While many agencies report managing multicloud environments, it’s critical to embrace DevSecOps to drive mission improvements and deliver ROI through artificial...
Commercial cloud adoption by federal agencies has moved to a third phase: improving mission delivery. Initial cloud use centered on R&D and hosting software development. Then came the goal of reducing the government’s data center footprint.
Now, said Bob Ritchie, chief technology officer at SAIC, a growing number of agencies combine multi-cloud use with a development, security and operations (DevSecOps) framework to establish an iterative approach to modernizing their technology use.
“Agencies that adopt the cloud to drive mission outcomes are able to move up the stack to DevSecOps and then get to a data-centric security posture that leads to leveraging artificial intelligence,” Ritchie said. This occurs, he added, “even in sensitive enclaves of data and at different classification levels.”
Ritchie pointed to SAIC’s work on the Air Force Cloud One program, a multi-cloud environment designed to develop and host mission-specific applications.
“It really personifies how cloud is a journey, and cloud maturity and multi-cloud maturity is a journey,” he said. As a sort of value-added broker, SAIC helps the Air Force use Amazon Web Services, Microsoft Azure, Oracle and Google clouds, each for optimizing a specific application.
The effort started out as a Phase 2 initiative focusing on how the service could leverage cloud for more efficient and optimal business systems, such as human resources or financial management, Ritchie said. One goal for the service was to free up funding that it could then devote to “winning the next fight and staying on the competitive end of defending our nation,” he said.
Now, the original cloud services providers host the business applications, while more recent additions, such as Google Cloud Platform, host activities like AI development, Ritchie said. “That has allowed us to evolve from what used to be a web app–centered business cloud to, now, a full-scale weapon system–enabling cloud ecosystem.”
Ritchie said using the cloud as a data center will only get an agency so far in terms of efficiency and savings. More effective is reengineering and reprogramming natively in the cloud, using agile DevSecOps methodologies, he said. That tactic lets an organization introduce automation and AI to speed processes and aid decision-making, Ritchie said.
“Getting to a position of decision advantage is really where we see the commercial cloud space being leveraged to the fullest extent,” he said.
A growing challenge for agencies is managing multi-cloud so that agencies can get the most value out of an array of providers. Ritchie said SAIC has developed a set of services, Cloudscend, that can aid agencies in their multi-cloud maturity journeys. SAIC starts with an exploratory exercise to understand an agency’s cloud maturity, from the individual system or application level to sustained, automated operations in the cloud.
With that information, an agency can plot a journey of explore, migrate and operate, Ritchie said, which “is then underpinned by continuous security that helps drive rapid and continuous authorities to operate.”
Those authorizations to operate (ATOs) are no small matter. ATOs rank high on agencies’ concerns for cloud operations, he said. To squeeze time out of the ATO process, an IT group should ensure each iteration of an application inherits the security from its preceding ATO version, he advised.
A speedy and reliable ATO process in turn frees up an agency’s propensity to innovate, knowing new functions, applications and mission deliveries won’t get buried in ATO approvals, Ritchie added.
SAIC conducted a cloud survey of federal officials ranging from IT people doing migrations up to C suite managers overseeing policy and acquisition strategy. It showed that nearly three quarters of agencies already view themselves as multi-cloud users, Ritchie said.
The results “buoyed our confidence that agencies are starting to appreciate that it’s not one size fits all,” he said. “No one cloud provider is going to give them everything that meets their diverse mission. They need this kind of heterogeneous ecosystem.”
Still, only 30 percent of respondents said they’d reached a high level of cloud maturity with respect to DevSecOps, automation and cultural adoption. A chief issue? The range of cloud options coupled with the vast array of services available from each CSP. That produces analysis paralysis, Ritchie said.
“That ties directly to why we established the Cloudscend solution set. That exploratory and analytic phase is key to not only understanding where you’re at in terms of your IT portfolio and your data centric security posture, but also where do you need to go from a mission perspective so that all of your modernization and migration trends are all aimed at that north star.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Chief Technology Officer, SAIC
Host, The Federal Drive, Federal News Network
Chief Technology Officer, SAIC
Bob D. Ritchie is vice president of the software practice with responsibility for leading over 4,000 software engineers in support of executive-level project teams, providing technical direction and expertise for SAIC enterprise modernization initiatives. In this role, he provides the strategic vision and roadmap for the software enterprise including training, investment, and research and development; provides surge support across programs through cross-functional DevSecOps teams; and oversees cloud native, app modernization, scaled Agile, intelligent software, and development accelerator directorates. In addition, he established the Cloud One Community of Practice and holds workshops and information sharing sessions to foster deeper understanding in the broader community.
Ritchie joined SAIC in 2006 as a senior principal software engineer. He has led several Agile teams in developing, modernizing, migrating, and operating resilient, highly available, enterprise-scale software systems across the Navy, Marine Corps, Defense Logistics Agency, and Air Force.
Prior to his current role, Ritchie served as director of software engineering at Capital One, where he provided technical direction within an engineering organization of over 500 spanning multiple areas of expertise. He oversaw and guided the successful completion of major programs, including the enterprise migration of over 400 distributed applications from legacy data centers to 100% cloud infrastructure. He instilled best practices and re-usable artifacts throughout the software engineering practice, highlighted by co-founding the Capital One DevOps Guild, an organization-wide effort to establish and adopt DevSecOps best practices.
Ritchie earned his Bachelor of Science focused in Computer Engineering from Virginia Polytechnic Institute and State University. He holds all nine AWS certifications.
Host, The Federal Drive, Federal News Network
Tom Temin has been the host of the Federal Drive since 2006 and has been reporting on technology markets for more than 30 years. Prior to joining Federal News Network, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.