be difficult for any organization, but the siloed government culture means DevOps isn’t an easy fit.
Yet to deliver better, more responsive services, government IT teams need automated and Agile processes, and DevOps is critical to achieving this -- especially considering a properly managed, secure database DevOps practice can provide additional defense against cyberattacks.
The opportunities for federal agencies
The presidential election isn’t far away, and cybersecurity and data protection issues must be resolved to ensure a secure voting process. Effective data encryption can ensure that data privacy isn’t compromised when a breach happens, but agencies should also introduce database DevOps. Automated deployments that are consistent, scalable and repeatable can stop database development from being a bottleneck in software delivery. Implementing a DevOps process for the database also helps ensure development teams are working from a single version of truth with an audit trail of database changes, so there’s never anything left to question. It empowers IT teams to work with data responsibly and creatively as they develop, update and deploy software.
Database DevOps working in conjunction with encryption would mitigate human-related data errors earlier in the process, track how new updates affect data and databases and ensure access to data is restricted to only a few. This is achieved by only granting access to sensitive data to those with the correct permissions and by masking the data in copies of databases used for development and testing.
Next steps for government
Admittedly, database DevOps won’t be adopted overnight, but there are real arguments for its strength. Remember that as far back as the GAO’s 2012 report on applying Agile practices, there was a willingness to adopt advanced software development methods in federal agencies. Even in agencies that may not yet have a collaborative culture across all operations, it can be created within the IT team.
To achieve this, leaders must build trust with their people, empower them with autonomy and rely on strong communication to ensure that everyone understands their role and overall objectives. This way, siloes can be removed and collaboration encouraged. And once DevOps is introduced, it will become the new norm and take its place in the government playbook.
Even as the nation focuses on the current coronavirus crisis, a major cyberattack could occur at any time, whether through external malware or human error. To counter that risk, government must deploy practices like database DevOps in conjunction with encryption so that even when a breach occurs, data privacy and database operations are never compromised.
Hank Prokop is federal team manager at Redgate Software.