Operational Readiness and Modern Cloud Services

What Does It Mean to Be Ready?

Supporting agility by redefining how we deliver capability

What are the attributes of a ready force? And how much readiness is enough? The Department of Defense defines readiness as: “The degree of preparedness and responsiveness of our forces that allows me to deploy them with little notice in response to government direction. It’s the ability to get the right people, with the right skills and the right equipment, into the right place at the right time and to sustain that for as long as government requires.” They further go on to talk about “The capability of a unit/formation, ship, weapon system or equipment to perform the missions or functions for which it is organized or designed.” But what about asking it to perform beyond the functions for which it was designed? For that we need rethink how we deliver a capability.

The most basic element of understanding readiness is knowing what types of wars the military must be prepared to fight. This includes potential adversaries it could face; the capabilities these adversaries are likely to possess.

Figure 1: Data taken from Lawless, Cherwell. “COVID as a Catalyst: The Rise of the Remote Workforce.” Harvard Business Review OnPoint Winter 2020

For many organizations, COVID was a catalyst. It shined a light on organizational agility. That is, the ability of an organization to change – and change quickly. The ability to pivot, absorb and adapt has taken center stage in terms of organizational productivity. And this helps us to understand how very important “agility” is to operational readiness. Meaning, once we train and become “ready” – our ability to carry out our mission will be tied to how agile we are. We will not completely understand our enemy’s strengths and weaknesses. Our ability to fight and win will be predicated by our ability to pivot and make decisions faster than they do.

As seen above, productivity suffered for organizations that lacked agility. Conversely, productivity increased for organizations that embraced agility – those that practiced absorbing and adapting to new threats.

Build, Increase, Thrive

In 2020, the bipartisan Congressional Research Service published a report that explored the concept of readiness in more detail and identified three phases to the readiness-production process: (1) Building initial readiness, (2) increasing readiness, and (3) sustaining readiness. But if you break readiness down to “people” and “assets,” you see that people are capable of increasing their readiness; whereas assets (e.g., tanks, guns, trucks, planes, etc.) are typically in “sustainment” and actually depreciate. Traditional software development has been treated like a depreciating asset – but that’s changing. The latest approaches to developing, securing, and operating cloud solutions look to continue increasing capability, even after deployment. Getting into the field is seen as an opportunity to enter a new “iterative process” as seen in Figure 2 below where cloud-based solutions can “pivot and improve” to better support mission agility.

This military production line begins with untrained personnel and ends with a final product that is a capable military force (i.e., a military unit) in the form of ready warfighters. This linear “readiness production process” can be broken into three fundamental parts: (1) building initial readiness, (2) increasing readiness, and (3) sustaining readiness.

Modern cloud services can be seen in a very similar way – and offer advantages not seen in the physical world. For instance, after D-Day (deployment), can we ask more of an asset than what it was initially built to do? It’s impossible to add a new fire control system or depleted uranium armor to an M1A1 tank after it has been deployed. While an M1A2 variant can start back at step 1 and be built with these improvements, we know that a tank simply can’t pivot and adapt at this level in the field. Traditional software also fails to pivot and adapt after it is deployed.

Modern cloud services have an advantage here: When the development, security, and operational (DevSecOps) aspects of a cloud service are done right, we can consider updating production software in a continuous manner – securely and at a pace that improves readiness. This is where solutions can absorb, retool, and innovate: Increased mission agility.

Figure 2: The assembly line for readiness – “The Fundamentals of Military Readiness,” Congressional Research Service, October 2, 2020

Cloud Services and the Breakthrough Moment: DevSecOps

DevSecOps brings agility to operational readiness

Scalable “Infrastructure as code” was brought to us by the Hyperscalers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc.). As applications were layered on top, three main types of cloud services emerged: Software as a service (SaaS), platform as a service (PaaS) and finally, infrastructure as a service (IaaS).

  • SaaS – here we group all the enterprise applications services (e.g., Supply Chain Management, Enterprise Resource Planning, Human Capital Management, etc.). All the “back office” systems that form the core of how we manage and optimize assets.
  • PaaS – the platforms we use to develop custom or specialized software. Think of these as advanced DIY kits to build the software that is unique to your organization – or that hasn’t been built to address your specific needs. This is about rapid application development of analytics or AI or truly unique, “tip of the spear” mission applications.
  • IaaS – the “infrastructure as code” (IaC) layer from the Hyperscalers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc.). This is the virtual set of services (compute, storage, networking, containerization, etc.) that transformed the “data center” into the cloud. IaaS supports automated builds to materialize a virtual set of servers, networks, firewalls, etc. in a consistent and rapid fashion.

The “break-through” moment and possibly the most important aspect of the cloud is how all of this is brought together, securely, efficiently, and continuously. The entire solution stack (e.g., applications, platforms, servers, etc.) is now code; code that can be scripted, managed, governed, monitored, audited, etc. This is a catalyst for software developers to completely rethink how software is developed, secured, and operated (DevSecOps). This is what allows us to quickly build and deploy innovation, securely – so that they can perform beyond what they were initially built to do. With its Continuous Integration / Continuous Delivery (CI/CD) Pipeline, DevSecOps can have tremendous impact to a solution’s mission assurance level.

  • More Resilient: Automated build, from infrastructure to application. Dramatically better disaster recovery characteristics (i.e., Recovery Point Objective, RPO, and Recovery Time Objective, RTO)
  • More Defensive: Addressing zero-day threats, quicker with automated scanning, patching, and deployment.
  • More Offensive: Adding new capabilities on a daily basis. On the commercial side, vendors are releasing updates to production services daily. For them, constant innovation is the only way to stay on top.

Much like a modern assembly line, DevSecOps from SAP NS2 leverages automation as a force multiplier to seamlessly integrate the overall build process – and do it continuously. Traditional development and operations teams have long used a “many hands make for light work” approach. But manual labor with this level of complexity simply doesn’t scale. The goal is “lights out” automation – where automation takes care of setting up software and keeping it in a known good state.

Figure 3: SAP NS2, a Secure Software Factory – Transforming Commercial Innovation into Government Cloud Services

Economies of Scale and Multi-tenant SaaS

Operational Readiness benefits when we “live in a community”

The traditional approach to building software resembles an isolated, single-family home. A single house could be built with its own power generation, well water, and septic field. A more efficient and effective approach would be to build your house in a community where you’d share utilities and infrastructure. Given the economies of scale, the price to build, run, and maintain a home within a community would be cheaper. The shared services (e.g., electrical grid, water, sewer, etc.) would likely be better, too. Benefits would apply to security as well with a larger, dedicated, and better equipped police force; something an isolated home just couldn’t justify. When this analogy is put into the world of cloud computing, we refer to this as single tenant (house) vs. multi-tenant (community of houses). In Multi-tenant SaaS, many agencies (cloud tenants) can share application services without sacrificing security or their uniqueness. Vendors can invest more for a community solution than single tenant solution. With this larger investment comes better security, better support, and continuously updated software.

Should we be concerned with the security of multi-tenant SaaS? No. The U.S. Federal Government has paved the way for shared services like this with their overarching security framework for cloud services, called FedRAMP – Federal Risk Assessment and Management Program. It is based on the National Institute of Standards and Technology (NIST) specifications for a Risk Management Framework (RMF) and a set of security controls. The security controls map to increasing levels of data security and can be inherited. For example, SAP NS2 adds application specific security controls on top of the AWS infrastructure security controls for a combined security assessment and authorization. This authorization is common / acceptable to all U.S. Federal Agencies for unclassified cloud solutions and delivers on FedRAMP’s goal of providing a streamlined and standardized process, called their “Do Once, Use Many Times” model. This helps all agencies accelerate their modernization efforts.

SAP NS2 currently operates three multi-tenant, community clouds for SAP SuccessFactors – a Human Capital Management Solution. SAP NS2 receives the base innovation from the “parent,” SAP, then transforms it into a secure, government cloud SaaS. DevSecOps / Automation investments are leveraged across all environments with increasing NIST security controls to support higher levels of data protection. In this way, a CI/CD pipeline is setup to pull from the $5B R&D spend of a global commercial company and deliver it securely to the U.S. Government.

Figure 4: SAP NS2’s Secure Software Factory leverages investments to serve 3 government markets

SAPNS2 Enterprise Cloud Solutions

SAP offers a broad portfolio of secure and agile cloud services for government. Two enterprise solutions in particular support military readiness: digital supply chain technology (DSC) and human capital management technology (HCM). Both have proven to be extremely important over the last two years with the global pandemic; Both are developed, secured, and operated in the SAP NS2 Secure Software Factory.

Supply Chain Management and the “Digital Twin”

SAP NS2’s digital supply chain technology (DSC) helps get the right people, the right assets, to the right location, at the right time. In the past, complex problems like readiness have been broken into smaller concepts that execute in isolation, which has led to led to functional silos. Unfortunately, software built under this framework has been designed to address the functional needs of each independent silo. SAP’s DSC solution overcomes siloed approaches. It’s built around a comprehensive, end-to-end view. From the supplier to the consumption point and everything in between, we focus on agility productivity, connectivity, and sustainability.

A digital twin is a virtual model of a supply chain. SAP’s application provides a complete view of the entire supply chain in real time: Inventory levels, equipment in transit, demand and consumption profiles, and more. Each group in the value chain has its own view, with predictive capabilities that allow for the evaluation of different scenarios. For example, what if a port is closed or a supplier is offline? SAP’s DSC technology also incorporates AI and ML. The AI component represents the experience of experts in modeling and automating aspects of the supply chain. The ML component actively shapes the algorithms for continuously improving performance so that, ultimately, the warfighters receive the right equipment at the right time. Information such as cargo delays in geographic areas of concern.

Readiness and Human Capital Management

The military’s ability to build, increase, and sustain readiness always comes back to its people. Readiness depends on having the right people with the right competencies and experience in the right places at the right time. SAP offers an integrated talent management solution that focuses on recruitment, onboarding, performance, goal setting, and development. It feeds off a common “competency data pipeline,” so that decision makers can tie dashboard insights to an overall state of readiness. For example, comparing expected with actual competency ratings, they can discover competency gaps across the entire organization. Or they can use Workforce Analytics to correlate competency data with retention and better understand their training or recruitment needs.

Contact us today to learn more about how SAP NS2 can support Cloud-Enabled Software Development and help your team meet agency success.

The DoD’s Move to 5G Infrastructure and Devices

 

Over the last several years, the discussion around 5G moved from hope and planning to pilots and test beds. Now agencies and industry are on the cusp of a 5G reality. Agencies already are spending billions of dollars on these 5G tests and now the Federal Communications Commission and others are providing more money to further roll out 5G infrastructure. Taken altogether, 5G is close to that tipping point where a technology become ubiquitous. The FCC has allocated $9 billion to roll out 5G infrastructure across rural America. Meanwhile, the Defense Department and the Coast Guard already are seeing the benefits of 5G to servicemembers. Hear from leaders at DoD, the Coast Guard, FCC and CISA on how 5G can bring new capabilities and innovations that allow agency personnel to experience data, training and operations in ways not possible before in the latest Federal News Network Expert Edition report.

 

Enterprise-Grade Security Is Vital for Secure 5G Infrastructure

“Top of mind regarding 5G benefits is security. To be fair, 5G also comes with its own risks: The rapid proliferation of endpoint devices enabled by 5G means a massive expansion of the threat surface. And because most of those devices are mobile or sensors, they’re not secure to begin with. But 5G also enables the solution to these problems. For one thing, it adds heightened authentication, which is important because the biggest vulnerability to a network is the user. Users can add malicious software to devices, which can access data they’re not supposed to or influence the way the network operates.”

Read more insights from Palo Alto’s Senior Systems Engineering Specialist for 5G and Mobility, Bryan Wenger.

 

How DoD, IC Can Adopt Commercial Tech in the Mission Space Through Industry Co-Innovation

“From an operational perspective, technologies like 5G are going to exponentially increase the amount of data available within the enterprise, because nearly anything can become a sensor. That means, for example, in the area of contested logistics, the DoD will be able to have greater understanding and visibility into its supply chain nodes. More accurate inventory and consumption levels will provide better insight into the demand signal and allow for automation through a logistics system. It’s a smart depot all the way down to the individual soldier, but this makes it all the more critical to properly manage this data. This is an area where commercial technologies are well established and proven to work.”

Read more insights from SAP NS2’s CTO, Kyle Rice.

 

IIG FNN 5G Edition Blog Embedded Image 2021Neutral Host Networks, Private LTE Can Give Agencies Greater Flexibility, Security

“Neutral host networks can provide agencies with more autonomy and control over their networks. For example, a federal facility can set up a neutral host LTE network to mimic security controls they would usually use on their enterprise Wi- Fi. That also provides an infrastructure separate from service carriers in that area, but that is also capable of supporting and extending the service range of those carriers. In many remote or rural areas, there aren’t enough subscribers to justify investment in a large-scale LTE deployment. Federal agencies could potentially sublease a network as a revenue stream or cost offset. It’s like paving a road with private funds, then setting up a toll booth to cover the cost.”

Read more insights from Dell’s Lead System Architect, Chris Thomas.

 

JMA Brings Savings, Flexibility to 5G with Software Virtualization

“Virtualization is when you take something that used to be done in hardware, and you do it in software. Take your phone as an example: You used to have a dedicated iPod to do your music, and now it’s an application on your phone. The same thing can be said now in mobile wireless. At a cell site, you used to deploy numerous racks of equipment, to do what’s called the RAN function, the radio access network function. We at JMA take those racks of equipment, and we’ve now converted that into a 100% software solution that we call XRAN. Others in the industry have also converted RAN into software, but they still rely on specialized hardware accelerators. JMA’s is unique in that it provides 100% 5G capability in software.”

Read more insights from JMA’s Senior Vice President for the Federal Market, Andrew Adams.

 

Download the full Federal News Network Expert Edition report for more insights on the future of 5G from Carahsoft’s technology partners and leaders at DOD, the Coast Guard, FCC, and CISA.

Advancing the Art of Data Analytics

Within days of the transition of the presidential administration, the new administration emphasized the centrality of data in addressing both the COVID-19 pandemic and racial inequity. Before that, laws and initiatives such as the Foundations for Evidence-Based Policymaking Act of 2018, Digital Accountability and Transparency Act of 2014, and Federal Data Strategy pushed agencies to build their capacity for data-driven operations. This overall goal has led many agencies to create and appoint data-focused roles, including senior-level chief data officers (CDOs) and first-ever data analysts. They have begun advancing data strategies and investing in solutions. But through these mandates and government-wide initiatives, how can agencies bring their goals and strategies to life to address their most pressing problems? Four basic areas of data competency – governance, security, literacy and ethics – are key to becoming a data-driven agency. Additionally, to carry out a data strategy, an organization needs to ensure that its staff has all the necessary skills. In December 2020, the Government Accountability Office (GAO) emphasized the importance of making data competency part of an agency’s culture. That same month, as part of the Federal Data Strategy, GSA released the Data Ethics Framework to help encourage ethical data decision-making throughout the federal government. Download the guide to read more about how agencies at the Federal, state, and local levels are updating their data strategies with the latest technology.

 

Before You Start Data Governance…

“Once agencies have a strategic plan in place, they can begin to set the regular rhythms of using the data. The processes and procedures should be a well-documented plan that deals with day-to-day technology needs. Externally, it’s important to establish a communications plan that standardizes interactions with data users throughout the data lifecycle. Internally, it’s critical to create procedures that allow data management platform operators to manage services in a reliable fashion, whether that’s DevOps or backup and recovery. Ultimately, these processes should all indicate a measure of trustworthiness to data stakeholders. SAP NS2 can provide a data platform that agencies can rely on, in turn.”

Read more insights from SAP NS2’s Principal Business Processes Consultant, Michael Towles.

How to Develop Strategic Value From Your Database

“Even if they would like to, agencies can’t replatform every legacy application they have. That’s why a strategic way to prioritize development initiatives is to start new efforts with the best technology. Moving toward a modern infrastructure out of the gate will save time and effort in the long run, Leech said, particularly if it works the way people work today. For instance, relational databases are traditional storage tools that have been around for 40 to 45 years. People use data differently now, and tools like MongoDB’s document database solution keep that in mind. It functions as an operational layer over huge data repositories to help agencies extract the most applicable data for their mission, and securely through enterprise tooling.”

Read more insights from MongoDB’s Regional Vice President for the Public Sector, Brent Leech.

IIG GovLoop Data Analytics Blog Embedded Image 2021How Automated Analytics Can Fuel Digital Transformation

“Deriving data insights through analytics is no longer just nice to have – it is critical for the operation and improvement of government, especially in times of crisis. But there are many challenges to deriving insights, whether that’s having the data available to analyze or having the right skills to analyze the data. Automation can help. For years, agencies have strategically adopted digital technologies to transform their business processes and services. But according to a 2018 McKinsey report, only a third of initiatives have succeeded. Those who succeeded were able to flourish because they converged these three pillars for digital transformation: data democratization, process automation and people upskilling. Analytic process automation (APA) meets all three needs at once by addressing the whole analytics lifecycle through one unified platform.”

Read more insights from Alteryx’s Solution Marketing Director’s Andy MacIsaac.

 

How to Drive Mission Value with Your Data Governance

“When it comes to data governance, the best defense is not necessarily a strong offense. Data governance, the policies and processes that define how data can or should be used, ought to be focused on supporting an organization’s mission and its operational goals. Unfortunately, many government organizations take a defensive approach, focusing governance efforts on compliance. This creates rigid organizational practices that leave agencies unable to adapt to changing circumstances. The solution? Adaptive data governance. This flexible governance structure not only ensures compliance but also helps accomplish mission objectives amid change through empowering collaboration.”

Read more insights from Collibra’s Senior Vice President of Public Sector, Aileen Black.

 

How Data Analytics Complements Institutional Knowledge

“We are 90 years old, and we have been operating with a unique model since our founding. We provide library materials to Americans and individuals with disabilities. And we generally ship those materials around the country — print braille and audio cartridges via mail. Now, we’re going through an organization-wide modernization that is probably the biggest change in our operating structure since we’ve been founded. And we are shifting from a predominantly U.S. mail-based delivery mechanism to a predominantly online streaming-based mechanism. The idea with creating my position was to ensure we had the right data organization-wide to serve our patrons as best as possible, to make sure we are providing them with everything they need throughout the course of this modernization.”

Read more insights from the National Library Service for the Blind and Print Disabled’s Data and Analytics Officer, David Spett.

 

Cutting ‘Data Gems’ to Train Census Data Users

“Before, we only offered data training to the public via webinar or in person, and these had to be provided based on request. So, you had to know we existed and you had to be knowledgeable about our services. And an organization could request one of our trainings, but it was only available at that time for those guests of that organization. It simply wasn’t accessible to everyone who needed it at all times. Think of a grant writer with a deadline at midnight and they need help, say, two hours before the clock. There’s no workshop for them, no presentation. A person like that is more likely to start Googling information. So we felt there was a gap there. We needed to put content for that user, who may not even visit our website but is in need of our data and in need of our help. That’s how we came about to develop the concept of Census Academy.”

Read more insights from Census Bureau’s Co-Found of Census Academy and Supervisor of Data Dissemination and Training Branch, Alexandra Barker.

 

Download the full GovLoop Guide for more insights from these Data Analytics thought leaders and additional government interviews, historical perspectives and industry research on the future of Data Analytics.

Agencies Build Foundation for DevSecOps Success

Since the development of the internet, IT professionals have been in an “arms race” with bad actors. DevOps emerged as a way to restructure the development process by bringing developers and operations teams together to create new applications, thus ending the cycle of vulnerabilities and software patches. But security still needed a seat at the table. The newest approach is DevSecOps — both a software engineering approach and a culture that promotes security automation and monitoring throughout the application development lifecycle. DevSecOps is designed to break down barriers to collaboration among development, operations and security teams so they all can contribute to creating new applications. Organizations can deploy new apps with secure, efficient, functioning code — but with security as the foundation. To learn more about how your agency can use DevSecOps to reduce lead and mean time, increase deployment frequency, and cut operation costs almost in half, get up to date with “Agencies Build Foundation for DevSecOps Success,” a guide created by GovLoop and Carahsoft featuring insights from the following technology and government DevSecOps thought leaders.

 

Embracing Machine Identity Management

“One of the advantages of modern IT services is that they leverage both physical machines (computers and other devices) and virtual machines (e.g., applications, containers and code) to exchange data and execute tasks without human intervention. That makes it possible to design services that are fast, flexible and reliable. But it also raises an important security question: How do you know whether those machines can be trusted?  That’s a question of identity management.”

Read more insights from Venafi’s Senior Product Marketing Manager, Eddie Glenn.

 

The Playbook for Innovating Quickly, Expansively and Securely

“Government adoption times can be taken for granted – people aren’t surprised when something takes three years to build or 12 months to implement. Those are common refrains that often go unquestioned. They shouldn’t. Cloud changed the game by allowing agencies to spin up networks instantaneously. And that was just the beginning. Throw in microservices architectures and agile development methods that have security and operations built in; now you’re getting down the court, faster than before.”

Read more insights from SAP NS2’s Cloud Director, Dean Pianta.

 

How Developers Can Become a Security Asset

“When it comes to security, IT experts often talk about the importance of “shifting left,” that is, addressing security earlier in the development lifecycle. But it’s not just security that shifts left with DevOps. In traditional IT environments, developers were expected to adhere to a detailed IT architecture, which was updated periodically. To take advantage of today’s rapid rate of innovation in technologies and architectural approaches, agencies need to give developers more leeway to decide what languages, toolsets and capabilities they might need to build an application.”

Read more insights from Red Hat’s Cloud Native Transformation Specialist, Michael Ducy.

 

IIG GovLoop Dec. DevSecOps Blog Embedded ImageEnabling Agencies to Succeed with DevSecOps

“Instrumentation provides benefits both to the application security team and to developers. For the application security team, the tool soup approach often results in so much data, and so many false positives, that they have a difficult time gleaning intelligence from it. The unified picture provided by an instrumentation platform eliminates the noise so that the team can identify and remediate problems quickly. Instrumentation can also provide accurate feedback directly to developers, so that they can fix vulnerabilities as part of their normal work.”

Read more insights from Contrast Security’s Co-Founder and CTO, Jeff Williams.

 

DevSecOps Teams Require a Robust Orchestration Platform

“DevSecOps, by definition, is intended to promote collaboration among the development, security and operations team. But Chow emphasized that such collaboration needs to begin at the outset of a project, when defining the goals and strategy for a project. The idea is to define the overarching goal or mission of the project, then have each team prioritize their own needs and goals as it relates to that mission, said Chow. Those secondary goals become the building blocks for the strategy and shapes the development and orchestration of the application pipeline, he said.”

Read more insights from F5’s Senior DevOps Solution Engineer, Gee Chow.

 

How Culture Drives DevSecOps Success

“’When people talk about DevSecOps, they often focus on improving communications between developers and the security team. But organizations need to foster open and transparent communications at every layer of management, from the top down,’ Urban said. In particular, developers can benefit from understanding how their work fits into the larger mission – and why particular security constraints are important. ‘Good healthy communication means staying as open and transparent as you can be without compromising that security,’ he said.”

Read more insights from Atlassian’s Public Sector Evangelist, Ken Urban.

 

Modern Cloud Security Requires an Agile Approach

“Automation also paves the way to change how agencies approve IT systems for use. In a standard Authority to Operate (ATO) process, a system owner must implement, certify and maintain required security controls. The problem is that certification is based on a snapshot in time, whereas in modern cloud environments, change is constant. Systems can ’drift’ from compliance over time as new threats arise. Modern cloud solutions offer architectures leveraging containers that perform discrete tasks within a microservice environment and are in constant flux with application updates, vulnerabilities/threats, policies, etc.”

Read more insights from Palo Alto Networks’s Chief Security Officer of Public Cloud, Matt Chiodi, and Senior Product Manager, Paul Fox.

 

DevSecOps Drives Change at the Air Force

“Another challenge is how to change the culture at government agencies that are not used to major shifts in culture and may actually be averse to it. DoD is still full of silos, he said in October 2020 during Amazon Web Services’ National Security Series. ‘It goes down to even like basic partnerships.… We have so many silos and that’s really part of the reason as to why we cannot really scale things, and why we reinvent the wheel and why we don’t do very well with enterprise services,’ Chaillan said.”

Read more insights from Air Force’s Chief Software Officer and Head of Platform One, Nicolas Chaillan.

 

Army Futures Command Makes DevSecOps a Long-Term Priority

“For agencies thinking of starting DevSecOps programs, Errico has advice: ‘Spend time conducting industry analysis of use cases both inside and outside the federal space. This is very much an emerging technology, and you have to figure out the right way it will fit for your organization. That takes time and thoughtful, honest analysis.’ Once the commitment is made and a DevSecOps program is in place, he said, comes the challenge of maintaining — and expanding — cultural change.”

Read more insights from the Army Futures Command’s Software Factory Lead, Maj. Vito Errico.

 

U.S. Transportation Command Cultivates a Team Mindset

“Unlike Platform One or the Software Factory, the DevSecOps program at U.S. Transportation Command is embedded in a unified, functional combatant command that provides support to the other 10 U.S. combatant commands, the military services, defense agencies and other government organizations. That means it serves many kinds of military organizations, providing strategic mobility capability through its own vast infrastructure of people, information systems, trucks, aircrafts, ships, trains and railcars. It also means the command may consider itself a transportation organization or a strategic logistics organization, but it doesn’t necessarily view software as an essential element of its mission in the way the services do, for instance.”

Read more insights from U.S. Transportation Command’s Chief of DevOps, Christopher Crist.

 

Download the full GovLoop Guide for more insights from these DevSecOps thought leaders and additional government interviews, historical perspectives and industry research on the future of DevSecOps.

Best of What’s New in Cloud Computing

This may be a make-or-break moment for jurisdictions newly converted to the cloud. As state and local governments scrambled to respond to new COVID-driven requirements, cloud-based contact center platforms, chatbots and web portals helped multiple states and localities quickly scale capacity for unemployment insurance and social services programs. In addition, cloud-hosted video collaboration platforms helped agencies shift employees to remote work on the fly and virtualize public meetings. IT leaders must now evaluate and rationalize the multiple cloud solutions they adopted so quickly. Now is also the time to look at cost optimization for cloud solutions. The COVID response has showcased real-world benefits of the cloud — and that experience is likely to accelerate a trend that was already underway as governments focus more attention on modernizing old systems and applications in the wake of the pandemic. Read the latest insights from industry thought leaders in cloud in Carahsoft’s Innovation in Government® report.

 

Cloud Migration as a Path to Modernization

“While there may be an increase in initial costs associated with modernizing legacy technology, the economics strongly indicate that maintaining dated infrastructure is more expensive in the long term. The biggest hurdle organizations face when migrating to the cloud is unpredictable costs. The cloud offers tools and resources to optimize investments and plan for the costs associated with migration. In addition, properly planning your move to the cloud helps agencies accurately budget for such a transition. When they do this correctly with the guidance of a strong partner, state and local governments see significant cost savings.”

Read more insights from the Partner Development Manager for Carahsoft’s AWS Team, Sehar Wahla, and the Sales Director for Carahsoft’s AWS Team, Tina Chiao.

 

How Does Evolving Cloud Adoption Impact Security?

“One approach is to standardize processes — think NIST or MITRE — so you have a common framework and language for measuring things like risk and attacks. That helps normalize the differences between cloud and traditional security so security teams can better understand what a risk actually means in a cloud environment. On the technology side, traditional threat profiling needs to move beyond the viruses and ransomware conversation and move toward user and entity behavior management, which looks at how users normally access and use an application. Organizations also need to articulate how separate applications securely exchange data for things like enterprise analytics. This is a nascent use case, but it has implications for critical systems where data integrity is important.”

Read more insights from McAfee’s Chief Technology Strategist, Sumit Sehgal.

 

IIG GovTech Dec. Embedded Image

“The biggest challenges include security, cost, having the technical expertise to successfully migrate into these hybrid environments and understanding which applications are best suited to run there. Organizations often spend a lot of time and money and introduce security vulnerabilities because they try to move applications that are not designed to run in a cloud environment. With the pandemic, organizations are under pressure to rapidly move their workforce into cloud environments. There can be a tendency to cut corners to save time, but these sacrifices can also create vulnerabilities.”

Read more insights from SAP NS2’s EVP of Software Development, Bryce Petty.

 

Paving the Way with Open Source

“There’s a realization that the cloud isn’t a silver bullet and that to be successful, organizations need to look at cloud adoption holistically. They need to take best practices into account when it comes to securing the environment, training and enabling staff, and even engaging in the procurement process. Open source supports a cloud smart strategy by helping eliminate vendor lock-in risk and technical debt. By using open source technology and an open source cultural process — where there’s transparency, collaboration and the ability to iterate quickly — organizations can solve their business problems and adapt their requirements based on emerging best practices. They’re not beholden to proprietary systems that may create friction for innovation and are potentially costly to replace, upgrade or move to the cloud.”

Read more insights from Red Hat’s Emerging Technology Lead, Frank DiMuzio.

 

Download the full Innovation in Government® report for more insights from these government cloud thought leaders and additional industry research from GovTech.