SHIFT Enables
Low-Side DevSecOps
for High-Side IaC
The shortage of cleared software developers is a longstanding problem, especially when it comes to cloud-native software development. Yet not everything needs to be done on the high-side, since it is generally the data that is classified, not the software.
We developed SHIFT as a low-side development and testing environment that emulates high-side and restricted government cloud regions. Using SHIFT, uncleared developers can do the bulk of the work on the low-side, and all are certain that the software won’t “break” once deployed in the highly secure classified cloud regions.
SHIFT isn’t limited to software alone. One of our national security customers is using SHIFT for ongoing development and testing of their Terraform cloud infrastructure, which they use for a Kubernetes-based extract/transform/load (ETL) and data lake application. Since this customer has a distributed development team with limited access to a sensitive compartmented information facility (SCIF), their development efforts are exclusively on the low-side. They must be sure that their infrastructure-as-code (IaC) is compatible with high-side cloud configurations and security before it gets there.
As part of their DevSecOps processes, they prepare their Terraform IaC for the high-side using a rigorous testing regimen that takes place within their continuous integration/continuous deployment (CI/CD) pipeline on the low-side. Their implementation uses a GitLab Runner within their SHIFT emulation environment that automatically tests all changes to their IaC deployment. Since the cloud infrastructure is the backbone of this ETL and data lake application, it is critical that no new bugs are introduced. Moreover, this customer’s code is automatically transferred to the high-side, so they must be certain that their workloads won’t break during deployment.
As they make changes to their infrastructure design to meet the requirements of expanding functionality and architecture, SHIFT ensures that the main-branch code stays operational on the high-side. Using SHIFT allows this customer to leverage remote, less expensive, uncleared developers to create their high-side-destined workloads. By integrating SHIFT into their CI/CD pipeline, each new feature is tested in an automated and repeatable way, enabling the team to efficiently and successfully “build low and SHIFT high.”