This content is sponsored by CA Tech/FCN
What an irony: In the age of automation, digital services, artificial intelligence and machine learning, software development itself stubbornly remains a craft-like, hit-or-miss process.
Contrast that with how so many other products are built. The modern factory might be a fixed asset. But internally, it’s flexible so that it can respond continuously to product changes from market and demand shifts. It’s highly automated for efficiency and quality assurance. And it’s driven by data and metrics for continuous improvement.
The modernization policies of at least two administrations, a government wide strategy for digital services, and the cybersecurity imperative mean your agency is in the software business. It’s time to adopt a new software business model.
In decades past, the standard “waterfall” approach to software resulted in applications built to last. And last they did. Agencies still operate hundreds of systems on mainframes, coded in durable Cobol. But now agencies find those systems to be an obstacle to modernization and to the rapid development of applications designed to use data in new ways, both for internal purposes and deployed as digital services to the public.
What you need is a process for software built to change. Built for agility, flexibility and responsiveness to ever-changing conditions.
We call it the modern software factory.
Achieving that status requires programmers with the right skills, of course. But more fundamentally, it requires a new way of thinking, one that encompasses agility, security, and automation, all within a modern applications architecture.
Let’s unpack these principles.
The agile agency
Because no organization has unlimited money or people, maintaining agility and ability to meaningfully innovate in times of constant change requires knowledge to help you direct resource to things that matter the most to customers and users. The long cycle, waterfall methodology just doesn’t cut it anymore.
In order to transform into an agile agency you need two things. First, the agile approach to development itself. This is marked by short cycles of modular, carefully defined deliverables that are continuously tested and evaluated.
Second, you need an environment that can make sense of change and respond quickly. Lines of business owners and development teams must work together, informed by insight. That insight comes from a well-functioning analytics engine gathering data from the IT hardware and software infrastructure, and from user experiences on endpoints.
Over time, data from how users interact with applications and metrics such as response times or crash analytics, can help you make better decisions on where to deploy resources. A constant 360-degree feedback loop between the business and the agile teams improves the speed and accuracy of decisions on innovation and investments. It keeps the agency out in front of potential problems
Building secure software
Security has come to mean much more than perimeter monitoring and screening for threats. In the software factory concept, it means agile development operations coupled with practices to protect not only infrastructure but also data and privacy. DevSecOps – DevOps infused with security – ensures applications are built with security as a native quality.
Key results of a DevSecOps approach include:
- Advanced authentication, to get past passwords with multi-factor credentials.
- Carefully tuned access privileges, to give users what they need but avoid overly generous access to and identity management of both external and internal users. This is coupled with simplified identity management to support provisioning and governance policies.
Agencies must always balance security and user experience. A solution such as CA’s Rapid App Security lets your team develop risk-based trust relationships among users, their devices, and the application. It denies access or elevates required authentication steps if the app senses deviations from the norm.
A new application architecture
If the standard application architecture housed stable, stovepiped applications and databases, a modern application architecture emphasizes modularity, reusability and automation.
It builds functionality around application programming interfaces to containerized microservices. For example, an authentication routine built for one application might be useful in other apps. By containerizing it and publishing its API, it becomes available to — and interoperable with — other applications. The container preserves its security and other properties. A fraud detection routine could become available to multiple agencies that dispense grants, contracts and benefits, not only at the federal level but also at the state and municipal levels.
The API approach becomes more compelling as the number of devices interacting with applications rises in the Internet of Things age.
Beyond the architecture, the modern software factory employs tools that automate software lifecycle processes such as coordination among agile teams, test and validation, containerization, release and deployment. Automation can also improve speed and reliability of API management itself. It covers the API lifecycle from development through registration and publishing, performance monitoring and eventual replacement.
Government, no less than other industries, is operating in times of changing technology and changing customer expectations. Use the software factory approach to stay out in front.