The Challenge
Implementing a robust DevSecOps environment can be a daunting and lengthy process, often stretching over months or even years, with particular challenges in high-security and air-gapped networks.
Introducing BEDDE by Varada Consulting
To address the problem, Varada has developed a proprietary methodology called BEDDE. BEDDE (Bulk Engineered Deliverable DevsecOps Environment) is a fully automated deployment of a DevsecOps environment leveraging Infrastructure-as-Code to rapidly field a full DevsecOps environment in 24 hours.
Varada leveraged its subject matter expertise and applied knowledge to engineer pre-configured automated Infrastructure-as-Code, leveraging Openshift for the infrastructure layer and a full suite of software including Gitlab as the primary DevsecOps engine. By fully automating rapid implementation of a full featured DevsecOps environment in a highly configurable format, Varada is able to rapidly deploy a full featured DevsecOps environment in 24 hours to its customers.
Alignment with the Navy's RAISE Process
BEDDE's design aligned seamlessly with the Navy's RAISE (Rapid Access and Incorporate Software Engineering) process which enhances and expedites the Risk Management Framework (RMF) process through the integration of automation, cyber verification tools, and DevSecOps pipelines certified by Cybersecurity Tech Authority. All security gates can be facilitated through Gitlab with a large portion preconfigured through BEDDE.
The RAISE methodology ensures that the created software meets stringent security standards and not only certifies DevSecOps environments but also grants authorization to software applications developed and operated within these environments.
Implementation & Results
The deployment of BEDDE marked a significant improvement in the Navy's cybersecurity capabilities. Its speed and agility in setting up DevSecOps environments enhanced the Navy's response to security threats and proved critical in various missions.
BEDDE has not only met the U.S. Navy's immediate cybersecurity needs but also set a new standard for rapid, secure software development. Its success suggests potential applications across other military branches and government agencies, indicating a shift towards more efficient national defense cybersecurity.