Strong Communication and Collaboration is Key to IT Modernization

admin-ajax (4)

By Kitty Nix, Senior Vice President, Services DivisionKitty Nix Headshot

I joined Three Wire Systems to advance my career in Information Technology and help grow a company on the cutting edge of mission-driven solutions. We all know that outdated technology platforms and limited budgets have slowed the long overdue and much-needed process of innovation in the federal government. As Suzette Kent, the new US CIO, discussed at FedScoop’s Second Annual IT Modernization Summit (on April 5, 2018), the White House and Congress have taken strides to help agencies combat their IT Modernization challenges – including new legislation, policy, and funding – thus creating an opportunity to “turbo boost” modernization efforts.

Recently, I was honored to contribute to this important movement, by moderating the NexGen Shared Services panel at the aforementioned summit, sharing the stage with two of the Top 100 Women in IT, to discuss the importance of shared services, and how increased collaboration among stakeholders, “acquisition baked into agile development”, and technologies like containers are significant enablers to IT Modernization.

The panelists included:

  • Beth Angerman – Deputy Associate Administrator, Office of Shared Solutions and Performance Improvement, GSA
  • Soraya Correa – Chief Procurement Officer, DHS
  • Banjot Chanana – Senior Director of Product Management, Docker

Key Messages for the IT Modernization Space

Despite the short amount of time allotted for the panelists to discuss these important topics, the panelists shared some insightful key messages (and a few fun facts about themselves) for everyone in the IT Modernization space.

When it comes to measuring the success of shared services, Beth reminded all of us that it’s a perfect time to take stock in what has been done in the past, and how we need to pivot to effectively move forward. She offered that measuring success is tied to driving standardization, eliminating redundant systems to maximize economic benefit and to create better and more consistent data for the government.

“The heart of measuring success [of shared services] is collaborating with the user and understanding their pain points, figuring out this problem at the beginning and how to engage in what is going to make you successful.”

Beth Angerman

She also clarified that an important aspect of measuring success is to better collaborate with the business to determine how each agency defines and measures their own accomplishments because every agency has different missions and rules. Put another way, modernizing IT for the sake of modernizing IT is not the answer.

Beth discussed that at the heart of our modernization efforts are the users. No matter how beneficial the new technology can be, and how secure we can make it if the users of that technology are not ready or “bought-in” prior to its release, it will likely lead to failure. She shared an excellent comparison to her husband upgrading her iPhone without telling her! Although she knew it would be more secure and potentially better experience for her, she was immediately irritated as she wasn’t ready for the sudden change from her normal routines. For example, she had not moved all the photos she wanted to the cloud; this was a key factor that delayed updates to the software in the first place. A critical success factor for modernization projects is ensuring there is clear communication before (modernization) efforts are underway. Beth shared a great personal anecdote of how modernization affects each and every one of us, in both our personal and professional lives. Thanks, Beth! Loved your fun fact that you’ve got two little ones at home, I completely understand the need to keep those photos!

 “It’s a strategy to look at how DHS is approaching their acquisitions to ensure they’re not just buying the right things but buying them smartly and efficiently.”

– Soraya Correa

A trailblazer and innovator in the Federal IT Acquisition world – Soraya Correa – is leading the way in the Department of Homeland Security (DHS), by starting the conversation with industry earlier (much earlier), to listen and learn about the art of the possible. She feels it is critical to know what is available in the market, which helps agencies more clearly define and determine what problem they are solving and what solution they’re working towards. Having these conversations earlier across the federal marketplace could help industry “down select” themselves prior to an acquisition even being released, thereby reducing risks, avoiding undue costs for both parties, and ultimately providing the customer what they need to accomplish their mission set.

To test this hypothesis, Soraya established and is leading the Procurement Innovation Lab, commenting that it’s a place where DHS can try new procurement techniques and approaches. She emphasized that there is little to no value in issuing a procurement that takes 2-3 years to award. Soraya is leading the charge at DHS, working to engage industry early and often, and collaborating with the business owners to make sure the “current state” is benchmarked and the problem adequately defined. Also, it was also inspiring to hear that in Soraya’s spare time, she mentors as much as she can to build and empower others. Something much needed in our community!

Another key and crucial point from the federal panelists (Soraya and Beth), which I also wholeheartedly believe, is that the government should not develop anything to meet their requirements if they can buy a solution off the shelf. It’s imperative that agencies take a step back, break apart the problem, and determine if there is a solution already available to meet their needs. If the solution and technology already exist, the government can buy it and then share the risk with industry.

An Industry View on Shared Services

Switching to an industry view on shared services, I asked Banjot Chanana from Docker for his perspectives. Every decade or so, we’ve experienced a paradigm shift, from mainframes to client-server to virtualization to the most recent shift to the Cloud, and now a new breed of technologies such as Containers show promising benefits. Banjot sees containers fitting into this evolution very naturally, commenting that while it has been exciting to see all of the innovations, they’re not new. Containers have been at the center of the major shifts to the Cloud and DevOps, enabling the agility that has come from these movements. In the private sector, these capabilities have enabled organizations to move their applications into the cloud while removing some of the friction in their development process.

“You can do things In a container environment that you couldn’t do before. The level of visibility into the running application and how it’s performing and the types of operations its performing and the ability to enforce policy in those containers is now something we’ve never seen in previous technology.”

– Banjot Chanana

Specifically, Banjot covered how Containers have actually provided three significant benefits for shared services:

  1. Removing friction in the development process (adopted by millions of developers and IT professionals) allowing for closer collaboration between users, developers, and operators;
  2. Containers bring a whole new level of security to an operating environment where we can standardize what an application can and cannot do, and;
  3. the ability to standardize.  One of the most important things about the shared services environment is the way we scale.  We can now scale by standardizing the way we deploy applications, the way we run them, the way we enforce Service Level Agreements (SLAs), and the way we enforce security.

Now with Container technology, we can standardize how we deploy, operate, install and even scale out or scale back, and it works well for new and existing applications. Banjot’s most resounding message was how Container technology can be leveraged to move shared services forward.  An interesting fun fact about Banjot is that he has a twin brother he’s kept in step with all his life and who, coincidentally, works in digital modernization while Banjot works in IT Modernization. Twinning has a whole new meaning for me now!

I couldn’t help but close with a question about the MGT Act that recently passed, asking how Beth and Soraya planned on using it.  Soraya let us know that DHS is looking closely at how they are implementing Modernization projects. Further commenting that since DHS is a federated environment, they need to work together to develop smart solutions. Soraya herself is working closely with the DHS CFO, and the rest of the C-suite, to look at DHS’s priorities. It’s critical to identify what they want to attack first, and then focus on bringing the rest of the DHS community along. She noted that it’s not just a headquarters focus, rather the modernization efforts are for everyone who works and supports DHS.  Soraya is pushing DHS to think strategically and ahead of the curve, noting she wants to implement shared services the right way, and to ultimately do intelligent things within the government, to improve data and systems, and ultimately improve the experience for end users.

Beth does not intend to use the fund but plans to assist other federal agencies in thinking about how they are going to use the resources, and how they will repay the funds they borrow. A key factor in the MGT Act will be ensuring agencies identify what success looks like. Beth shared that GSA has a lot of best practices in place to help agencies effectively articulate the success criteria, in order to secure the approvals required to utilize the MGT funds.

Optimism Moving Forward 

I feel energized and optimistic after hearing from these forward-thinking government and industry leaders, who are all on the same page about how we need to move forward, and all have some great ideas on how we get there. I thank my panelists for taking the time to share their experience and insights on this very important matter and thank Three Wire’s co-sponsor, DELL EMC,  for this panel discussion, and for helping to bring this important information to focus. I hope this information energizes you just as it did me!

For more information about Three Wire’s IT Modernization efforts, please contact Kitty Nix.

About Three Wire Systems

Founded in 2006, Three Wire is the leader in innovative and efficient technology solutions for government agencies and large enterprise corporations. With solid program management and process improvement principles, they design solutions that support business goals and deliver superior results in a cost-efficient manner. Three Wire believes in maximizing investments American taxpayers have already made in the government and military while modernizing and securing America’s most important information, infrastructure, and assets. For more information about Three Wire, visit https://www.threewiresys.com/.

Your Quick Guide to IT Modernization in the Federal Government (MGT Act 2018)

President Donald Trump signed the highly anticipated Modernizing Government Technologies (MGT) Act (H.R. 2227).

Federal agencies rejoice, you may now modernize!

President Donald Trump signed the highly anticipated Modernizing Government Technologies (MGT) Act (H.R. 2227). With the passage of the 2018 National Defense Authorization Act (NDAA), and the bipartisan-supported MGT Act bill, a central fund will likely be created to help agencies modernize essential IT systems as well as provide the means to reprogram unused IT funds for modernization purposes. Federal agencies will more easily be able to adopt modern technologies, best practices, and security safeguards that are well established in the commercial world and some areas of the Federal Government.

As stated on Congress.gov, “This bill [the MGT Act] authorizes each of specified agencies for which there are Chief Financial Officers to establish an information technology system modernization and working capital fund to:

  • Improve, retire, or replace existing information technology systems to enhance cybersecurity and to improve efficiency and effectiveness;
  • Transition legacy information technology systems to cloud computing and other innovative platforms and technologies;
  • Assist and support efforts to provide adequate, risk-based, and cost-effective information technology capabilities that address evolving threats to information security; and
  • Reimburse amounts transferred to the agency from the Technology Modernization Fund (established under this bill), with the approval of such agency’s Chief Information Officer.”

MGT focuses on enabling the use of commodity and shared services such as network, cloud e-mail, collaboration, compute power, and cybersecurity. Leveraging the buying power of the government to procure these services and its management should enable agency staff more time to focus on their unique missions versus operations and maintenance of duplicative systems.

Just as important, the MGT Act opens the doors to technology companies like Three Wire Systems (Three Wire) to leverage our expertise for government agencies challenged with outdated IT capabilities and cybersecurity. Three Wire has been working with government organizations for more than 10 years on modernization projects and bring our customers those experiences, best practices, and lessons learned.

Application and Business/Mission area owners will quickly notice MGT appears to be largely infrastructure focused. For those people, we recommend reviewing the 2017 Report to the President on IT Modernization, Appendix A. While Appendix A appears to be focused on data, it quickly shifts to principles and practices that come with our approach to Agile Application Development & DevOps. Three Wire development projects incorporate continuous integration, automated testing, automated deployments, immutable deployments, code reviews and by extension, automated code analysis focused on security vulnerabilities.

The MGT Act has been sorely needed. In line with Three Wire’s mission, our Agile and DevOps based practices have saved taxpayers hundreds of millions of dollars and have provided our customers with the groundwork to leverage MGT. The exciting part about MGT is the procurement and other focus areas should remove the prior resistance for modernization efforts and allow Three Wire to not only continue our client’s success but improve our output and results along the way. Three Wire will also help our customers and partners through identifying opportunities and approaches to modernization to best leverage appropriated or re-appropriated funds and position them to receive their fair share of the proposed $500,000,000 of MGT funding.

We look forward to continuing our partnerships with Federal Government organizations who need qualified modernization experts to fully leverage the MGT Act. For agencies looking to take advantage of the MGT Act in 2018, contact Three Wire to look at ways to improve performance and eliminate long-term costs through agile development!

For more information about Three Wire and the MGT Act, please contact our Senior Vice President, Services Division, Kitty Nix (https://www.linkedin.com/in/kittynix/).

Why Security and DevOps Go Hand in Hand

Why Security and DevOps Go Hand in Hand

Imagine a six-lane highway suddenly merging into one lane. If there are enough cars it results in chaos, traffic jams, accidents, frustration, and at worst fully stops traffic. This is what a distributed denial-of-service (DDoS) security attack does to a server.

Security attacks, like a DDoS attack, occur when multiple often compromised, systems flood the bandwidth or resources of a targeted system, usually one or more web servers. We may never know all the security breaches in the confusion caused by broad scale attacks, but security breaches can be very damaging and expensive for companies. The 2016 Cost of Data Breach Study from the Ponemon Institute shows that the average cost per data breach has globally increased 29 percent since 2013. If you have a breach affecting 10,000 records the cost of remediation would be over $1.5 million.

DDoS attacks made headlines in 2017 by interrupting many popular services like Twitter and Spotify and have thrown the security of our interconnected devices and systems into focus. Time-to-market and the flexibility to predict and react to rapid technological and cultural changes have driven a need for rapid and agile software development giving rise to new DevOps best practices. DevOps is a set of practices that include automating processes between software development, IT teams and end users, allowing organizations to build, test, and release software faster and more reliably. So, does DevOps help or hinder the requirement for more focus to be placed on security?

In traditional software development environments, security testing is usually carried out at, or near the end of the software development cycle. In many cases, security testing is limited to scans of the infrastructure which can leave potential vulnerabilities in the code exposed for exploitation. Development teams are more frequently incorporating secure coding practices and some code-level security analysis but rarely achieve a comprehensive security approach from start to finish and into maintenance. These approaches, along with many others not mentioned here, make security in today’s rapid pace of technology change unsustainable and high risk. In DevOps, continuous integration and continuous deployment inclusive of automated testing that includes comprehensive, code and system level analysis make the rapid pace of technology change sustainable. We argue that it is far too difficult for the typical approaches to keep pace and be as effective as an end to end approach to building and sustaining secure applications through the practical application of DevOps principles and best practices.

Embedding security into the software development cycle from the start has become critically important. Although opinion is divided when it comes to DevOps, the 2016 State of DevOps Report from Puppet provides evidence to show that high performing software development teams spend 50 percent less time remediating security issues, validated again in the 2017 report.

Less time is spent on security issues as the teams are providing continual input during the design of the application, to include during software demos which also allows time to develop pre-approved, easy-to-consume libraries, packages, toolchains and processes for developers and IT operations to use in their work.

Many are concerned that the speed at which technology is moving at, has been at the expense of good security— making it an afterthought. But we believe this is a pessimistic view.

The SANS Institute report, Continuous Security: Implementing the Critical Controls in a DevOps Environment, highlights challenges around auditing the infrastructure and end-user devices in a cloud environment that is provided by a third party. However, third parties take a positive view of developments in tools for tracking cloud-based assets and provide pointers around using APIs and Vendor Cloud Portals to provide audit assurance.

New, open-source tools to automate security testing are coming to market under the support of OWASP (The Open Web Applications Security Project) and, as the Puppet and SANS reports demonstrate, integrating security teams and processes into DevOps from the beginning has significant advantages.

At Three Wire, we operate with the understanding that DevOps helps the focus on security. This includes involving our security teams at all stages in the development cycle and integrating security testing tools in an automated test and development environment. We also include an emphasis on developing, sharing and evolving secure coding practices. We wholeheartedly believe DevOps is inextricably linked with security and that good DevOps-based development requires secure coding practices and automated security testing. To learn more about Three Wire and our work with DevOps visit https://www.threewiresys.com/what-we-do/application-development.

Agile Application Development and the Advisor Outcomes Platform

Three Wire Systems, VetAdvisor’s parent company, has established an Agile software development division – a highly skilled, cross-functional team with extensive experience in large scale (500,000+ user), enterprise-level applications. Three Wire develops “products with a purpose” and currently supports applications custom-built for Department of Defense (DoD) Family Programs serving service members, veterans, and their families. In fact, VetAdvisor itself is run on the Advisor Outcomes Plaform, an Open Source Software (OSS) case management system.

Three Wire’s Agile development practice and culture were recently reaffirmed when we were selected to be a part of the 18F Agile GSA BPA. 18F is a GSA consultant that, along with the US Digital Services (USDS), is attempting to revolutionize the way the Government purchases software. 18F’s mission is to bring private sector standards into public sector projects, with specific focus on Agile methodologies, rapid, iterative development, human centered design, and end-user research which results in robust, easy-to-use applications that fit today’s larger workflows.

Three Wire was selected by completing three prototypes in a time-boxed 36-hour delivery cycle. Sprints were split into 6 and 12 hours, and a highly Agile, cross-functional team produced prototypes using OpenFDA data. Only 16 companies were awarded a spot on the BPA. The Agile GSA BPS allows Three Wire an exclusive chance to bid on designated Agile projects.

Three Wire and VetAdvisor will continue to support service members, veterans, and their families though Agile development, OSS platforms, and cloud-based web services. To learn more about Three Wire’s Agile practice, OSS, and cloud hosting capabilities, and about our past performance for DoD Family Programs, click here to download the Three Wire Agile Application Development Solution Brief.

 

Welcome, Xtendable Customers!

Who Supports my Xtendable Server?

Xtendable Server is a .NET open standards modular development platform that once provided cost effective design, deployment, and hosting for complete end-to-end web systems. Xtendable Server came with pre-tested core modules that allowed developers to build applications that were cost effective and could be implemented quickly. Xtendable Server is still owned by DefenseWeb and licensed on a “software as a service” (SAAS) basis, as well as for hosting by the customers in their own environments.

In January of 2014 DefenseWeb Technologies gave notice to its clients that it was moving away from the Federal IT market and had selected Three Wire Systems and its subsidiary VetAdvisor, LLC to be the sole supporter of Xtendable Server. Today Three Wire and VetAdvisor support more than a dozen DoD clients with their web-based applications built on Xtendable Server.

We are committed to providing uninterrupted excellence in service to current Xtendable Server customers. In fact, the government recently cited Three Wire as the sole source capable of continued Xtendable maintenance.

Options for Xtendable Customers

We understand there will be a need down the road for a new platform to replace the Xtendable Server and we are developing an innovative and cost-effective Open Source solution that will meet the future needs of current Xtendable Server customers. Click here to download a white paper where we explore options for Xtendable customers looking to transition to a new platform and provide a glimpse at our own strategy of combining the best of breed Open Source to create a completely new offering especially for Xtenable customers.

Be sure to check back for upcoming white papers describing our new platform.