Be agile. Be modern. Be inclusive.
Successful technology transformation efforts hinge on these pillars. But embracing modern practices and tools is easier said than done. For many agencies, tight budgets and rigid processes are keeping digital, user-friendly systems out of reach.
During GovLoop’s latest virtual summit, technologists from Red Hat explained how agencies can improve their operations using open source software. What makes open source different from other types of software is the way it’s developed. Users have the autonomy to examine and modify the source code, or the detailed design of the software.
“They want to scratch their own itch,” Alex Jacocks, Solutions Architect at Red Hat, said of open source users. Red Hat is an open source software provider. “They want to solve the problem that they’re having. After solving their problem, they share it with the world. It’s an incredible bounty.”
Open source software powers citizen-facing websites, cybersecurity tools and a range of other applications you use in your personal and professional life. Below we’ve compiled several best practices and insights for agencies to keep in mind as they look to transform their operations with open source solutions.
- Embrace automation to reduce human error. Open source tools thrive when automated. Automation involves machines performing manual processes with little to no human involvement. Using automation for such chores as patching security flaws, agencies can reduce the amount of human error in their development processes. The resulting products and services are not only secure, but they’re also published quicker and more efficiently.
“Whenever you create an automated tool rather than do something by hand, you remove the chance for a mistake,” Jacocks said.
- Prioritize automation early. “Work on your automation [capabilities] upfront, or you’ll likely never come back and fix it,” said Phil Kramp, a Red Hat Solutions Architect. Investments in automated workflows and container solutions have become synonymous with transformation. Containers provide a consistent environment and tools for packaging, delivering and managing software applications.
Red Hat’s OpenShift platform, for example, enables agencies to manage multiple containers, whether that’s automatically scaling resources to meet users’ demands, managing the networking or centralizing monitoring.
- Use purpose-built tools. At the end of the day, all agency activity should point toward its mission. The same is true when creating applications using container workloads.
Purpose-built tools isolate container workload tasks, such as managing multiple containers or building them. That way, developers can focus only on the tasks they need to create mission-valuable applications. Purpose-built tools also offer more security by isolating risk and revealing what stage a threat could have entered. They focus on doing one thing and doing it well, said Matthew Bach, Senior Specialist Solutions Architect at Red Hat.
- Treat security as a shared responsibility. When it comes to cybersecurity, the federal government has an overwhelming number of guidelines, policies and standards that developers need to consider when creating new systems. One way to keep it manageable is to treat security as a shared responsibility between the agency and your IT vendors, said Dan Domkowski, Software Delivery Specialist at Red Hat.
A growing number of platforms and services include security controls that developers can leverage when developing a system. “This checks off a significant number of security controls during the ATO [authority to operate] process,” he said.
- Approach security with consistency. A 2018 report found that 80% of cybersecurity attacks exploit known vulnerabilities. In other words, hackers foam at the mouth when they see a Government Accountability Office (GAO) report about flawed systems.
To stop these attackers, agencies need consistency, said Chris Grimm, Red Hat Solutions Architect. Development, operations and security teams must speak the same language, helped by a user-friendly interface, so that they can automate playbook responses for common breaches. Then, employees can operate from a consistent security environment.
Don’t miss out on other virtual learning opportunities. Pre-register for GovLoop’s remaining 2020 virtual summits today.
This virtual summit was brought to you by:
Such a helpful recap – especially the 5 takeaways. Yesterday’s content was quite technical so this recap really helps round out my understanding.