DevOps, a combination of the words development and operations, is designed to smooth the frequently problematic handoff between an organization's developers and its operations staff. It is an operational philosophy that has technology developers and the operational team who will use the technology working together closely through the entire development of a technology solution. The goal of this approach is quick releases of solutions that have an immediate impact on how people do their jobs.
On the surface this sounds like a perfect fit for government, an "industry" in need of fast digital transformation to meet citizen needs. The DevOps promise of making application development quicker and cheaper is incredibly attractive to the government. However, the third part of the promise, collaboration, proves to be the most problematic as culture and process stand in the way.
From a culture perspective, organizations need to break down silos and create brand new teams focused on an application's output, rather than on tactical roles. To achieve this goal, individuals need to be empowered with autonomy and be enabled with strong communication skills to ensure everyone understands their roles and buys into the overall project objective. As U.S. Special Operations Command CIO Lisa Costa described it, "creating a DevOps culture is akin to practicing tactical shooting. You remove all extraneous movement, and that's how you get efficiency." She said her team focused on stripping away processes that had accumulated over the years but were not serving the objective of getting solutions out to the field quickly. Continue reading
This spring, the concept of supply chains became a household discussion as families searched high and low for household staples like toilet paper, flour, and hand soap. However, supply chain for government is more complex than the supply and demand driven model for consumer goods. Government supply chains involve monitoring for security and foreign involvement. This means knowing where all parts of a solution were manufactured, programmed, and assembled.
Gregory C. Wilshusen, director of information security issues at the U.S. Government Accountability Office, noted that "supply chains can be long, complex, and globally distributed and can consist of multiple outsourcing tiers. As a result, agencies may have little visibility into, understanding of, or control over how the technology that they acquire is developed, integrated, and deployed."
This lack of visibility is due in part to incomplete vendor reporting. Not only do vendors have to manage all the pieces of their solution, but they themselves may be managed by multiple organizations in an agency. Reporting happens through numerous tools and is siloed, making it difficult to get a full picture of the chain that led to the delivery of a solution to a government agency.
We've covered how government procurement is evolving to meet the way agencies implement and consume technology. From agencies' use of public cloud platforms to agile development methodologies, old acquisition methods are unable to keep up with the pace and process required by modernization and digital transformation goals across government. In fact, the Modernizing Government Technology (MGT) Act was implemented to allocate funds specifically for the update of legacy IT systems to help agencies improve service delivery to the public, secure sensitive data and systems, and increase efficiency. To meet these mandates, procurement processes and technology have to change to be more in tune with the digital transformations happening at the operational level.
The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.
With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.
Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.
With the government fiscal year starting in October, our Federal government gets a head start on their New Year's resolutions. As we launch into a new year--a new decade, even--we wanted to take a quick look at government technology priorities for 2020 and beyond.
Cybersecurity - In the past decade security has transitioned from a stand-alone technology that had to be added to planning and systems, to a utility-type service that is baked into every piece of technology deployed within government. This fall, Federal CIO, Suzette Kent shared her focus areas for the next year (and beyond) to include cross-agency information sharing, improved identity management, and increased workforce cybersecurity literacy.
Reskilling - The introduction of automation into administrative functions is driving a need for employees to be re-skilled. While machines are not taking over the jobs of humans, they are improving efficiency in many roles, freeing up time for people to take on more complex (and frankly, more interesting and more important) roles within an organization. Continue reading