Software Engineering Best Practices from Agile, DevSecOps, and Human Centric Design
By Mark Wells, VP of DevSecOps Center of Excellence and Software Solutions
In Part I of this series, we said methodologies used today in the information technology marketplace are based on people, processes, and technology. But within that model live best practices that ensure the methodology delivers the business value expected by stakeholders. We pointed to Agile as a prime example of a successful methodology and discussed best practices involving people. Now let’s discuss Agile best practices that involve process as keys to unlocking maximum business value for customers.
Process best practices that deliver value
While there are multiple processes and technologies used during development, these (when applied) tend to deliver the best value:
- Design Thinking and Experimentation
- Minimum Viable Product (MVP) Development
- DevSecOps
Design Thinking – The five stages of Design Thinking (Empathize, Define, Ideate, Prototype, and Test) create an experimentation process that allows development teams to determine how best to approach design for an architectural component, a technology framework, a system function, or data-driven business logic routine that delivers stakeholders’ expected outcome. Design Thinking gives teams the means to define features that relate to the actions, intent, and purpose of the users so that the maximum value and acceptance of the finished product is accomplished in the minimal amount of time. Collectively, Design Thinking allows the team to develop ideas, while experimentation tells them if they were wrong or right about the idea. The result is a well defined, testable software architecture and user-centric approach that ties features to the behaviors of users. Design Thinking, with experimentation, provides requirements traceability from the features to the stories to the functional and unit tests, demonstrating why work was performed and the business value delivered.
Minimum Viable Product Development – Minimum Viable Product (MVP) Development is the technical solution that answers the question, “What is the collection of developed features that represents a minimum releasable product that would attract the attention and interest of a customer or solve the customer’s problem?” MVP Development establishes an understandable baseline for the team and provides them with an agreed upon level of accomplishment to pursue. When paired with highly skilled full-stack developers who understand the nuances and best techniques for code delivery, the MVP steers the optimized prioritization and grooming of backlogged epics and user stories to meet end goals. It increases efficiency and levels of customer satisfaction, critical to driving business value.
DevSecOps – Of all the best process practices for any Agile oriented team, DevSecOps is the most notable. Short for Development, Security, and Operations, DevSecOps uses configured tools to create a fully integrated Continuous Integration/Continuous Delivery/Deployment (CI/CD) pipeline that drives software development through to production. Most importantly, the pipeline includes the automated tools necessary to ensure the code developed meets all security and policy mandates (NIST 800-53, 171, and 190 for example) to meet Authorization To Operation (ATO) assessments. DevSecOps pipelines also drive quality code by employing process gates throughout the pipeline to catch issues and problems before they make it into production. And because the process is automated, it is more efficient and increases business value.
Supporting best practices
Like any other practice or process, best practices and their components require support. For example, with DevSecOps, interruptions caused by overhead costs or other organizational factors diminish the value deliverable through the automated CI/CD processes. This creates constraints and conflicts in the efficiencies of DevSecOps delivery. However, it can be done, as demonstrated by federal agencies such as the United States Citizens and Immigration Service (USCIS) at DHS who have been thought leaders in this area and have worked to educate many other federal agencies on how best to implement DevSecOps. Additionally DevSecOps, when operated within a containerized infrastructure using products like Docker and Kubernetes, requires personnel with extensive knowledge and experience of the tools that make up common container based architecture. This makes acceptance of DevSecOps processes and practices difficult for some federal agencies that are constrained by the lack of human resources that have these unique talents.
To overcome these and other challenges, many companies are building products and technologies that support different aspects of the DevSecOps processes and practices, including Octo which is building a new Digital Software Supply Chain Platform called ShiftUp™. Tools like ShiftUp accelerate the automation of best practice processes to deliver value to the customer quicker and more cost effectively. Through ShiftUp we remove the constraints of organizational overhead and lack of resource talent while standardizing the entire DevSecOps software engineering process across the federal enterprise. But that discussion is for the next article on technology, coming soon.
Octo is proud of its people, processes, and technology and the way all three work in harmony to bring high value to Federal Government customers – the kind of value that allows agencies and organizations to meet missions on time and on budget. Get your teams delivering business value immediately, no matter what phase of the development life cycle they are in. Reach out to a member of Team Octo.