Insight by Red Hat

Hybrid IT environment opens the door for agencies to modernize

The Popularity of DevSecOps

By having the security team in the middle between the developers and the operations and automating as much as possible that allows you to go from code to running workloads as fast as possible. As people commit code into the repository, you have these robots that start building the application and they do unit tests where they check the code to make sure it doesn’t fail against known use cases.

Why Hybrid IT

There are a lot of opportunities for people to move to the cloud, but the reality is as you do your application modernization there may be some workloads that wouldn’t be a good candidate to move to the cloud or you may want to retire it in a couple of years so the net new work to do a migration isn’t worth it.

The authority to operate (ATO) process–the bane of many CIOs and developers existence in the federal sector.

It is one of those necessary evils of federal technology.

But it’s such a problem that agencies over the last five years have been trying to figure out a way to make it go faster and cost less.

GSA’s 18F organization came up with compliance as code to cut down on the time and cost to get an ATO.

Other agencies such as the National Geospatial Intelligence Agency and the Air Force have come up with similar approaches to the ATO process.

One reason agencies are having this discuss is the widespread acceptance of dev/sec/ops and agile development.

According to the latest data on the federal IT dashboard, 58 percent of all major IT projects are using an iterative or agile approach to development.

And hopefully this means they are building in security as they go.

This dev/sec/ops approach also allows agencies to be more innovative by developing microservices that can be secured, shared and implemented quickly.

As agencies continue to live in a hybrid IT environment, the dev/sec/ops or agile approach to development becomes more important for agencies as they strive to make services for citizens easier and more convenient, and meet their missions in new ways.

David Egts, the chief technologist for Red Hat North America Public Sector, said dev/sec/ops can lead to security, innovation and overall success, especially as more and more back-office and mission applications move to the cloud.

“There are a lot of opportunities for people to move to the cloud, but the reality is as you do your application modernization that may be some workloads that wouldn’t be a good candidate to move to the cloud or you may want to retire it in a couple of years so the net new work to do a migration isn’t worth it,” Egts said on the Innovation in Government show. “The whole thought of having that open substrate that allows you to standardize on something and be successful in your private data center and extend that into the public cloud allows you to train people on one set of technologies and move to the cloud at the pace that they feel comfortable. But by having that the same, they can accelerate their movement to the cloud because it’s something that they already know and are familiar with.”

Egts said by implementing open standards and open source technology, agencies can move applications and systems more easily between a private data center and the cloud.

This also means agencies can more easily automate security tests, which accelerates the implementation of new capabilities.

“By having the security team in the middle between the developers and the operations and automating as much as possible that allows you to go from code to running workloads as fast as possible,” he said. “As people commit code into the repository, you have these robots that start building the application and they do unit tests where they check the code to make sure it doesn’t fail against known use cases. What will also happen is you will be doing these unit tests for security. You will check to see if it’s using libraries that are using known vulnerabilities, is the system configured the proper way and once it passes all of those things, it is ready for the human to review it. That allows you to iterate faster, which allows you to innovate faster.”

Egts said the dev/sec/ops process lets agencies and developers have a consistent, repeatable process no matter where the application resides.

“When you do compliance as code, it’s not only machine readable, but also human readable,” he said. “I can give that to auditors when they ask ‘how are you configuring your system?’ It’s written in a human readable way, but also machine readable way that I can prove it repeatedly.”

All of these efforts can bring agencies closer to the commercial approaches to application development and meet citizen expectations more quickly, Egts said.

About Red Hat and Carahsoft  

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®. As a top-performing GSA Schedule, SEWP and SLSA contract holder, Carahsoft has served as Red Hat’s master government aggregator and distributor for more than 13 years.

Working as strategic partners—and through a robust ecosystem of value-added channel of partners and system integrators–the companies deliver top-tier Red Hat solutions to federal, state, and local government agencies, as well as the education community, supporting the public sector’s mission to prepare for the digital future and modernize approaches to IT through the application of open source solutions.

Visit Carahsoft at www.carahsoft.com and follow us on Twitter and Facebook.

Visit Red Hat at www.redhat.com/gov and follow us on Twitter and Facebook

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.