A Cloud-Native Strategy is the Heart of True Digital Transformation
Mission Velocity with Modern Software - Keith Salisbury (Pivotal Federal Practice Lead)
Software-enabled outcomes @ “Startup Speed”
The New Imperative
The “battlefield” of the future is one in which you will need to show up “software enabled” if you expect to win. If it takes organizations within our national security apparatus years to go from “idea” to accredited “production software”, we risk not being prepared for this fight. National security programs must rapidly and iteratively build, deploy and operate modern software at “startup speed”, all the while maintaining global scale and highly secure access. To achieve this outcome, traditional programs must re-imagine how software is developed, tested, accredited, and operated in the modern era.
Modern paradigms for software delivery
The security threats facing Silicon Valley parallel those in national security. Moreover, the intent behind the process commercial companies use to test, accredit, and securely operate software parallel the intent behind the traditional “Authority To Operate” processes in government. Commercial enterprises, however, have re-imagined traditional Quality Assurance (QA) and increased security through faster development velocity. These include:
- Lean-Startup Methodology: A product methodology that decreases risk through continuous testing of every assumption, shipping smallest possible slice of functionality early and often, and always building the smallest, yet most valuable, piece of functionality.
- Pair Programming: Moves code reviews as far forward in the development process as possible and makes them constant.
- Test Driven Development: Each line of code is driven by developers first writing a failing test. This prevents unnecessary code, test code coverage becomes nearly 100%, and with each build the automated test suite grows to constantly ensure functional, secure code. In traditional development, tests are written after the fact. This process becomes daunting as developers accelerate writing functionality before circling back to write the tests (often several classes and many lines of code), making it challenging to push through all the branches of code (i.e. combinations of conditional logic) and the edge cases that matter.
- Continuous Integration/Continuous Delivery (CI/CD): A CI/CD system optimized for agile development handles the complex delivery permutations, automates test-driven development, maintains compatibility between multiple build versions, target multiple platforms and configurations such as different clouds, and enable automated deliver frequently—even multiple times a day.
- Platform: A full-featured, “structured” platform with a standard operating system and a consistent runtime environment can provide “immutable infrastructure” to dramatically reduce the number of security controls that must be repeatedly assessed and documented.
“Authority To Operate” = IaaS + PaaS + TDD + CI + Security Control Inheritance
Platform & “Immutable Infrastructure”
Traditional software deployment in the national security arena relies on a complex manual orchestration of low-level steps, which generate a tremendous amount of repetitive work that is highly susceptible to errors. Automation tooling, if used at all, is typically script-based and ad hoc. As a result, software processes to build, test, deploy and operate each application are custom, complex, and always inconsistent, resulting in paralyzing operational complexity and chaos. Organizations manage this complexity by slowing down release processes to ensure correctness and consistency. This delay increases accumulated risk with every software build, increasing the security challenge, and teams struggle to release new functionality quickly or successfully. To achieve Application ATO, nearly 1,000 security controls become paralyzing.
The right platform strategy addresses these concerns consistently across multiple use cases. Abstracting, standardizing, automating, and streamlining common lifecycle activities into a general application platform allows software organizations to make many simplifying assumptions and focus on the business, or mission logic of their code. The right platform strategy, accredited once - granted to all, enables simplicity, consistency and efficiency that promotes rapid innovation and differentiation, which in turn drive massive speed in the delivery of software based capabilities. This approach can reduce the number of controls by 90%.
The right platform strategy (PaaS), combined with modern cloud infrastructure (IaaS), coupled with a disciplined approach to Test Driven Development (TDD) that leverages automated testing and Continuous Integration (CI), are the disciplines Silicon Valley bring together to accomplish what the traditional government process for granting Application ATO have calcified:
** ATO = IaaS + PaaS + TDD + CI + Inheritance **
Solution & Outcomes
Making it real in the National Security Arena
Pivotal brings a sophisticated approach to User-Centered Design, we apply Lean Startup to software development, we practice a highly disciplined approach to Extreme Programming (XP), all of which is underpinned by a structured platform strategy, Pivotal Cloud Foundry.
When these four disciplines come together in a highly disciplined way, results can be transformative. With the Air Force Air Operations Center (AOC) traditional software delivery cycles were 5-7 years to go from “idea” to “production”, while testing and accreditation timelines exceeded 2 years.
Pivotal enabled the Air Force to build, test, accredit, & operate applications for Dynamic Targeting, Advanced Target Production (Deliberate Targeting), Mission Reporting, Tanker Planning, and the allocation of Intelligence Assets using modern development methods on a modern cloud platform. Each of these applications went from “idea” to “accredited software” running on the AOC’s classified networks in less than 120 days. Moreover, each week, Air Force development teams working “Lo-Side” continually push 10-20 net-new features into each of these applications to “Hi-Side” production, enabling the warfighter in real-time based on operator feedback.
Outcome: The AFCENT Commanding General believes a “continuous fielding” capability for modern software has fundamentally changed how he fights the air war in the middle east (Fox News on AFCENT software delivery).
Read up on how the U.S. Air Force is embracing the Pivotal way to achieve unprecedented success at delivering real mission outcomes.