By building on its use of DevSecOps, DoD can take advantage of technologies that lead to applications that are “secure by design,” explain IBM leaders at th...
Two new memos from February aim to bring some additional standardization around the development of software and how the military services and defense agencies continually secure those applications.
The next piece to this digital transformation puzzle is use of containerization and microservices, said Mike Libutti, senior partner and vice president, defense industry leader, at IBM.
With DoD moving more into commercial cloud services and keeping on-premises data centers, the combination of DevSecOps, containers and microservices will give the military services and defense agencies the best path to remaining agile, being able to scale and keep data secure, Libutti said.
“Containers have certainly increased rapidly in the development space over the past couple of years. There are some key attributes and some key benefits that you’re deriving from the use of containers,” Libutti said during a discussion at Federal News Network’s second annual DoD Cloud Exchange.
“First is the creation, portability and flexibility of workloads that you can move across multiple clouds and on-premise data centers. I think that’s an important piece because a lot of offerings today are looking to spin up containers within a particular cloud,” he added. “But the reality is we’re going to live in this complex cyber landscape. So you’re really going to need containerization capability that’s going to sit across the entirety of the entire ecosystem.”
Containers make it easier to modernize legacy applications by leaning on the microservices approach, Libutti said.
“It really will set you up for the future, modernization aspects such as refactoring of those particular applications,” he said. The speed and flexibility of containers in the cloud is unparalleled especially as DoD’s needs are ever evolving.
Trista Colbert, senior partner and vice president for hybrid cloud services for the federal sector at IBM, said one way to kick start the move to containers is through a shared service model like the Air Force’s Platform One, the Army Software Factory or from a container as a service offering in industry.
“Basically it’s a capability that allows you to very quickly to deploy your applications using container technology and then get on with the build out and deployment processes that come after that,” Colbert said. “Then, ultimately, you get to a point where you’re really comfortable managing those new applications or existing and enhanced applications.”
Changing the way DoD manages and modernizes applications over the last five years has required a significant culture shift. The workforce continues to adjust to this new mindset. The acquisition process still must evolve to support iterative and agile development processes. And, of course, the owner of the mission must expand involvement in development efforts.
“The real power of employing that model has really been around being able to get your development team very closely aligned with the security team and the operations team,” Libutti said. “They are involved much earlier in the whole solution delivery lifecycle, so that’s why you want to be going after the DevSecOps model and then tying in the point around the containerization.”
The DevSecOps approach with containers and microservices also lets developers take advantage of DoD’s new continuous authority to operate (ATO) authority. The ATO memo from February allows for an IT security approvals process that acknowledges the realities of modern software development and cyberthreats.
DevSecOps helps agencies deal with current and emerging cyberthreats and reduces the ability of developers to create new vulnerabilities as they modernize applications, Libutti said.
“You’re going to need to really look at that shift left paradigm in DevSecOps when you are baking security in up front. You’ve got a situation now where you’ve got predefined gates where you’re actually testing your security posture at those stages,” he said. “Now you’re really relying on the data from those tests and plowing that back into the front end of the development process. So, in turn, you’re identifying these issues earlier and then you’re correcting them early, so that at the end of the day, you’ve got a more robust, more secure capability.”
Colbert said what all of this is leading to is the concept of “secure by design” services, which many experts say should be the future of software development.
DevSecOps, containerization and microservices will make it easier for DoD as they remain in the hybrid cloud posture for the foreseeable future, she said.
“Leaders are really focusing on ways to truly maximize the value of cloud and what it takes to be successful with hybrid cloud. I definitely believe that there are ways to leverage different ways of working, much more automation, using a managed services delivery model as a real way to deliver new technology,” Colbert said. “Then, optimize your applications and cloud models once you’ve deployed those technologies around two key points: cost and performance. Both are really important.”
To listen to and watch all the sessions from the 2022 Federal News Network DoD Cloud Exchange, go to the event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
PMP, Senior Partner & Vice President, Hybrid Cloud Services, Federal Sector
Senior Partner and Vice President, Defense Industry Leader, IBM
PMP, Senior Partner & Vice President, Hybrid Cloud Services, Federal Sector
Trista Colbert serves as Senior Partner & Vice President, Hybrid Cloud Services - Federal Sector for IBM Consulting. In this role, she is responsible for IBM's federal portfolio of cloud infrastructure and managed service offerings that enable U.S. government clients to modernize, migrate, and manage mission systems while accelerating their cloud journey. Driving innovation and co-created client solutions, Colbert and her team guide Federal agencies to maximize the value of cloud by leaning into hybrid, multicloud technologies for enhanced speed and flexibility. Under her leadership, IBM is providing agencies such as the Departments of Defense, Veteran Affairs, Homeland Security, and Education with federally accredited, fully managed infrastructure and container platform services, powered by Red Hat® technology. With laser focus on compliance and security, Colbert's priority is helping Federal clients to do more, efficiently, at scale to digitally transform citizen services. She also serves as the Executive Champion for diversity & inclusion initiatives within IBM Consulting - Federal.
With over 25 years of experience in the tech industry, Colbert has a unique mix of strategy, operations, and program delivery expertise spanning both the private and public sectors. Prior to joining IBM in 2020, she was a commercial healthcare executive with Horizon Blue Cross and Blue Shield of New Jersey where she led federal and state policy and technology implementations.
Colbert is a devoted STEM advocate, HBCU supporter, and community volunteer. She serves on the Board of Directors for Washington Performing Arts, Our Lady of Good Counsel High School, and is President, Clark Atlanta University Alumni Association - DC Metro Chapter. Committed to making a difference in others' lives, she co-founded three endowed scholarship funds, enabling student success in K-12 & higher education.
Trista holds a Bachelor and Master of Science in Computer Science from Clark Atlanta University and an Executive Master of Policy Leadership from Georgetown University, McCourt School of Public Policy.
Senior Partner and Vice President, Defense Industry Leader, IBM
Mr. Libutti currently leads IBM’s consulting services business for the Department of Defense, including the Air Force, Navy, and 4th Estate client spaces. He has profit & loss (P&L) responsibility for a large-scale organization, managing all client relationships, setting the overall go to market strategy, and overseeing nearly 900 consultants across the delivery of a portfolio of consulting engagements. During his tenure, Mr. Libutti has led work in Artificial Intelligence/Machine Learning, Hybrid Cloud, Robotic Process Automation, Strategy, SAP and Oracle ERPs and Security.
Mr. Libutti combines his deep insight in the client space and knowledge across various offerings to drive innovation. Under his leadership, IBM is leveraging RPA to automate processes in the Procure to Pay space, using advanced AI/ML techniques, such as unsupervised learning, to detect anomalies in data sets, and producing thought leadership around approaches to leverage hybrid-cloud.
Mr. Libutti holds a Bachelor of Science degree in Finance from Penn State University with a minor in Legal Environment of Business and a Master of Business Administration degree from the University of Maryland.