3 speakers
Oct 5, 2022 2:00 p.m. ET
Duration: 1 hour
Cost: No Fee
The software factories that have sprung up throughout the Defense Department – and their embrace of DevSecOps methodologies – are a central part of how the Pentagon is thinking about modernizing its software development practices. But from the point of view of DoD’s top enterprise IT official, their growing role in the department’s technology development ecosystem is, in some ways, more of an evolution than a revolution.
The department released its first-ever software modernization strategy in February, and officials are now finalizing a more detailed plan to implement it. The strategy emphasizes the need to speed up software delivery times, including by better coordinating its existing factories to share code and commercial development tools across service boundaries.
Lily Zeleke, the acting deputy DoD chief information officer for information enterprise, said DevSecOps and the factories have maintained their importance while the CIO’s office – together with the department’s acquisition and research and engineering leadership – have worked to refine the implementation guidance.
But she said it’s also important to bear in mind that DoD isn’t new to the software development game.
“Ultimately, these are places where capabilities are already being developed. All software factories and the DevSecOps practice do is accelerate what we need to do to modernize the capabilities that we need. They seem sort of a mystery, but they’re really not. They’re sort of an evolution of development that we already do,” Zeleke said in an interview with Federal News Network. “Most of the ones you see are actually very mission-specific, whether it’s shipboard or airframe related, etcetera. We want to evolve the processes to make sure that we’re talking about the mission, the functionality, and what the software factories fulfill … that’s where the focus of some of the implementation plan is, when we put out guidance, these things need to be more at the forefront for our mission.”
The new software modernization strategy also serves as the latest iteration of DoD’s cloud computing strategy. It says the department needs a multi-vendor approach to commercial cloud services, and that it’s still a priority to migrate systems to the cloud.
But the emphasis isn’t on moving to the cloud for its own sake. Zeleke says the department now sees cloud computing as, first and foremost, an “enabler” for its technology modernization efforts.
“For us to be able to do all of the things we’ve outlined in the software modernization strategy, we need the cloud capabilities to enable the accelerated and secure platforms. We need commercial-enabled services and the ability to sort of move at the pace of the threat,” she said. “Of course, there’s clearly cloud-related initiatives and activities that must take place, but it is imperative that the cloud is enabling what we’re trying to do: modern software practices. So they really sort of go hand-in-hand with the initiatives that we have.”
The department is preparing to award contracts worth up to $9 billion as part of its Joint Warfighting Cloud Capability (JWCC) procurement. Awards to up to four companies are now expected in December after the initial award date – March 2022 – was postponed.
The JWCC approach differs from DoD’s previous, ill-fated JEDI Cloud contract in several key ways. Not only does it envision multiple vendors instead of one, but its use won’t be mandatory for DoD components who’ve already established their own contracts with commercial cloud providers. At least not initially.
“DoD and the military services have been doing cloud for a very long time, which has actually informed what gaps and what potential urgent unmet needs we have, like at the tactical edge and [outside the continental U.S. I really believe JWCC and the military services’ cloud offerings bring something to the table that we all need. So JWCC is a complementary capability, and not something that is trying to take over what the services are doing already,” Zeleke said. “As as the services run out their contracts and JWCC meets their needs, we certainly want to onboard them [to the new contract]. But I really honestly believe there’s so much that we need to do, based on everything we talked about in our software modernization strategy, that every single one of these cloud capabilities are going to be required.”
Meanwhile, DoD is trying to make sure the new cloud services it offers align with its future security models as the department evolves toward zero trust over the next five years. As part of the development of a forthcoming zero trust strategy, expected to be released any day now, the department has held talks with commercial cloud providers to make sure their environments can accommodate DoD’s model.
“I believe zero trust is the undergirding imperative to where we’re going with cloud and software based capabilities, and DevSecOps as the norm,” Zeleke said. “They go hand in hand: integrating cybersecurity with the process so you’re delivering secure at every stage, from end to end. Zero trust is not a widget you just put on to the cloud, it is really a conglomerate of cybersecurity requirements that are part of our system already. But that will evolve to make us fully compliant with zero trust.”
Learning Objectives:
Complimentary Registration
Please register using the form on this page or call (202) 895-5023.
Please register using the form on this page.
Have questions or need help? Visit our Q&A page for answers to common questions or to reach a member of our team.