As agencies move more and more applications and data to public cloud services, they will need a way to manage information across multiple environments.
Enterprise software as a service offerings can help manage that integration process, while ensuring applications and data are secure, said Campbell Webb, senior vice president of infrastructure and platform engineering at Workday.
“It allows you to maintain that that single system of record for your most sensitive data like [human capital management] data or finance information, but you also want to select the technology that employs a modern development pipeline,” Webb said during the Federal News Network Cloud Exchange 2022. “We sometimes call this CI/CD (continuous integration, continuous delivery), where new features or bug fixes or even security patches are applied to your service incrementally each week without downtime. And this is really critical with day zero security events. We saw this most recently with obviously Log4j.”
The Log4j vulnerability emerged late last year. The critical bug in the open source, Apache software logging utility sent security teams scrambling because of its use in millions of products and applications. Agencies were directed to patch instances of Log4j on their networks within weeks, but cybersecurity experts expect unpatched instances of Log4j will continue to be discovered for the next decade.
Aiming for adaptable and seamless
In addition to a strong release pipeline, Webb also recommends that agencies look for services that are extensible, meaning they allow for the creation of new capabilities.
“You need to be able to provide a development platform that supports the creation of custom applications or reports when necessary but still maintains the same security model as the base service,” he said. “And then of course everyone wants a modern browser and mobile user interface experience that resembles many of the consumer applications that we use in our daily lives. And I think with an intuitive UI and effective search capability, it really makes implementing the application much more seamless.”
Agencies will also need to find providers that best fit their individual needs. The FedRAMP website shows more than 200 authorized software as a service offerings in the marketplace.
Additionally, constantly evolving business models and technologies require agencies to ensure they have a modern IT platform that can keep up, Webb says.
“You want to focus on one that has a modern platform that can quickly adapt to the changing nature of business,” he said. “Today, employees seek flexible working hours, and it could be in the form of gigs, part-time work or even remote work. And this change impacts everything from how you perform talent acquisition to reporting and payroll. You need to be able to be empowered to make the changes to adapt your business flows really quickly within the application.”
Planning for the future
Agencies also should think about how the use of an application could grow within their organizations.
“Whether you’re only a few employees or a million employees, you really want an enterprise SaaS solution that maintains the same code base throughout,” Webb said. “This is going to avoid a lot of unnecessary system integrator engagements and a lot more testing. It also allows you to quickly migrate your application should it be needed between say boundaries. If you’re moving from a FedRAMP, moderate boundary to a FedRAMP high boundary or even moving across regions, you want that to be a really seamless exercise.”