Tetrate’s Zack Butcher’s recent AMA with the United States Air Force Chief Software Officer, Nicolas Chaillan highlighted some significant achievements as a result of the Department of Defense’s move to Open source technology and DevSecOps. Platform One is a group of Air Force software developers that build and secure technology tools used across the DoD, as part of the Enterprise DevSecOps Initiative. Tetrate is a partner DoD is working with, on their journey to modernization.
The numbers:
- The US Department of Defense is the largest organization in the world by headcount and budget. In FY2019 the budget was around $686.1 billion.
- Software releases carried out by the DoD can now happen several times per day in comparison to the previous methodologies, which took between two to five years per release.
- The average time-savings in development cycles per program, and team, is between 12-18 months, without considering the increased speed in feedback loops. There are hundreds of programs in the DoD.
- In a single year, moving 37 programs to DevSecOps pushed the DoD forwards 100 engineering-years in development capability. There are now 60 enrolled programs, and the figure continues to compound.
- The average yearly cost saving is $12.5 million per program.
How?
DevSecOps: the principal initiative that enables continuous monitoring, baked-in security, and a service mesh to enforce a zero-trust security model. This approach, combined with their move to containers and the adoption of Open Source technologies, including Istio, propelled them to achieve such substantial changes to their development processes.
The DoD has succeeded in navigating the inherent complexities in their environment, including security requirements, air-gapped systems, legacy, and edge, as well as the legal requirement to remain vendor-neutral, by enabling organizational change with DevSecOps. The creation of Platform One has enabled the DoD to break down silos and severely segmented teams pushed into that reality by classified environments.
The initiative brought enterprise-level capabilities to the US government, by introducing DoD-wide standards, automatic continuous monitoring, and a centralized software repository that enables focus on mission-critical tasks as opposed to trying to reinvent the wheel.
The Outcome:
Programs within the DoD using Platform One have seen their development cycles become significantly faster, with updates and changes being pushed multiple times per day as opposed to taking as long as two to five years.
Istio, Kubernetes, and other open source technologies are in production use on nuclear submarines, space and weapon systems as well as fighter jets. Containerization has also positively impacted their cybersecurity. While containerization systems, in general, can increase attack surface area, containers within the DoD can be quickly spun up or killed at will, which significantly decreases the chance of someone successfully infiltrating the US government.
Moreover, the benefits of the DoD’s move to DevSecOps and Open Source stretch beyond the increased operational capacity of the US Government. Everything that they do is upstreamed back to the open-source community. Chaillan pointed to an abundance of occasions where open source and commercial projects that were scanned and assessed by the DoD had noted vulnerabilities that were subsequently fixed. A public benefit of the DevSecOps joint program is that all of these container sources are available, as well as scanned and vetted containers.
“Open source and DevSecOps have impacted how the Department of Defense operates on many levels,” said Chaillan. “They have allowed us to utilize cutting-edge technology and enabled us to modernize areas of the DoD that weren’t previously possible. It’s of great importance to us as an organization to continue to contribute back to the open source communities we’re benefiting from, and that by working with vendors – like Tetrate, who bring us incredible expertise in Istio – we can drive new, innovative ways to solve problems with Open Source technologies.”
The DoD’s investment in Istio proves the power of open source technologies, and what’s possible with service mesh. If the largest organization in the world, with the strictest security and compliance standards, trusts Istio to deliver, you should too.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Get a Demo