How devsecops is helping Australian companies modernise CI/CD for today’s risks

But baking security into new architectures requires both technology and culture change, as Australia Post and Officeworks have learned.

Tech Spotlight   >   Cybersecurity [IFW]   >   Hands at a keyboard with binary code on the display.
M-A-U / Getty Images

Application development moves quickly at Australia Post, the government-owned postal and package delivery giant that was already pushing hard into digital transformation and devops before the COVID-19 pandemic’s stay-at-home orders sent demand for its services through the roof.

As that demand increased, the company’s developers got progressively busier—and that pushed the company to look for a better way to manage and secure a continuous integration/continuous delivery (CI/CD) pipeline whose scope and intensity had outgrown the Atlassian development environment adopted by the Platform Engineering team more than five years ago.

With an increasing focus on cloud-based applications and delivery within Amazon Web Services, tools like Bamboo, BitBucket, and Crowd were struggling to keep up with an accelerating devops-driven development cycle in which Australia Post developers were pushing out 37 nonproduction and seven production deployments every business day.

What was initially a team of about 50 developers had ballooned out to 300 people across engineering, delivery, and business cohorts as well as central services like security, strategy, architecture, and enablement services—and the static CI/CD platform had failed to keep up.

“When it was put together years back, our tooling did an amazing job for what it was conceived as,” said engineering manager Nitin Sharma during a recent IQPC webinar, “but there was no active investment made to re-evaluate the needs of our developers.”

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022