Tag Archives: Atlassian

Building a DevSecOps Culture

Posted on by
Reply

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in Carahsoft’s Innovation in Government® report.

 

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

 

How Generative AI Improves Software Security  

Carahsoft FCW July DevSecOps Blog Embedded Image 2023“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

 

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

 

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

 

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

 

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

 

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

 

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

 

Join us in-person for our must-attend DevSecOps Conference—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Unpacking Digital Transformation

Posted on by
Reply

At long last, Government agencies are getting some real support for their modernization and transformation initiatives. Through the Technology Modernization Fund (TMF) and the American Rescue Plan (ARP), Congress is providing significant funding for updating or replacing legacy systems, with a focus on both improving the security of government systems and delivering better services. The opportunity, now, is to make those investments pay off. How can agencies cut delivery times and meet expected outcomes? Download the guide to access worksheets, step-by-step guidelines, government and industry insights, and other resources that can help agencies launch transformation initiatives—and deliver on them.

 

Supercharge Your Agency Service Management

“Using cloud solutions, organizations can automatically scale up their systems when constituent demand is high and down when demand is lighter. This enables agencies to be more responsive, efficient and constituent-friendly. Most federal agencies are going through a major digital modernization effort, replacing outdated/ legacy systems with cloud-based solutions, said Sandra Trumbull with Atlassian, a software-based company. And self-service — whether through guided prompts, artificial intelligence or other methods — is increasingly important because users are more empowered and typically obtain faster responses service teams have fewer headaches, agencies can lower their service costs, and everyone receives a better overall experience.”

Read more insights from Adaptavist’s Phill Fox, Principal Customer Success Advocate, and Atlassian’s Sandra Trumbull, Enterprise Solutions Advocate.

 

IIG GovLoop Digital Transformation Blog Embedded Image 2023How Agencies Are Driving Innovation to the Edge

“Not so long ago, Air Force communications meant radios that transmitted information about where to go and what was happening. Now, digital input is being delivered directly into the cockpit. ‘We’re talking about a situation where edge capability expands the envelope of the missions that we can get accomplished and changes the ways in which we can accomplish them,’ said Winston Beauchamp, Deputy Chief Information Officer for the Department of the Air Force. Currently, the service uses edge computing in its Agile Combat Employment, a scheme of maneuvers aimed at increasing survivability while generating combat power. If warfighters are under threat at fixed bases, they must move to alternate locations quickly — and those might not have all the infrastructure of a traditional base. ‘Edge technologies enable you to deploy to that location that you need to accomplish that mission without a huge footprint,’ Beauchamp said.”

Read more insights from Red Hat’s Government Symposium.

 

Data, Data Everywhere, but Not a Byte to Eat

“The first element of intelligent data management is visibility: Where is agency data located? And directly associated, Breakiron said, is accessibility, knowing how the agency organizes and uses its information, and what the data’s condition is. ‘We often find, especially in the government, in excess of 50% of the data hasn’t been touched for as much as five years,’ he explained. ‘And we also find that about 20% of the data, you couldn’t talk to if you had to.’ Commvault calls that “orphan data,” and it’s akin to having a VHS tape but no VHS player with which to view it. An intelligent data management system creates a tiered storage approach that identifies long-ignored information, allowing an archival model for ‘pennies to the dollar vs. thousands of dollars in storage costs,’ he said.”

Read more insights from Commvault’s Richard Breakiron, Senior Director for Strategic Initiatives for the Federal Sector.

 

Build a Functional Ecosystem Through Cloud Architecture

“While technology is at the core of a total agency transformation, Chang advised against having it ‘dragging process and then dragging people along.’ The process and the people need to move along with the technology instead of clinging to its shirttails. ‘One thing I would offer as a piece of advice, having done multiple transformations in the Federal Government, is invest in upskilling your people,’ said Chang. ‘If your people can’t use the technology — no matter how great the technology is — the organization as a whole does not move forward.’ For federal environments, he urged technology upskilling to improve employees’ data literacy, analytics awareness and coding abilities — or at least to provide a basic familiarity with those activities.”

Read more insights from Snowflake’s Winston Chang, Chief Technology Officer for the Global Public Sector.

 

How Open Source Database Technology Can Support Transformation

“Modernizing your applications and services without modernizing the underlying database is like buying a new car but installing your old engine. You’re just holding yourself back. That’s the experience of Enterprise DB (EDB), which provides tools and services to large organizations adopting PostgreSQL (Postgres), a relational database management system based on open source technology. Like other enterprise-grade, open source systems, Postgres helps organizations avoid the rising licensing costs and vendor lock-in that come with proprietary software, said Jeremy Wilson of EDB. But just as importantly, Postgres is rapidly replacing legacy, proprietary software as a platform for innovation.”

Read more insights from EDB’s Jeremy Wilson, CTO of North America Public Sector.

 

Transforming With Visibility and Agility

“Staff working their way through a digital transformation, such as a cloud migration, will need new skillsets. They’re going to use new services and capabilities — and none of them will be the same, Shopp said. SolarWinds helps users build knowledge, intelligence, configuration smarts and cloud awareness, he explained. ‘Intelligence in a box,’ as Shopp called it, is codified into SolarWinds products and helps agency employees monitor workloads. ‘When it comes to understanding your infrastructure and your workloads, no matter where they reside — on premises, the cloud or hybrid — we’ve got you covered,’ Shopp said.”

Read more insights from SolarWinds’ Brandon Shopp, Group Vice President of Product.

 

Observability Made Simple

“The task of monitoring these complex systems gets more complicated, too. ‘The question is, how do I know there’s an issue?’ said Brian Mikkelsen of Datadog. ‘Is it when the tickets start flowing, when complaints increase, when your leadership team asks why something isn’t working?’ None of those options is ideal. Datadog’s application performance management platform provides a real-time window into the digital environment, identifying performance and security issues — quickly. Its ‘full stack’ hybrid infrastructure capability means everything from the back end to the front end is monitored and reported via infrastructure metrics, application performance traces, and correlated logs.”

Read more insights from DataDog’s Brian Mikkelsen, Vice President and General Manager.

 

Download the full GovLoop Guide for more insights from these digital transformation leaders and additional government interviews, historical perspectives and industry research.

Best Practices for Implementing DevSecOps

Posted on by
Reply

It’s not surprising that the development, security and operations approach to building software is the darling of IT teams across the government. It’s essential given the current mandate that agencies move toward zero trust environments. Having secure software is fundamental, and DevSecOps helps agencies get there and deliver user-tailored applications faster. Less clear is the best path for implementing DevSecOps. That’s in part because the missions and goals of agencies vary. No matter where your agency is on adopting DevSecOps, it’s critical to realize that — like most things IT — moving to a methodology for software that integrates development, security and operations is not just a matter of making the right technology choices. There’s a major people and workflow component that requires people teaming up and collaborating in new ways. Download the guide to learn how the lessons learned by federal agency and industry experts will help you as your agency embraces DevSecOps.

 

5 Essential Ingredients to Make DevSecOps the Heart of Your Agency’s Digital Transformation

“There’s no denying the value of a development, security, operations approach to creating software and applications. Here’s why: ‘The government is building better quality software. They are getting it deployed faster. Security teams are involved in the beginning, middle and end — every step along the way,’ said Adam Clater. But beyond the blending of an agency’s development, security and operations teams, what are those must-haves to make DevSecOps succeed and drive digital transformation? Clater identified five critical elements necessary to DevSecOps and establishing a continuous integration and continuous deployment pipeline. That CI/CD pipeline serves as the agile workflow conduit for DevSecOps, he said.”

Read more insights from Adam Clater, Chief Architect for North America Public Sector at Red Hat.

 

FFN Expert Edition November DevSecOps Blog Embedded Image 2022 How Effective DevSecOps Enables More Secure Software Development

“The legacy model of software development is one of the biggest roadblocks to delivering secure applications at the speed that modern consumers and citizens expect. Taking a manual approach to security after the initial development build can leave teams with a remediation timeline measure in weeks, if not months. That’s why it’s important for federal agencies to adopt a development, security and operations (DevSecOps) approach, which weaves security into every step of software development from design to build and beyond. Unifying development and security processes while also automating scanning throughout the application lifecycle — not just during development — can help agencies deliver more secure software faster and at a lower cost, better positioning themselves to adopt a zero trust architecture.”

Read more insights from Ted Rutsch, Federal Sales Manager at Invicti Security.

 

Embracing DevSecOps Requires a Mindset Shift and Simple (Not Simplistic) Tools

“DevSecOps — development, security and operations — is the new standard for delivering secure software at the pace that customers and citizens expect from their government today. This is accomplished by integrating security with development and operations teams at the start of the process. But despite its focus on delivering technology-enabled solutions that ensure security is considered from the very beginning rather than an afterthought, what often gets lost in the shuffle is that technology is only one component. DevSecOps requires a mindset shift that revolves around people and processes just as much as technology.”

Read more insights from Joe Bleich, Director of Sales at Datadog.

 

Lesson Plan for Accelerating Adoption of DevSecOps in Your Agency

“DevSecOps teams have a reputation for being able to ship secure software quickly, and that has a lot to do with software being assembled from open source libraries and not built from scratch. A recent Gartner report shows 70% of software is built using open source packages, and an average of 75% of these packages have vulnerabilities at any point in time. Teams that don’t prioritize continuous visibility on their security posture are at risk. And they could be building on top of vulnerable systems with unresolved day zero vulnerabilities. But it’s possible to mitigate the risk by leaning into continuous transparency throughout the development stack.”

Read more insights from Atlassian’s Senior Designer, Nupur Aggarwal, and Senior Product Manager, Andrew Pankevicius.

 

How to Structure a Successful Software Factory

“One of the best ways government can begin to facilitate this mindset shift is to cultivate the right leadership. Oti said the first step is to hire leadership based off capabilities rather than career field. It doesn’t matter if a software development team is led by an engineer, data scientist or program manager. What matters is that person has the vision and skill sets to lead a cross-functional team. If delivering high-quality software is the highest priority for a development team, then a proven ability to deliver needs to be the highest priority in choosing its leadership. And because DevSecOps requires the integration of multiple (traditionally stove-piped) job functions, cross-disciplinary empathy and understanding is also an important metric in gauging potential leadership for a development team. Degrees and seniority are irrelevant, Oti said. In the Air Force, successful software development teams are led by officers, enlisted Airmen, civilians and even contractors.”

Read more insights from Enrique Oti, Chief Technology Officer at Second Front Systems.

Download the full Expert Edition for more insights from these DevSecOps thought leaders and additional government interviews, historical perspectives and industry research.

Using Modern, Agile Dashboards to Power Today’s Government Programs

Posted on by
Reply

Nearly every federal agency is currently tackling a major IT modernization project. The need for functional, transparent, and user-friendly project management systems has never been higher. But tracking, managing, and overseeing these projects can be difficult for the agencies involved. Projects like the Federal IT Dashboard that the General Services Administration (GSA) successfully relaunched in March 2022 is an example of how a unified, user-friendly, and cost-effective dashboard can give agencies the tools they need to manage an expanding portfolio of projects. This ambitious project, taken after the previous dashboard had aged and become too costly to maintain, is a big step forward for the agency.

The GSA wanted to create a one-stop, accessible version of the resource, which gave agencies the insight they needed to understand and better manage their IT portfolios and investments. Their investment in a contemporary, easy-to-use dashboard is a testament to the role that a powerful, modern dashboard system plays in government program management. A well-built dashboard delivers an overview of the agency or program’s state of affairs, giving agencies the visibility they need to make informed decisions.

Atlassian Dashboards Management Blog Embedded Image 2022The Value of a Single View Across Complex Programs

One of the biggest advantages a dashboard can bring to an agency is the ability to zoom in and out of complex, multi-faceted programs and projects. This interactivity lets agencies gain insight into their project and program structures at multiple levels.

Dashboards also help with project tracking, transparency, and accountability across internal and external stakeholders. The dashboard becomes an interactive map, allowing users to dive into the details at each level of the projects they contain, giving leaders the big-picture view they need to see the impacts of a multi-faceted project.

Custom dashboards are built for an agency with a specific use in mind. While these solutions offer incredible levels of customization, they can often be costly to develop and maintain. Fortunately, there are other options that are easy to use, quick to implement, and more cost-effective than their custom counterparts. Powerful enterprise dashboard platforms are one such option. They deliver a secure, easy-to-use, simple-to-understand viewpoint that can scale from the 10,000-foot view across the program portfolio to individual tasks in a single project.

The ideal platform can bi-directionally integrate with one or more instances of the agency’s favorite project management tool to deliver an aggregated, strategic, enterprise view of everything happening across those projects and programs. It’s also important to have native integration on top of a preferred project management platform. This can bring visibility to the work being done across multiple projects and programs and delivers insights that a standalone project management tool couldn’t, such as tracking overall operational performance and measuring risk.

Working with modern commercial software can help agencies of all sizes use informative, easy-to-use dashboards, helping teams connect strategies with their technical execution at a glance. As a strategic portfolio management tool, powerful dashboard platforms that integrate with a world-class project management tool let agencies see the bigger picture without having to invest in costly tools that are built from scratch and outdated as soon as they are deployed.

Here at Atlassian, we’re celebrating the modern, agile approach to project dashboards, and we encourage agencies to consider adopting similar solutions in the spirit of financial and developmental efficiency. Our mission is to help unleash the potential of every team. We believe effective dashboards can be a key component in bringing agency teams together to help them achieve their missions. 

Download our whitepaper “Jira Align: Key Steps Toward an Adaptive, Efficient, and Effective Government” to learn how Atlassian is helping agencies meet their mission requirements!

Atlassian Hosting: Advantages of Using a FedRAMP Authorized Provider

Posted on by
Reply

One of the most challenging topics any IT team might find themselves struggling with today is Federal security compliance. FedRAMP compliance is notoriously difficult to achieve. Layering on the complexity of supporting a development team that needs specific application support for their Atlassian dev tools can make this challenge seemingly impossible.

That’s where a third-party hosting and managed support partner can help you save the day. They can simplify this process to help you achieve whatever level of compliance your team needs.

Security

Above all else, FedRAMP is a security driven compliance. If your company is doing business with the Federal Government, FedRAMP is likely a firm requirement. Achieving FedRAMP-authorization can be difficult, and finding a hosting partner that offers FedRAMP compliance can be a challenge. If you do find a hosting provider that can offer you FedRAMP compliant hosting, you may still be on the hook for managing everything from logical access controls to log aggregation. It is even more difficult to find a hosting provider than can also support your requirements at the application level. Finding a hosting partner who understands the intricacies of development teams and, in particular, Atlassian tools is vital to your success.

FedRAMP compliance requires a great deal of focus and specialty from a hosting provider. Chances are, your internal IT team and Atlassian application admins are not FedRAMP compliance specialists. One of the biggest advantages of leveraging a FedRAMP compliant provider is that you do not need to reinvent the wheel. You can rely on an existing Authority to Operate (ATO) that shaves off months of deployment timeframes and security compliance management.

Service

Managed FedRAMP hosting for your Atlassian tools through a provider allows your internal teams to focus on using the tools and not managing the red tape of achieving compliance.

Some of the specific service advantages you can receive for your Atlassian hosting needs on our FedRAMP compliant service platform include comprehensive monitoring for security and compliance, performance tuning and application optimization, managed OS level patches, security fixes, necessary updates, and upgrades that can make delivering your work easier.

Process

Additionally, leveraging a FedRAMP-authorized partner for your Atlassian needs will allow your team to satisfy operational and logical controls that frequently become burdensome for internal IT. Certified compliance processes assure you will receive the highest level of support for Physical Access Controls, Logical Access Controls, Network Access Controls, and general security policy requirements. All of this means that your team will be able to spend more time using your Atlassian dev tools and less time managing compliance and security.

Performance

Getting the best performance out of your Atlassian apps in a more restrictive FedRAMP compliant hosting platform can also be a challenge. Be sure to find a hosting provider that’s an expert on Atlassian environments. Your hosting partner can architect an environment that will get you the best of both worlds, compliance, and performance.

Enter Contegix, the only Atlassian-focused, cloud application service provider that offers managed FedRAMP compliant hosting platforms.

We have been hosting and supporting Atlassian applications since their inception in 2002. By managing the compliance framework and providing expert support for your Atlassian applications, you can sleep soundly knowing your critical data is secure and well taken care of.

Contact us today if you are interested in learning more about Managed Atlassian Hosting and how Contegix can help relieve the burden of compliance management through our FedRAMP compliant hosting platform.

Why Knowledge Management is the Next Best Step for Your Agency

Posted on by
Reply

The Field of Knowledge Management

As government agencies grow in size and workload capacity, it becomes more important to track ideas and information within the workplace. Working with disorganized and unattainable information impedes work flow, causes hesitancy, and precipitates the loss of ideas. The key solution for combatting workplace disarray is an effective knowledge management strategy—the discipline of creating, organizing, documenting, structuring, and teaching accessible information. While implementing organizational strategies may not be a priority for every agency, it is imperative to ensure work processes run efficiently. Agencies save time, money, and resources by investing in knowledge management.

Workplace Problems & Management Solutions

Several issues arise for agencies without proper knowledge management that can result in miscommunication, poor workflow management, and inaccessibility across teams. The two most prevalent issues are the absence of planning and inadequate training. Fortunately, there are solutions that can improve efficiency, workplace progress and team organization.

The first barrier to workplace progress is the lack of planning and notetaking. Without proper notetaking during meetings, important information is not captured accurately. This information is then exchanged between multiple parties and stakeholders where it may be passed along incorrectly. Sharing inaccurate information wastes time and effort. Instead, meeting organizers should create detailed, relevant notes and make them immediately accessible for all involved parties. By distributing meeting notes while the topic is still clear in everyone’s memory, organizers can reduce misinterpretation from secondhand information and bring clarity to the topic.

The second barrier to workplace progress is inefficient team training. Oftentimes, teams have unspoken norms and internal standards that are not formally passed on to new employees. New team members cannot always pick up on these norms, especially while they are adjusting to a new environment. Prepared training materials help new employees onboard and adapt more quickly to a team environment. With a standardized training process, new hires will effectively learn team stratagem with an equivalent level of comprehension.

Atlassian Kunz Leigh Knowledge Management Blog Embedded Image 2022Improving Cybersecurity in Software Development using Knowledge Management

Effective knowledge management encourages teams to record and actively monitor risks to avoid jeopardizing goals or projects. Software development teams have a variety of standards to follow. Knowledge management best practices will document team standards and testing protocols to ensure code is written consistently, efficiently, and securely. By implementing effective knowledge management strategies, agencies can achieve compliance by ensuring software meets legal and cybersecurity standards.

Knowledge management is vital to accomplishing software development and cybersecurity goals. This includes enforcing security parameters, ensuring that software is legally compliant, and generating high level conversations and planned processes. For example, if high level conversations and security training are enforced throughout an agency, the chance of an unsuspecting employee breaching security by engaging with spam is diminished.

A Successful Communication Process

Knowledge management strategies are useful in various agencies and disciplines, such as government processes, workplace strategies, job tooling, or question and answer forums. Utilizing knowledge management assists employees by organizing resources into a single, available location and ensuring that information and resources are secure, accessible, and easy to understand. While knowledge management workflows vary between companies, a few core steps should guide how managers approach the process.

First, managers should determine what problems exist due to a lack of thorough communication. When diagnosing the issue one should ask the following questions: Is there information that is inaccessible? Is there information that’s only passed by word of mouth that should be written down? Is there information that is not articulated clearly?

Second, managers should guide their team to standardize the process of capturing and consolidating information for future reference. This information can manifest itself in the form of training guides or manuscripts. When consolidating information, meeting organizers should consider what information is most relevant to capture and incorporate into organizational strategies. Then, agencies should ensure that all information is kept in a central location to be accessed and shared by all relevant parties.

Third, managers must continually reevaluate and optimize current knowledge management strategies to ensure that problems are effectively solved. If issues persist, agencies must identify the related hurdles and revise their strategy.

Making the Right Decision for Your Agency

By implementing knowledge management processes, agencies can save time, money, and resources. Through recorded information, monitoring workplace processes, and accessible notes, knowledge management methods improve communication and team building.

Atlassian Secure Knowledge Management

Atlassian helps government agencies improve their ITIS, ITSM and service desk processes with knowledge management solutions. Atlassian can help improve your agency’s knowledge management security by hosting an open and connected platform directly tied to your work, serving as a centralized, organized and searchable knowledge hub, and delivering enterprise-grade security for knowledge management. Learn more about secure knowledge management with Atlassian or schedule a demo with an Atlassian expert for live product training!

Making the Most of the Infrastructure Investment and Jobs Act

Posted on by
Reply

 

Breaking funding barriers to invest in infrastructure and more

The Infrastructure Investment and Jobs Act (IIJA) provides a historic $973B investment into America’s growing backlog of infrastructure needs. For decades, roads, bridges, water and wastewater networks, ports, and electrical grids have all lacked the funds needed to repair them. Besides addressing these critical infrastructure needs, the IIJA also includes $550B of new investments addressing critical, forward-thinking priorities such as digital equity, cybersecurity, and resiliency. This historic bill will help federal, state, and local government agencies address some of their community’s most critical needs.

There’s a great deal to look forward to in the IIJA, but it is also more complex than the other recent stimulus bills, such as the CARES Act and ARPA. As we all begin to unpack the benefits contained in it, one thing is for sure—it’s going to take time and effort for agencies involved to build and efficiently administer the new programs outlined. This will be a big undertaking, but agencies can lessen the load by ensuring their systems are leveraging modern tools that enable automation, speed, and agility.

3 steps to prepare your agency for the IIJA

Agency project management needs are about to explode. Federal agencies like the Department of the Interior or Department of Transportation will need to build processes and applications for receiving proposals, awarding discretionary funds, and tracking results. Meanwhile, state and local governments are going to need to manage most of the infrastructure projects themselves. Workflows, permits, inspections, contractors, and resource allocation will all be part of the process. That’s a lot to keep an eye on. For your agency maximize this once-in-a-generation investment, you’ll want modern technology solutions that bring together the agility, efficiency, and security you need to make it happen.

Replace outdated project management tools

How often do you find yourself hunting down details on a project’s status or trying to figure out why a project that was due yesterday is still delayed? How often are you updating quad charts or exporting data to a spreadsheet in order to sort and filter for answers? If the answer is “every week,” a project management tool update might be in order.

Agile project management tools help coordinate work in real-time and give you a bird’s-eye view of a project so you always know how things are going. They also allow you to dive in and see progress and problems on the ground, letting you resolve bottlenecks before they affect larger portions of a project. The insights and automation delivered by a modern project management tool can also lead to smoother, more efficient workflows.

Atlassian IIAJ Infrastructure Bill Blog Embedded Image 2022Use an ESM approach with internal service workflows

An Enterprise Service Management (ESM) approach can save vast amounts of time within internal service workflows. Leveraging IT solutions to make workplace services from all departments more accessible and instantaneous can transform workplace efficiency. Forms with automatic routing and signatures, easy-to-set-up self-services with integrated knowledge guides, and efficient issue resolution can all become simple, intelligent online processes. This relieves the staff burden of phone support, filling in spreadsheets, and email overload. You can also use an ESM approach to ensure audit-ready communication trails are in place no matter how large a project is. Once your agency is up to speed, you can then expand ESM workflows to more efficiently engage with citizens.

Build in cybersecurity and verification best practices…right from the start

You already know security is crucial for agencies. Make sure it’s a top priority by using DevSecOps tools and methodologies when building new applications. DevSecOps takes the best practices of general DevOps, and adds security verification as an active, integrated part of the development process. A DevSecOps approach makes security a shared responsibility throughout an application’s lifecycle. This means building in security best practices from day one and having processes in place to update that security as standards change. It’s always simple to transition from waterfall to agile, but you don’t have to do it alone. You can find everything from hardened containers to Team Playbooks that can help your agency or program shift left.

 

Take advantage of this historic opportunity with Atlassian

Atlassian provides solutions that let you create a new framework based on automation, speed, and agility. We also provide best practices and playbooks for modernizing legacy systems. Whether you’re managing complex projects, building new efficient service workflows, or securely developing new applications, agency teams can work better together to turn this investment opportunity into meaningful outcomes for your communities. To learn more about how we help agencies create agile systems that bring everyone together, contact your Atlassian representative for more information.

Federal News Network Expert Edition: DevSecOps

Posted on by
Reply

The trend across civilian and defense agencies when it comes to software development is clear. People and culture matter the most when changing the way an agency develops software. Even with reskilling and training employees, agencies still aren’t guaranteed success in using DevSecOps. Many agencies need to become more comfortable with automating the security controls as well as change the way these projects are funded. Hear from leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency on how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers in the latest Federal News Network Expert Edition report.

 

Applying DevOps Principles to Achieve Software Supply Chain Security

“A recent survey sponsored by CloudBees showed that software supply chain security is top of mind for many senior executives right now. The problem is a general lack of clarity on what to do about it. A recent executive order from President Joe Biden’s administration charges several agencies, including the National Institute of Standards and Technology, with releasing guidance around this very issue. NIST’s preliminary guidelines were due in early November and not yet released at the time of this article.”

Read more insights from CloudBees’ CISO, Prakash Sethuraman.

 

5 Ingredients for Successful Mobile DevSecOps

“Applying DevSecOps principles to mobile app development is somewhat different from web. ‘If you think about a web application, it basically runs in any browser on any desktop or device in the world. So in terms of developing and testing it, you really just need to test it once or twice for one or two browsers. And in terms of coding, the browser and server provide a ton of security built in and easy for the developer to use,’ said Brian Reed, chief mobility officer at NowSecure. ‘For mobile apps, you have to choose iOS or Android. And if you do both, you have to write it twice, effectively. Unlike web browsers, to build apps for mobile devices, the developer has to understand how the mobile device and operating system works, how secure data storage works, how crypto works, how secure network communications works and a myriad of other security application programming interfaces (APIs).’”

Read more insights from NowSecure’s Chief Mobility Officer, Brian Reed.

 

Software Bill of Materials is the First Step to Improve Software Supply Chain Security

“A confluence of events, including the SolarWinds breach and the subsequent White House executive order on cybersecurity, has pushed software supply chain security center-stage for the federal government and the ecosystem of contractors that do business with it. It’s a top priority for many executives, but traditional notions of cybersecurity are proving inadequate to the current landscape, and the path forward isn’t always clear. So where do they start?”

Read more insights from Anchore’s Solutions Architect and Technical Lead, Jeremy Bryan.

 

4 Strategies to Overcome Obstacles in Adopting DevSecOps in Your Agency

“A recent survey conducted by Federal News Network in partnership with Atlassian revealed a large disconnect between IT and non-IT staff at federal agencies. Fewer than 10% of respondents said their business or mission area was heavily involved in setting project requirements for IT services. Two-thirds of respondents said they don’t get to comment on or review new technology capabilities during development or before they are launched. And 63% said collaboration within the agency was difficult.”

Read more insights from Atlassian’s Director of Technology for Public Sector, Ken Urban.

 

Download the full Federal News Network Expert Edition report for more insights on the future of DevSecOps from Carahsoft’s technology partners and leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency.

Best of What’s New in Legacy Modernization

Posted on by
Reply

 

The pandemic changed the risk equation for state and local governments around technology upgrades. In the past, state and local government CIOs had created orderly multi-year plans to push toward modern technologies, carefully weighing numerous factors and often facing pushback from public officials who didn’t want to fund updates if the old systems were still chugging along. In 2021 – after a vast shift to remote work, the increase in user-friendly digital services, and the innumerable changes to individual agencies brought on by the coronavirus – the modernization of legacy technology is seen through a new lens. Read the latest insights from industry thought leaders in legacy modernization in Carahsoft’s Innovation in Government® report.

 

Moving Modernization Forward in Spite of Disruption

“State and local CIOs are dealing with challenges that none of us ever thought they would have to face. The two most important things they can do are to drive automation and focus on hybrid cloud solutions. We all know the cloud is here to stay. We also know that legacy systems will take too long to migrate completely to the cloud. Embracing a hybrid cloud approach around modern solutions, where you can be partly on-prem as well as in the cloud, is going to help drive modernization and help systems become more effective more quickly. The second piece is automation. Automation has come a long way. It allows organizations to re-factor their workforce into their mission while automating simpler tasks. Artificial intelligence and machine learning are part of this and will become increasingly important as state and local leaders look to improve responsiveness and citizen engagement — both now and in the future.”

Read more insights Red Hat’s Vice President of State and Local Government and Education, Nancy Bohannan.

 

It All Starts with Collaboration

“A DevSecOps approach takes DevOps culture and methodologies and incorporates security from the very beginning. This brings enormous value to legacy modernization efforts. Many legacy systems were built using waterfall methodologies. That means they may not be regularly scanned for vulnerabilities or they were simply not built to handle modern scale. DevSecOps helps you avoid these issues. First, you will be more agile, as we’ve seen with DevOps. Second, you will build systems that are inherently more secure. Instead of thinking about security after a system is built and in production, you are doing so from day zero and doing so continuously even after you’ve “shipped” it. This is especially critical in cloud environments where shared resources and multi-tenancy are the norm rather than the exception.”

Read more insights from Atlassian’s State and Local Manager, Shayla Sander, and Solutions Engineer, Ken Urban.

 

IIG GovTech March Blog 2021 Embedded ImageFinding Opportunities for Modernization

“The pandemic pushed most organizations into firefighting mode. They don’t have the luxury of doing wholesale rewrites of legacy software, which often take years. At the same time, organizations need to make these systems more efficient in order to serve constituents and improve operations — especially during the pandemic. Instead of replacing systems, organizations are augmenting them by putting new technologies on the front end. These efforts solve some of the immediate problems; however, many legacy challenges remain because organizations just haven’t had time or resources to do the rewrites.”

Read more insights from Dell Technologies’ Chief Strategist and Innovation Officer, Tony Powell.

 

Contact Center Modernization: Raising the Bar on Customer Service

“Modernizing how you serve citizens should be a continuous process. Methods of communication change. Technology improves. A pandemic exposes weakness in an entire process. And all of these things must be addressed in the context of resource constraints. Organizations should look across their constituency and current platform and ask questions such as: Are we communicating effectively? Do we have the necessary tools to properly manage resources? Do we have a business continuity plan? Is owning and managing technology the best use of our resources? Regardless of the question, the key is to be proactive in your evaluations.”

Read more insights from Genesys’s Director of Solution Consulting for the North American Public Sector, Chad Cole.

 

4 Tips for Advancing IT Procurement

“Identifying and analyzing potential risks upfront can give jurisdictions more options to address urgent IT needs when a crisis hits, Paneque says. ‘Through a risk assessment you can delineate potential scenarios you might face in the future and where you can substantiate an emergency procurement to stabilize them,’ says Paneque. ‘Later, you can roll that approach into less urgent kinds of requirements that can either be sourced through existing contracts or with typical methods of procurement like an RFP.’”

Read more insights from former New York State Chief Procurement Officer, Sergio Paneque.

 

Download the full Innovation in Government® report for more insights from these legacy modernization thought leaders and additional industry research from GovTech.

Top 10 Blog Posts of 2020

Posted on by
Reply

2020 was an unprecedented year with certain trends in technology developing practically overnight. IT solutions such as cybersecurity and workflow automation became more important than ever as many across the nation began working from home. During this time, Government agencies have become more adaptable, security-focused, and driven to ensure the digital experience has and continues to be successful. Here’s a look back at our Top 10 Carahsoft Community Blog posts of 2020 featuring this year’s most popular IT topics.

 

1) IT TRENDS IN GOVERNMENT: The Cloud and Electronic Signatures

Digital experiences are at the center of most services that citizens utilize day-to-day, and throughout government they can impact access to important services, such as healthcare, food aid, and housing. In order to ensure that these services are adequately accessible to the public, proper measures must be taken to make content available across devices, adaptable for use by all users regardless of physical ability, and consistent in appearance.

The best way to achieve digital experiences that adhere to the aforementioned criteria is to utilize the appropriate technology, such as form creation software and electronic signature platforms, which are becoming increasingly prevalent. In this post, Carahsoft’s Senior Product Specialist, Ashley Weston, examines two of Government’s top IT trends to achieving key digital experiences—form creation and e-signatures.

 

2) How Federal Agencies Can Achieve Section 508 Compliance

Technology has enabled users with visual or other impairments to more easily navigate the world around them, and government organizations are increasingly expected to abide by basic digital accessibility standards and to comply with federal requirements.

One such requirement is aimed at federal agencies, ensuring the government’s digital presence is accessible to users with disabilities. Section 508, which is part of the Rehabilitation Act of 1973, mandates that all electronic and information technology used by the federal government—including websites, social media, job application portals, and more—must be accessible to the 60 million people in the United States living with disabilities. In this post, Addteq partnered with Atlassian to explain how federal agencies can achieve Section 508 compliance.

 

3) Tips and Tricks to Establishing a Successful Telework Environment

As swaths of organizations in the United States are forced to shutter their workplaces in the wake of the coronavirus pandemic, unprecedented numbers of employees are conducting business as usual—from the safety of their homes. Some states have placed restrictions on nonessential businesses, and many organizations—including government contractors—have taken the initiative to encourage employees to work from home. In this post, Carahsoft’s Adobe Product Specialist discusses tips and tricks to successfully establish a large scale Telework Environment during the beginning stages of the coronavirus pandemic in the Unites States.

 

4) Evolving Kubernetes into an Enterprise Container Platform

State agencies and academic institutions are increasingly challenged to keep up with the speed of innovation while meeting stakeholder demands and expectations. By turning to container-based services, organizations enable efficient, affordable application delivery and cloud migration. Kubernetes, an open source platform, is the industry standard in container orchestration technology, but managing and running “do it yourself” Kubernetes is easier said than done. In this post, Red Hat experts explain how organizations can use container-based services to enable efficient, affordable application delivery and cloud migration.

 

5) Start Your Agency Off on the Best Cybersecurity Foot With Federal Frameworks

According to the SolarWinds 2019 Federal Cybersecurity survey report, threats posed by careless and malicious insiders and foreign governments are at an all-time high. The report found 56% of federal government IT leaders surveyed considered careless or untrained insiders as the most significant threat to their organizations. Fifty-two percent said foreign governments are the primary menace to their agencies.

Despite this, federal agencies surveyed believe their ability to detect and prevent insider and malicious external threats has improved over the last year. Agencies attribute this confidence to updated federal regulations and mandates that give them the ability to better manage risk as part of their overall security posture. In this post, we spoke with SolarWinds about how agencies can effectively tailor their cybersecurity frameworks.

 

Top 10 Community Blogs 2020 Embedded Image6) 3 Reasons Federal Healthcare Agencies Need Cloud Computing

It’s been six years since U.S. healthcare providers were required to integrate medical records into electronic systems under the American Recovery and Reinvestment Act. Since then, newer mandates have continued to encourage digital data sharing and interoperability within healthcare organizations.

A natural next step in the digitization of healthcare records is storing that data in the cloud, where it can be securely accessed and updated by healthcare teams. Additionally, when paired with cutting-edge artificial intelligence and machine learning technologies, cloud computing can offer data analysis that facilitates breakthroughs in medical research and patient care. In this post, Google Cloud talks 3 essential reasons that cloud computing can make a change in federal healthcare agencies.

 

7) How AI is Helping Government Agencies Deliver on their Missions

The Federal Data Strategy’s 2020 Action Plan released in December set the stage for how government agencies should prioritize data in the coming year. Since that time, many agencies have taken aggressive steps to turn their data holdings into strategic assets. One area of focus has been the increased adoption of AI and machine learning technologies. In my role, I work closely with the agencies and their data teams sitting on the front lines of this innovation. The early adopters who began their big data journey over the last few years are starting to see how data and predictive analytics can support their mission goals and create additional value for their stakeholders. In this post, Databricks walked us through examples of this implementation with teams across federal, state, and local agencies.

 

8) Creating Modern IDEA Compliant Citizen Experiences

Federal agencies are no longer expected to be just sources of information and services. They’re now tasked with providing digital experiences on par with those found on consumer sites. This starts with having a website compliant with the 21st Century Integrated Digital Experience Act (IDEA). It also means incorporating useful content, a personalized experience, and data management that allows non-technical stakeholders to update and maintain the site. In this post, Liferay’s Kale Fluharty dives deep into how to create a government compliant citizen experience using DXP with USWDS 2.0.

 

9) How Facial Recognition Can Keep Flexible Workplaces Safe

As state and federal agencies begin exploring hybrid workplace models and planning on how to keep employees safe as the COVID pandemic continues to evolve, compliance is a critical piece of the puzzle. Office reopening plans are only as successful as their implementation, and government organizations must be able to ensure that whatever precautions they put into place—from requiring masks and social distancing to keeping remote or revolving workstations secure—are effective. In this post, piXlogic’s Joseph Santucci explains ways that facial recognition can improve workplace safety, especially during a COVID-era in which employee accountability is imperative.

 

10) Leaders In Innovation: Identity and Access Management

Agencies have been learning the importance of identity and access management for nearly two decades, but, like many technological evolutions, the coronavirus pandemic has encouraged adoption on an entirely new scale. As remote work became the norm, agencies adapted to use technology like smart identity cards in new ways, enabling capabilities like digital signatures. These new features are secured by the common access card (CAC) in the Department of Defense (DoD) or the Personal Identity Verification (PIV) card in the civilian environment, and all follow the principles and strategies of identity and access management. In this post, we summarized the full Leaders in Innovation report which discussed the benefits and challenges of identity and access management.

 

Though this year presented its challenges, such as many companies moving completely out of office due to a global pandemic, Government Technology has evolved to expand its capabilities. During this struggle, we’d like to thank all of our authors, contributors and readers for their support within our community. We’re pleased to continue growing our blog and expanding our content, and look forward to bringing you even more in 2021.

Thanks for checking out our top 10 Community Blog posts for 2020! Come back soon to read our upcoming series on public sector IT trends that will be mission critical in 2021 – we will be taking a deeper look into: Workflow Automation, Artificial Intelligence and Machine Learning, Cybersecurity and Multicloud Technology.