It’s arguable that few technologies have had as revolutionary an impact on the government and how it operates as the cloud. Cloud technologies opened the door to many of the advanced applications and solutions that are driving digital transformation initiatives and programs across the federal government and military.
However, the government can be very risk-averse when it comes to embracing new technologies. Embracing the cloud often means giving up ownership of infrastructure and hardware in favor of acquiring it as a service. And many in the government viewed giving up ownership as also giving up control and security – while facing a threat landscape that is large and filled with a number of increasingly sophisticated and motivated cyber threats.
To increase comfort and ensure security in adopted cloud solutions, they needed to go through rigorous testing and security evaluations. These risk assessments could be arduous and slow, and conducting them eliminated any benefits in agility and speed that would come from embracing cloud solutions in the first place.
The FedRAMP program was implemented to fix this conundrum. And, since it’s inception, it’s managed to make cloud solutions, applications, and services easier and faster to adopt across the federal government.
One of the applications that has recently gained FedRAMP authorization is an essential tool in the movement towards DevSecOps, the Dynatrace software intelligence platform. We recently sat down with Willie Hicks of Dynatrace to talk about the FedRAMP authorization process, the importance of the cloud, and the movement towards DevSecOps in the government.
Here is what he had to say:
GovDevSecOpsHub (GDSOH): Can you tell our readers a little bit about the FedRAMP program? Why was it put in place? What does it seek to accomplish?
Willie Hicks: FedRAMP is short for the Federal Risk and Authorization Management Program. Effectively, this program is the U.S. federal government’s solution for ensuring that there are consistent security assessments and continuous monitoring of cloud services.
FedRAMP was put in place to be a standardized approach for authorizing cloud services. This allows agencies to reuse a cloud service’s Authority to Operate (ATO). For federal agencies, this expedites the process of embracing or adopting new cloud services, since the need for a lengthy evaluation and risk assessment process.
Ultimately, the program is about helping the government move at the speed of innovation and more quickly and efficiently embrace the revolutionary cloud solutions and services that they need to power their operations digital transformation initiatives.
GDSOH: Why does a company like Dynatrace, a software intelligence company, need FedRAMP authorization? What does FedRAMP authorization mean for Dynatrace? Government users?
Willie Hicks: Dynatrace’s solution is offered as a Software as a Service, cloud-based solution. If federal government agencies and organizations were going to use our solution, FedRAMP authorization was mandatory, much as it would be for any other company wishing to sell cloud services.
With our FedRAMP authorization, we can now provide the federal government with a truly SaaS solution, which is easier to maintain and support for the government customer and for Dynatrace.
GDSOH: FedRAMP is in place to make it easier for government agencies to embrace cloud solutions and eliminate legacy IT and applications. How has this movement towards the cloud and cloud services changed the IT game in the government?
Willie Hicks: The move to the cloud is designed to achieve a few goals and gain capabilities that are transformational for the government. One of the main goals is to reduce the overall spend and investment in IT technologies. Cloud solutions have helped government IT departments and developers to improve efficiency, reliability, security, collaboration and speed to innovation.
GDSOH: How has this new digital transformation changed software and application development in the government? Why has it made approaches to application development like DevOps and DevSecOps important?
Willie Hicks: To best serve the digital citizen and to provide the services and experiences that the general public has become accustomed to, the federal government had to change the way it developed software and applications.
They needed to move away from the traditional waterfall method of development if they were going to truly harness and leverage the power of cloud technologies and do this at scale and with speed. To achieve this acceleration, agencies are moving to DevOps and DevSecOps models for application development. These models shift operations and security left in the process, expediting application development and allowing agencies to move at the speed and pace of innovation.
GDSOH: Where are we in the movement towards DevSecOps in the federal government? Is it something that agencies have embraced fully and have adopted widely? Why or why not?
Willie Hicks: From our perspective, we are seeing an ever-increasing movement toward DevSecOps – especially in the form of the “software factory.” We’ve seen this in a number of civilian government agencies, including the General Services Administration (GSA), as well as in the military – with software factories being established by the Air Force, Army and Navy.
I would be hesitant to say that DevSecOps is currently embraced by all agencies. But I would say that all agencies are looking into it and considering a move in that direction.
The reason why they’re looking to embrace DevSecOps is simple. Agencies have to be able to keep up with the expectations of the citizenry. They also need to keep pace with the scale and complexity that we often see in digital transformation. DevSecOps offers a means to meet these challenges.
GDSOH: What role can Dynatrace’s solutions play in enabling DevSecOps? What challenge does software intelligence play in making this approach possible?
Willie Hicks: Dynatrace plays a critical part in enabling DevSecOps. Our AI-Powered platform drives digital transformation and enables faster innovation. It also enables more efficient cross-team collaboration, and unparalleled views of the application stack, dependencies, processes, and code that gives situational awareness and the ability to understand the impact of vulnerabilities.
Dynatrace automation enables DevSecOps capabilities to be realized, by automatically providing deep real-time, actionable insights and awareness into applications and infrastructure, providing more complete situational awareness, while strengthening security posture.
For additional details about Dynatrace’s FedRAMP authorization and what it means for government agencies, click HERE.
The Role of the Cloud and FedRAMP in Driving DevSecOps Adoption
Ryan Schradin
A communications expert and journalist with over a decade of experience, Ryan has edited and contributed to multiple popular online trade publications focused on the security, satellite, unified communications and network infrastructure industries. He serves as a contributing editor for the GovHub family of publications. In addition to his work with the Hub, he serves as the Executive Editor of the Government Satellite Report and the Modern Equipment Manufacturer online publications. In his spare time, he enjoys hiking across the great state of Virginia with his wife, Sarah, and their rescue pup, Brooklyn the Adventure Dog, who is 13lbs of pure furry fury.
Next Article
