The speed at which innovation moves and technology advances is incredibly fast. A DevSecOps approach to application development can ensure that new capabilities and solutions can be brought to government employees and military personnel rapidly, at the speed of innovation.
Unfortunately, DevSecOps has not been embraced across the public sector as thoroughly and quickly as it has across the private sector. The reason why the government has been slow to adopt DevSecOps is a familiar problem that is well known by anyone that has worked with the government in any capacity over the course of our country’s history – agency culture and a reluctance to change.
To learn more about the benefits of DevSecOps, the cultural challenges keeping it from being more widely adopted in the government, and the ways in which modern development platforms can help make DevSecOps adoption a reality in government, we sat down with Darron Makrokanis, the President and General Manager of D2iQ federal.
GovDevSecOpsHub (GDSOH): Can you tell our readers a little bit about D2iQ and its solutions?
Darron Makrokanis: D2iQ stands for, “Day Two Operations Done intelligently.” It was born out of a cloud native company called Mesosphere, which pioneered the cloud native landscape. They were a founding member of the Cloud Native Computing Foundation (CNCF) and delivered those solutions to a large number of customers, including global telecoms, large U.S. financial services companies, manufacturers, and healthcare organizations.
The Mesosphere leadership was closely in-tune with some of the large challenges that were facing our customers, and some of the exciting new technologies that were entering the marketplace. The company adopted Kubernetes very early on – right after it was given to the open source community by Google.
As the market evolved, and the embrace of cloud-native technologies grew, the visionary Mesosphere leadership understood that the focus of the market going forward was going to be Kubernetes. So, they pivoted the focus of the company and underwent a transformation into D2iQ.
“Traditionally, it has taken years for the government to develop, test and deploy mission-critical technologies and capabilities…DevSecOps gives them an alternative that is much better, faster, and more efficient.” – Darron Makrokanis
We already had Kubernetes in our portfolio of products before the transition to D2iQ. However, we underwent a three-month transition where we rebranded and relaunched the company with a focus on helping our customers embrace digital transformation, increase the velocity of application development, and improve their responsiveness. And we accomplish that with our leading independent Kubernetes platform that we refer to as DKP.
Our expertise is simplifying and automating the difficult tasks needed for enterprise Kubernetes and production at scale. We do all of this at the lowest total cost of ownership (TCO) in the industry. And that’s why some of the largest enterprises in the world have chosen to work with us, including BMW, GE Healthcare, and the United States Air Force.
GDSOH: How and why do government agencies and military organizations utilize platforms like the DKP for their application development? What benefits does it deliver? What would development be like without DKP?
Darron Makrokanis: If production workloads are your desired outcome, and that’s what drives your mission – getting to production and increasing efficiency in the organization – that’s where DKP shines.
D2iQ has been successful primarily when organizations have failed with other Kubernetes platforms because they’ve resulted in lost time, and cost millions of dollars. Many of the competitive Kubernetes platforms on the market don’t allow the user to be in control of their own destiny, they leave them beholden to a proprietary operating system, or they have other proprietary tie-ins.
DKP offers them a totally curated, fully upstream, fully open source Kubernetes platform that has all of the day two add-ons, ready to ship out of the box. Everything is scale-tested, security-tested, built for resiliency, right out of the box.
DKP offers truly automated, one push-button deployments. It works in classified environments and air-gapped environments, which are critical in the Department of Defense and intelligence communities. We operate on various classification levels – including Impact Level Two through Impact Level Six. We deploy from an automated standpoint where others simply can’t.
Without DKP, DevSecOps in these classified environments could take days, weeks, months. We’ve had some combatant commands tell us that it has taken them years to successfully deploy applications into production using our competitors technologies, and that involved them practically bleeding services dollars along the way. DKP allows these organizations to take control, realize the ROI of their applications much quicker, and work in a platform that is secure, resilient, scalable, and has tremendous automation built in.
“Technology adoption has never been a challenge in government. Embracing new ways of doing things has been the government’s largest challenge for as long as I can remember.” – Darron Makrokanis
Without DKP, many processes would be left to be manually done, wasting precious times. Instead of developers doing the meaningful work of building meaningful applications that deliver outcomes to the warfighter, they’re doing manual tasks that take up their time and could be automated.
GDSOH: Why is a DevSecOps approach to application development desirable for organizations in the public sector? Why should they be looking to shift from traditional approaches to application development to DevSecOps?
Darron Makrokanis: Traditionally, it has taken years for the government to develop, test and deploy mission-critical technologies and capabilities to the men and women working across the country, and around the world. With the speed of technology being what it is, they have to move faster. It takes the government too long to get these capabilities into the field.
DevSecOps gives them an alternative that is much better, faster, and more efficient.
DevSecOps is a much more agile approach to application development. It allows them to build, develop, deploy, and release containerized applications faster. It establishes security as a critical pillar in the development process. DevSecOps inserts security into the SDLC, making it a continual part of the process, instead of being at the end.
With the tremendous increase of nation-state and non-nation-state malicious actors, building applications and supporting container orchestration correctly for the enterprise – the first time – is needed more than ever.
The “do it all yourself” approach some organizations take – without proper scale testing and vulnerability testing – is extremely wasteful and doesn’t maximize COTS products that exist, and runs afoul of the Federal Acquisition Regulations (FAR).
GDSOH: In your experience working with federal agencies and military organizations, what percentage of these organizations have bought into the DevSecOps approach to application development? How pervasive is DevSecOps adoption across the government, and does that differ by sector?
Darron Makrokanis: From what we’ve seen, the DoD is definitely leading in DevSecOps adoption – especially the Air Force with its software factories. But even among the software factories, there is no consistency in the tools that they use.
Maybe their leadership or employees previously worked for one vendor, and have standardized on that vendor’s solutions because it’s what they know. They’ll continue to utilize that particular solution regardless of what the other software factories are using, even if they’ve found a better alternative.
Once you look across the different software development organizations within the DoD, you realize quickly that there is no standardization or consistency in their approach and in their solutions.
The federal civilian agencies are very much behind the curve in their DevSecOps adoption. There are some federal civilian agencies that are leading the pack, particularly organizations such as the Department of Homeland Security (DHS), U.S. Customs and Border Protection (USCBP), and others that focus on national security and law enforcement that have embraced DevSecOps as their approach.
“D2iQ has been successful primarily when organizations have failed with other Kubernetes platforms because they’ve resulted in lost time, and cost millions of dollars.” – Darron Makrokanis
It’s hard to gauge how much the intelligence community has embraced DevSecOps. There is a large amount of disparity within the intelligence community between the different organizations.
GDSOH: In your opinion, what has kept these organizations from DevSecOps adoption? Is it a technology problem? Culture problem?
Darron Makrokanis: I think that it’s absolutely a cultural problem. Technology adoption has never been a challenge in government. Embracing new ways of doing things has been the government’s largest challenge for as long as I can remember. It’s hard to get people to change their ways.
And DevSecOps adoption doesn’t just change the way these organizations operate, it has impacts on funding, and requires changes to how different organizations and teams within the agency collaborate. That is a lot of change for a government agency.
There is also a difference across the government in the knowledge and understanding of DevSecOps. There are some agencies that deeply understand DevSecOps and have taken steps to embrace it across the enterprise. Then, there are organizations that don’t know what it is, or how to implement it.
While some within the government would say that it’s a technology problem because of how they’ve previously built and deployed solutions, I believe that it’s really a culture problem. The approaches and technologies that they’ve used previously don’t preclude them from rebuilding applications and solutions with a DevSecOps approach and modern development platforms and solutions.
To learn more about how the U.S. Air Force moved 80,000 personnel to hybrid work in just 48 hours using DKP, click HERE to download the case study, “The U.S. Air Force Accelerates the Scope and Scale of Remote Collaboration with Kubernetes.”