GSA/christopher

View on GitHub
_guides/understanding_differences_agile_devsecops.md

Summary

Maintainability
Test Coverage
---
title: Understanding the Differences Between Agile & DevSecOps - from a Business Perspective
category: DevSecOps
audiences:
  - Developers
  - Designers
  - Project Managers
---

In GSA IT, we examine how Agile and DevSecOps address different aspects of the delivery process. In terms of software development, **Agile** improves the process of delivery; encouraging changes in the functions and practices of the Business and Development teams to better produce the project / product envisioned by the end-user, or customer. **DevSecOps** improves the lead time and frequency of delivery outcomes through enhanced engineering practices; promoting a more cohesive collaboration between Development, Security, and Operations teams as they work towards continuous integration and delivery. 

### Understanding the Differences
Both Agile and DevSecOps can be implemented to promote change and collaboration within their respective domains, resulting in a cultural shift in the practices of the individuals implementing them. In an ideal environment, an organization would employ *both* Agile and DevSecOps practices, however, it is important to note that DevSecOps can be implemented in ***any*** environment - Agile or otherwise.

Remember, [Agile is a mindset]({{ site.baseurl }}/guides/popular_approaches/); its encompassed values promote a cultural shift in the organization and its departmental functions, project management practices, and product development. Likewise, [DevOps]({{ site.baseurl }}/guides/what_is_devops/) also requires a cultural shift.

<img src="{{ site.baseurl }}/assets/img/guides/DevSecOps.png"
  alt="DevSecOps Con"
  class="guide-image guide-image-half"> 

It focuses primarily on the frequency of delivery, pushing past departmental lines and calling for collaboration between Development and Operations for more effective planning, design, and release of projects / products. Further, by incorporating [Security]http://www.devsecops.org/ into the coding process (i.e. DevSecOps), loopholes and weaknesses are exposed early on so that remediation actions can be implemented.

<img src="{{ site.baseurl }}/assets/img/guides/DevOps_Continuous.png"
  alt="DevOps Continuous Workflow"
  class="guide-image guide-image-half"> 

As with Agile frameworks, DevSecOps incorporates lean, synergistic practices, like [Continuous Integration]({{ site.baseurl }}/guides/glossary/#continuous-integration) and [Continuous Delivery]({{ site.baseurl }}/guides/glossary/#continuous-delivery), that encourage and support frequent code check-in, version control, sensible test automation, continuous low-risk releases and feedback, often through a number of electronic tools. Within a DevSecOps environment, the Business can benefit from such practices by saving dollars and resources through improved operations, reduced re-work, increased quality through automated testing and monitoring, and projects / products delivered early and often with less cycle time to the customer or end-user.

### Supporting a DevSecOps Culture
Regardless of their differing focal points in the cycle of delivery, both Agile and DevSecOps share similar goals of eliminating silos, promoting collaboration and teamwork, and providing better, faster delivery. Though DevSecOps is driven by the “engineering” functions of Development, Security, and Operations, Business support can enhance the DevSecOps process.

Business support begins with understanding how work flows throughout the organizational level. As [Jamie Miller](http://valueflowit.com.au/it-operations-only-does-4-things/#more-662) states, there are **four types of work** - *“business projects, internal projects, operational changes, and unplanned work.”* As an organization builds their understanding of their work, they can better manage coordination and uncover the restraints that impact their efforts. 

At the Team level, that coordination ensures Operations and Security team members are engaged with Development from the *very beginning* of an effort; an engagement championed by the Business role leading the project / product. The organizational knowledge of potential restraints or impacts to an effort strengthens the team’s ability to:
* Improve delivery of projects
* Better manage outages & compliance, and
* Limit work-in-progress (WIP) 

Moreover, by incorporating Agile practices, the Business can better ensure prioritized work is fed into DevSecOps continuous release cycles. They can better plan for and reflect Development team member’s engagement in coordinated efforts on the team’s working boards, further ensuring visibility and transparency of the entire delivery cycle.

### Good Reads 
These are good references for understanding Agile & DevSecOps:
* [10 Deep DevOps Thoughts From Chef’s Jez Humble](https://blog.newrelic.com/2015/04/28/devops-jez-humble/)
* [Agile Vs. DevOps: 10 Ways They're Different](http://www.informationweek.com/devops/agile-vs-devops-10-ways-theyre-different/d/d-id/1326121)
* [DevOps.com](https://devops.com/)
* [DevOps and Agile](https://www.scrumalliance.org/community/articles/2014/april/devops-and-agile)
* [DevSecOps.org](http://www.devsecops.org/)
* [Continuous integration](https://en.wikipedia.org/wiki/Continuous_integration)
* [How are DevOps and Agile different?](https://www.quora.com/How-are-DevOps-and-Agile-different)
* [How are Lean, Agile, and Devops related to each other?](http://www.agileweboperations.com/lean-agile-devops-related)
* [Importance of Agile in 2016](http://e5workflow.com/blog/importance-of-agile-in-2016/)
* [IT Operations Only Does 4 Things.](http://valueflowit.com.au/it-operations-only-does-4-things/)
* [ShiwaForce: What is DevOps?](https://www.shiwaforce.com/mi-az-devops/)
* [The Agile Admin: What is DevOps?](https://theagileadmin.com/what-is-devops/)
* [The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations](https://www.amazon.com/DevOps-Handbook-World-Class-Reliability-Organizations-ebook/dp/B01M9ASFQ3/ref=dp_kinw_strp_1)
* [The Phoenix Project](http://www.itrevolution.com/book/the-phoenix-project/)