The Department of Defense (DoD) and many other organizations are moving towards Agile and infrastructure as code (IaC). This shift improves efficiency and provides more robust security, leading to capabilities such as continuous monitoring and shortened authorization to operate timeframes. Learn more about the DoD software factory and how Elastic fits in.
2. 2
This presentation and the accompanying oral presentation contain forward-looking statements, including
statements concerning plans for future offerings; the expected strength, performance or benefits of our offerings;
and our future operations and expected performance. These forward-looking statements are subject to the safe
harbor provisions under the Private Securities Litigation Reform Act of 1995. Our expectations and beliefs in light of
currently available information regarding these matters may not materialize. Actual outcomes and results may differ
materially from those contemplated by these forward-looking statements due to uncertainties, risks, and changes in
circumstances, including, but not limited to those related to: the impact of the COVID-19 pandemic on our business
and our customers and partners; our ability to continue to deliver and improve our offerings and successfully
develop new offerings, including security-related product offerings and SaaS offerings; customer acceptance and
purchase of our existing offerings and new offerings, including the expansion and adoption of our SaaS offerings;
our ability to realize value from investments in the business, including R&D investments; our ability to maintain and
expand our user and customer base; our international expansion strategy; our ability to successfully execute our
go-to-market strategy and expand in our existing markets and into new markets, and our ability to forecast
customer retention and expansion; and general market, political, economic and business conditions.
Additional risks and uncertainties that could cause actual outcomes and results to differ materially are included in
our filings with the Securities and Exchange Commission (the “SEC”), including our Annual Report on Form 10-K for
the most recent fiscal year, our quarterly report on Form 10-Q for the most recent fiscal quarter, and any
subsequent reports filed with the SEC. SEC filings are available on the Investor Relations section of Elastic’s
website at ir.elastic.co and the SEC’s website at www.sec.gov.
Any features or functions of services or products referenced in this presentation, or in any presentations, press
releases or public statements, which are not currently available or not currently available as a general availability
release, may not be delivered on time or at all. The development, release, and timing of any features or functionality
described for our products remains at our sole discretion. Customers who purchase our products and services
should make the purchase decisions based upon services and product features and functions that are currently
available.
All statements are made only as of the date of the presentation, and Elastic assumes no obligation to, and does not
currently intend to, update any forward-looking statements or statements relating to features or functions of services
or products, except as required by law.
Forward-Looking Statements
3. 3
• Built-in Security avoids downstream issues
• Added complexity requires integrated Operations
What is DevSecOps?
• Back in the day there were only Developers
More than a buzzword, it’s a bunch of buzzwords!
SecDev Ops
And thus was born…
5. 5
• Processes: aligned to support and
enable Agility
• Technologies: simpler in some ways,
more complex in others
DevSecOps: Assemble!
It takes people, processes and technologies working together
• People: not just Devs, Ops, & Sec – the
supporting teams must be Agile too!
6. 6
The DoD Enterprise DevSecOps Initiative (DSOP
• DSOP is a joint effort of the DoD Chief Information Officer, the
Office of the Undersecretary of Defense for Acquisition and
Sustainment, and the DoD Services
• Managed by the USAF Chief Software Officer
• Providing centralized services for:
• Selecting, certifying, and packaging tools and services for use in DSOP
• Managing the approved artifact repository and scalable microservices architecture
• On-boarding, training, and support assisting in the adoption of DevSecOps
• Concurrently establishing acquisition procedures and
contracting language to enable and incentivize DevSecOps
A brave new world for the DoD
7. 7
The Benefits of DevSecOps to the DoD
• Tremendous cost and time savings
• Avoid software vendor and cloud platform lock-in
• Ensures application portability across enterprise and environments
• Enables rapid prototyping, orchestration, deployment, & feedback
• Baked-in best practices, security, and zero-trust principles
• Continuous testing and security, which in turn enables…
• Continuous Authority to Operate (ATO authorize once, use many
• Which allows for fast-tracked acquisition timelines, which enables Agility…
• Which lets the DoD adapt faster to address threats
By their own estimation…
8. 8
Building Blocks of the DSOP
• Software packages/containers get built on a common set of
pre-hardened images (e.g. Red Hat UBI
• Containers are pushed to an asset repository for continuous
scanning and authorization (Repo One)
• Approved containers are made available to consumers via a
centralized marketplace (Iron Bank)
• Hosting environments (e.g. Platform One) deploy approved
containers to production systems with all the benefits of
DevSecOps
The road to DoD DevSecOps
9. 9
Ready for DevSecOps?
Our people have the Agile mindset
Our methodologies are prepared to sprint
The repo is hardened
Containers are springing to life
Wait… Are we sure? How do we know?
Observability: Monitor and Measure!
11. 11
No shortage of things to monitor
On-premises | Cloud(s)
Hardware | Virtualized | Orchestration
Bare OS | Images | Containers
Services | Applications
Organizational Data
Availability
Performance
Environment
Access
Metrics
Network
Logging
15. 15
Making data shareable and scalable
Normalize via a common schema to streamline analysis & correlation
ECS
cluster_1
host.ip
client.ip
DeviceIP
source_ip
address
ip_addr
ip
ECS
cluster_2
host.ip
host.ip: 192.168.0.4
host.ip
19. 19
• What is the DSOP? It’s an Agile-based
way to deploy & manage capabilities to
a pre-approved secure ecosystem.
• Why Elastic? Elastic lets you monitor all the
things in one place, so you can measure your
success and better plan for the next cycle.
In summary…
If the DoD can do it, so can you! Elastic can help!
• What is DevSecOps? It’s a philosophy, a
methodology, and a workflow all wrapped
into one pretty overloaded buzzword.
20. 20
Now we’re ready for DevSecOps!
Monitoring and measuring all the things...
Please pardon the
meme battle.