In-Q-Tel invests into Weave GitOps to modernize and bring compliance to government apps and infrastructure
Weave GitOps as the industry’s leading full-stack GitOps platform, enables organizations to manage their entire system across on-premise and GovCloud locations in a way that ensures security through repeatability and compliance controls.
Trusted Application Delivery: Security shifts left with GitOps and Policy as Code
DX at the Department of Defense: Platform One and GitOps
How the Department of Defense (DoD) uses GitOps to bake in security
Weaveworks today announces a strategic investment agreement with In-Q-Tel (IQT). The US government agency linked not-for-profit investor has chosen to invest in Weaveworks in order to help accelerate trusted application delivery and secure infrastructure operations within the US government.
Weave GitOps as the industry’s leading full-stack GitOps platform, enables organizations to manage their entire system across on-premise and GovCloud locations in a way that ensures security through repeatability and compliance controls. In-Q-Tel also intends to introduce and maintain modern operations with continuous compliance across an undisclosed agency’s applications and multiple managed environments.
After helping transform DevOps teams in dozens of mature organizations such as the Department of Defense, Fidelity, and Deutsche Telekom, we are confident that Weave GitOps can help In-Q-Tel’s government partners usher in modern application deployment and maintenance processes, which is the next phase of their digital transformation, said Alexis Richardson, founder and CEO of Weaveworks.
In this post, we delve into the challenges and opportunity to modernize the deployment process in a compliant manner.
Continuous Delivery (CD) has long been an end goal of software development. There is a vision where new versions of software end up in the hands of the users with nothing but automation in between. We all like to talk about how many deployments a day we are able to do and vendors love to exclaim how they have reduced deployment cycles from months to days. But to focus solely on the end result is missing the value of the entire process and certainly negates a lot of the complexity required for an enterprise organization and even more so for a regulated industry or government agency.
Modernizing Complex Applications through shifting left
Government agencies are tasked with a particularly difficult mission bringing exceedingly complex applications into the modern world. Digital transformation programs spend a lot of time configuring environments and rewriting code. Given the nature of these applications as much time must be spent on the security and data management requirements for those environments. Modern cloud environments mean that security requirements and procedures have to be updated and applied in parallel to the migration of the applications into these environments. Due to the unique requirements of these Agencies the right controls and capabilities must be built in right from the start.
Over the past years, we have seen the most successful implementations where policy and compliance is included from the start of development and continues throughout the development cycle. By shifting thes compliance and security tests to earlier in the development cycle we can reduce the cost of resolving them and speed up deployments - this is where GitOps comes in.
GitOps Enables Trusted Delivery
Trusted Delivery brings together GitOps automation and policy-as-code controls. This means common security and compliance controls are embedded in the software deployment pipeline. Automation ensures that guardrails are put around the process, continuously testing that the right controls are being applied.
With GitOps we have a definitive record of every aspect of a deployment - this plays well in situations where we want to guarantee that a deployment is compliant. By enforcing policy during the deployment, we can ensure that it meets the appropriate standards no matter who is doing the deployment, or what environment the software is being deployed into.
Government partners need to deploy trusted applications across a wide range of deployment environments, including across multiple cloud providers, in hybrid cloud scenarios with on premise resources, and edge computing environments,” said Brinda Jadeja, Senior Partner, In-Q-Tel. “Weaveworks simplifies and automates the deployment and management of cloud native applications across heterogeneous deployment environments and makes the process of doing so consistent, secure, and repeatable.
Trusted Delivery with GitOps and Policy as Code
Download our latest whitepaper and learn how automated security and compliance checks, in the form of policy as code, make automated continuous deployments safe and secure.Download Now
Making Continuous Compliance in an Offline World a Reality
Software repositories have long been available in on-premise configurations yet often without some of the functionality and integrations that makes them so attractive for automation. The same can not be said for many of the other tools necessary to operate a complete environment. Those tools are typically offered as SaaS models only and rarely integrate well with on-premise repositories and systems.
When evaluating management and compliance software, make sure to confirm if it will be able to function as desired in your disconnected or firewall environment. Also ensure how policy updates are done, how reconciliation agents contact the source and hosts (push vs pull model), and whether things even continue to run when unable to validate entitlements. By centralizing everything required for infrastructure, applications, and policy in a local Git repository, teams can be confident that it is available to all of your protected systems. It also allows access by security teams and management so they can audit every piece of the equation and ensure it adheres to the established policies.
Policy agents running within your systems should continue to operate with the most recent rules that they have fetched. A continuously running multi-layer approach to enforcing policy at code submission, deployment, and ingress will help ensure that systems remain compliant. If manual changes are made to the code or the system, the agents should automatically correct and report on the violation.
If you want to learn more about trusted delivery and how we can help address secure automation, (enforcing security and compliance, application resilience and coding standards) from source to production, ask us for a demo.