While public sector entities continue to leverage commercial off the shelf (COTS) technology, there will remain a need for custom build software in support of the mission. In order to properly develop, maintain, and support this custom software, agencies need to rely on an Application Lifecycle Management (ALM) approach. This approach brings together the tools, activities, and people to efficiently manage an application from its inception through its retirement. ALM is similar to the software development lifecycle (SDLC) which focuses mainly on the development of software. In contrast, ALM encompasses the lifecycle of development to maintenance and, finally, to decommissioning.
How ALM works in a given environment can vary according to the software development methodology being deployed. Traditionally, the waterfall development methodology was common in the public sector, but, increasingly, Agile or DevOps methods are being leveraged.
DLT’s ALM recommended vendors focus not just on the "development" portion of an application's life but also on the deployment, promotion, and ongoing management of the application until decommissioned. Key elements of an ALM toolchain include: software requirements definition and management, software change and configuration management, software project planning, with a current focus on agile planning, work item management, quality management, including defect management. Other key capabilities include: reporting, workflow, integration to version management, support for wikis and collaboration, strong facilities for integration to other ALM tools.
Regardless of your preferred development methodology, DLT has the right tools to support your Application Lifecycle Management initiatives.
Despite which development methodology is used, DLT’s ALM framework has three distinct components: Governance, Development, and Operations.
The governance component involves all decisions about the software. It starts with a basic concept developed by a business case. This is where the original concept gets expanded and tied to specific business strategies. The governance component also covers other aspects including user access, security, and resource management.
The development component of the ALM integrates the SDLC. This phase of the software project covers all aspects of its development including planning, design, building, testing, and deploying it. For agencies using the waterfall methodology, development is done in stages. For companies using Agile or DevOps, the steps are fully integrated.
Operations is the third component of the ALM, which involves deploying the application and maintaining throughout its lifecycle. For agencies using the waterfall methodology, development and operations are completely separate. For companies using Agile or DevOps, they are an integrated, continuous process.
DLT Solutions ALM recommended products focus not just on the "development" portion of an application's life but also on the deployment, promotion, and ongoing management of the application until decommissioned. Key elements of an ALM solution include: software requirements definition and management, software change and configuration management, software project planning, with a current focus on agile planning, work item management, quality management, including defect management. Other key capabilities include: reporting, workflow, integration to version management, support for wikis and collaboration, strong facilities for integration to other ALM tools.
The public sector is more and more requesting their software be developed using the Agile Development method. Agile is an iterative approach to software development that emphasizes flexibility, interactivity, and a high level of transparency. Agile projects involve the frequent release of usable code, continuous testing (quality), continuous security, and acceptance that whatever you think you know now, the reality is, it’ll change.
In order to respond to these frequent application changes, IT Operations is impacted to provide the necessary resources and practices to deliver the service to end users. So service delivery and how the app and systems interact are a fundamental part of the value proposition to the agency as well, and so the product team needs to include those concerns as a top level item.” From this perspective, DevOps is simply extending Agile principles beyond the boundaries of “the code” to the entire delivered service.
DLT Solutions provides technology that supports the notion that change is unpredictable and platforms and practices should be highly flexible and adaptable to be able to accept modifications regardless of the employed software development and deployment practices in order to give stakeholders a highly available, scalable, reliable, secure, and high quality work product.
The application development landscape in the public sector has undergone vast changes over the past decade. The shift from Waterfall and on-prem to Agile and cloud computing platforms, shared storage and data, and more dynamic applications has brought enormous benefits to government organizations, which are looking to become more efficient.
While DevOps has increased speed, scale and functionality of applications, the application lifecycle model needs more robust security to meet compliance requirements. DevSecOps was introduced to meet this challenge and to bring development, operations and security together.
This approach makes security equal with development and operations in the application lifecycle and it ensures that security is at the forefront when developing and deploying applications.
DLT’s Secure Software Factory helps public sector organizations accelerate their journey to DevSecOps by providing a framework that U.S. federal agencies and state, local and education (SLED) organizations can use today to create, deploy and operate applications in a compatible, flexible and secure manner.
By following the framework outlined in the Secure Software Factory, government agencies and educational organizations can save money by bundling solutions they know are compatible, increase velocity by automating the steps in an application’s development, and increase quality and consistency by providing a baseline architecture that can be easily followed and replicated.
The Secure Software Factory starts with planning and integrating code, moves to running automated tests, checks for cyber vulnerabilities from both source code and binary dependencies, deploys the application to production, and then provides the ability to monitor and operate the application in production while continuously checking for potential vulnerabilities. Whether an agency or educational organization runs its workloads in the Cloud, on-premise or in a hybrid environment, the Secure Software Factory can meet their business needs and accelerate their organization’s software delivery in a secure fashion.
Benefits of DLT’s Secure Software Factory include:
- Cost Avoidance
- By verifying the applications before deployment, the Secure Software Factory enables government agencies and organizations to streamline application development without the risk of implementing incompatible solutions. This allows organizations to avoid the use of valuable capital that would otherwise be spent purchasing individual applications.
- Increased Velocity
- The Secure Software Factory is a cloud-enabled framework that automates all the steps in a modern software delivery process leveraging containers running in a Kubernetes environment. The Secure Software Factory simplifies the implementation process, allowing developers to focus on aspects of individual applications, reducing the risk of design flaws and code defects, which cuts down on the time to deployment.
- Improved Quality and Consistency
- The Secure Software Factory provides a baseline architecture that helps address design and development challenges, exposes architectural decisions and mitigates risks early in the development cycle. By using a baseline architecture, government agencies and organizations can develop applications that consistently meet standard of quality requirements.
- Existing Integrations
- Many of the tools within the Secure Software Factory integrate with each other, which means less connectivity issues and troubleshooting for your teams.
The Secure Software Factory allows DLT’s channel partners to leverage an end-to-end framework of best-of-breed tools, today, to meet their public sector customers’ mission requirements.
DLT supports channel partners by distilling the the Secure Software Factory concept and tying it their own go-to-market strategies. This approach helps channel partners better shape the unique Secure Software Factory value proposition to enhance discussions with government agencies and educational organizations.
Channel partners also have access to workshop/demo solutions that gives government agencies and educational organizations the ability to use the framework of automated tools in a demo environment.
Old software development models are too linear, have rigid procedures, limit communications and the ability to collaborate, which makes it difficult to quickly update and deliver software to all stakeholders. The Secure Software Factory delivers applications quickly and gets end-user feedback rapidly, so changes can be incorporated faster and more efficiently. This is achieved by delivering smaller iterations of application version, automating the deployment process, and facilitating collaboration and communication between development, security and operation teams. The result is improved application speed and quality at a lower cost.
Learn more about the Secure Software Factory from one of DLT’s SMEs.
Choosing the best technology in a sea of tools can be overwhelming, especially in the public sector where procurement can be a long and arduous process and making the wrong choice could set an organization back significantly as they evolve towards a DevSecOps culture. Each month, join DLT's App Life specialists, who combined have over 70 years of software development and sales experience, as we interview guests from the public sector arena (technology companies, SIs, agency executives, VARs, etc.). If you have an interest in learning about cutting edge technologies, or hearing about more mature technologies and their journeys of success (and learned failures along the way) in the Public Sector space, we think this podcast is for you.
DLT DevSecOps Podcast — Pilot Episode – June 9, 2020. Length: 1:04:36
Interested to learn more about DLT’s Secure Software Factory (SSF)? This podcast episode lays the foundation on the history of the SSF (why we built it), considerations DLT took when building the framework, our approach to software/application development, why the SSF is important for the Public Sector, it’s relevancy to the channel (VARs, ISVs, and Sis), and the long term strategy behind the SSF.
ContinuousX Podcast: Episode 2 — Featuring Red Hat – June 30, 2020. Length: 46:03
During this podcast episode you’ll hear about why DLT picked Red Hat to be a significant technology provider for the Secure Software Factory. Hear how Red Hat is providing leading / innovative technologies and their views on next generation workloads, how they’re future proofing agencies environments and securing hybrid clouds, and more.
ContinuousX Podcast: Episode 3 — Nicolas Chaillan – July 29, 2020. Length: 40:17
Join DLT and special guest, Mr. Nicolas Chaillan, who was appointed as the first Air Force Chief Software Officer. This episode provides insight on DevSecOps in the DoD by a highly qualified and sought after thought-leader. As the Air Force's senior software czar, Mr. Chaillan is responsible for enabling Air Force programs in the transition to Agile and DevSecOps to establish force-wide DevSecOps capabilities and best practices, including continuous Authority to Operate processes and faster streamlined technology adoption.
ContinuousX Podcast: Episode 4 — Featuring Dynatrace Public Sector DevOps Leaders – August 10, 2020. Length: 55:54
Join DLT and Dynatrace in discussing the progression and potential future of mature technologies within the Public Sector space. Dynatrace takes a deep technical dive into their solutions and offers their expertise as a leader in the Application Performance Monitoring space (10 straight years in Gartner’s magic quadrant).
ContinuousX Podcast: Episode 5 — Featuring Dr. Ron Ross – September 3, 2020. Length: 59:41
Please enjoy this wide-ranging conversation with our special guest Dr. Ron Ross, a Fellow at the National Institute of Standards and Technology (NIST), as we discuss the future of DevSecOps in the Public Sector and so much more. For the past 17 years, Ron has focused on the areas of information security and risk management while leading the Federal Information Security Management Act (FISMA) implementation project, which includes security standards and guidelines for the federal government, contractors, and US critical information infrastructure. Earlier this year Ron decided to pivot and create a DevSecOps framework, which we will discuss in great depth as to what it is and why it was a necessary development.
ContinuousX Podcast: Episode 6 — Featuring Derek Weeks – October 5, 2020. Length: 40:29
This episode's distinguished guest is the Vice President of Sonatype, Derek Weeks. We are thrilled to have him on ContinuousX as he works very closely in an arena we feel very passionate about: accelerating DevSecOps in the public sector. Derek is a DevOps advocate and the co-founder of All Day DevOps, which now has over 95,000 IT professional members. In this episode we take a deep dive into the benefits of Open Source Solutions, what advice could be given to agencies looking to adopt or proliferate Open Source, what some of the deficiencies and risks agencies unintentionally accept with more traditional development practices, and much more.
ContinuousX Podcast: Episode 7 — Featuring Appian's VP of Global Public Sector Business: Jason Adolf – November 11, 2020. Length: 38:51
Interested in the improvement of Public Sector customer experience, achieving operational excellence and simplifying global risk management and compliance? If so, this thought-provoking podcast interview with DLT and Appian's Vice President of Global Public Sector Business is for you! Appian's low code automation platform accelerates the creation of high-impact business applications and many of the world's largest organizations, including agencies across the public sector. During this conversation, we ask Jason to share his knowledge and industry-leading expertise around all things Low Code — why this technology crucial in the Public Sector space and how this differs from traditional development. We hope you learn and enjoy this episode as we did!
ContinuousX Podcast: Episode 8 — Featuring Ryan O'Daniel, Federal Sr. Systems Engineer for Sysdig – January 12, 2021. Length: 41:20
Today we will be discussing DevOps (and more) with Ryan O'Daniel - Senior Federal Systems Engineer at Sysdig. Today we will discuss with experts: Advice for agencies attempting to achieve a Continuous ATO practice with containers, challenges an agency might face in monitoring and identifying container issues, how container based platforms may be affected by "zero-trust" network postures... and so much more! Join us in another journey to understanding the importance of DevSecOps in the Public Sector.
ContinuousX Podcast: Episode 9 — Featuring Rusty Sides, SE Manager – US Public Sector, Checkmarx – March 17, 2021. Length: 24:55
Tune in to our latest episode of the ContinuousX podcast, featuring Rusty Sides, SE Manager – US Public Sector, Checkmarx. Rusty has over 23 years of software development, sales engineering, team management, and security consulting experience. Listen now for a deep technical dive with Rusty and our DLT host's Rick Stewart, Mike Fitzurka, and Don McLean as we cover topics ranging from the UNC2452 hack to the validity of software supply chains.
ContinuousX Podcast: Episode 10 — Featuring Chris Randvere, Solution Engineer for Redgate – March 17, 2021. Length: 16:05
We are excited to announce the launch of our 10th episode on this podcast! In this episode we feature a tech leader from @Redgate: Chris Randvere has over 30 years of experience in the IT industry and is currently a Solution Architect at Redgate. Redgate makes life easier for development, operations, and IT leaders by solving the database challenges in delivering software at speed.
ContinuousX Podcast: Episode 11 — Featuring D2IQ – June 16, 2021. Length: 33:19
During this podcast episode, you’ll hear about why DLT picked D2iQ to be a significant technology provider for the Secure Software Factory. Hear how D2iQ is providing secure, enterprise-grade, multi-tenant Kubernetes environments for public sector agencies while maintaining continuous monitoring across multi and hybrid clouds.
ContinuousX Podcast: Episode 12 — Feat. Cornerstone Technical – June 23, 2021. Length: 21:35
During this podcast episode, you’ll hear about why DLT works with valued service providers like Cornerstone Technical to evangelize and implement the Secure Software Factory. Hear Jared Patrick discuss the critical componentry, best practices, and technology used to promote hygienic workloads using a software supply chain mentality within a DevOps culture.
ContinuousX Podcast: Episode 13 — Feat. Kevin Greene, Parasoft, Part 1 – August 16, 2021. Length: 9:55
Join DLT for the first of a two-part series with our guest, Kevin Greene, who is Director of Security Solutions at Parasoft. In this first episode, we get to know Kevin better by hearing his background and experience identifying innovative automated testing technology and its important role in the DevSecOps cultural transformation. Since testing is such an enormous topic to explore, we had to break it into two parts!
ContinuousX Podcast: Episode 13 — Feat. Kevin Greene, Parasoft, Part 2 – September 9, 2021. Length: 16:59
Join DLT for the second of a two-part series with our guest, Kevin Greene, Director of Security Solutions at Parasoft. In the first episode, we got to know Kevin better by hearing his background and experience identifying innovative automated testing technology and its important role in the DevSecOps cultural transformation. Since testing is such an enormous topic to explore, we had to break it into two parts!
ContinuousX Podcast: Episode 14 — Feat. Clinton Herget, Snyk – October 15, 2021. Length: 24:12
Why is knowing what is in your software important to DevSecOps and continuous software development and deployment? Listen to Clinton Herget, Principal Federal Solutions Engineer at Snyk, describe the importance of knowing your ingredients to your software workloads enhances software quality and how the public sector is providing compliance guidelines to assist with enhancing software supply chains.
ContinuousX Podcast: Season 2, Episode 1 - Feat. Kaitlin Bulavinetz – January 14, 2022. Length: 8:32
Join us on a new season of DLT's ContinuousX Podcast with Kaitlin Bluavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force where we discuss overcoming DevSecOps cultural challenges.
ContinuousX Podcast: Season 2, Episode 2 - Feat. Kaitlin Bulavinetz – January 31, 2022. Length: 7:12
Join us as we continue our discussion on DLT’s ContinuousX Podcast with Kaitlin Bulavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force. Today we discuss the USAF's new approach to a Continuous Authority to Operate (cATO).
ContinuousX Podcast: Season 2, Episode 3 - Separation of Duties Coexisting Within DevSecOps – February 14, 2022. Length: 12:09
Join us as we take on the Separation of Duties principles and its ability to exist within a DevSecOps culture, in our head-to-head point-counterpoint style discussion.
ContinuousX Podcast: Season 2, Episode 4 - Improvising Provisioning with USAF's Kaitlyn Bulavinetz – February 23, 2022. Length: 6:30
Join us as we conclude our discussions on DLT's ContinuousX Podcast with Kaitlin Bluavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force. Today we look at improving the provisioning processes to meet the accelerated pace within the US Air Force.
ContinuousX Podcast: Season 2, Episode 5 - On the DevSecOps Mission with Kessel Run’s James Edmonds – March 14, 2022. Length: 8:14
Join us as we discuss Kessel Run's DevSecOps mission on DLT's ContinuousX Podcast with James Edmonds, Project Manager for Kessel Run's Dagr application.
ContinuousX Podcast: S2 E6: On the Joy of DevSecOps with Kessel Run’s James Edmonds – March 25, 2022. Length: 11:28
Join us as we discuss the joy of working with DevSecOps and Kessel Run's unique culture and working environment on DLT’s ContinuousX Podcast with James Edmonds, Project Manager for Kessel Run’s DAGR application.
ContinuousX Podcast: Season 2 Episode 7 - On Kessel Run's Insights with James Edmonds – April 5, 2022. Length: 8:46
Join DLT’s ContinuousX Podcast on our concluding episode with James Edmonds, Project Manager for Kessel Run's DAGR application, as he shares insights from Kessel Run's operational successes and from overcoming their challenges with DevSecOps principles.
ContinuousX Podcast: Season 2, Episode 8 - On Modernizing Monolithic Applications in the Public Sector – April 21, 2022. Length: 17:23
Join DLT's ContinuousX Podcast team as we share thoughts on modernizing monolithic applications in the public sector.
ContinuousX Podcast: Season 2, Episode 9 - With Cliff Berg on Agile 2: The Next Iteration of Agile – May 9, 2022. Length: 19:58
Today we welcome a special guest, Cliff Berg, co-author of the book Agile 2: The Next Iteration of Agile, as we discuss his work and why he and his fellow Agilists decided that it was time to pivot to Agile 2.
ContinuousX Podcast: Season 2 Episode 10 - With Cliff Berg on Agile 2: The Next Iteration of Agile – May 19, 2022. Length: 10:49
Today we welcome a special guest, Cliff Berg, co-author of the book Agile 2: The Next Iteration of Agile, as we discuss his work and why he and his fellow Agilists decided that it was time to pivot to Agile 2.
ContinuousX Podcast: Season 2 Episode 11 - With Cliff Berg on Agile's Unintended Consequences – June 6, 2022. Length: 10:49
Today we're continuing our in-depth discussions on Agile 2: The Next Iteration of Agile, with our special guest and co-author, Cliff Berg. Today we finish last episode’s discussion with further bits of truth, gemba walking and data architecting in an agile way.
ContinuousX Podcast: Season 2 Episode 12 - With Cliff Berg on Agile Challenges in the Public Sector – June 16, 2022. Length: 18:43
We conclude our conversations with special guest Cliff Berg, co-author of Agile 2: The Next Iteration of Agile, focusing on public sector challenges and viewing software as a living organism.
ContinuousX Podcast: Season 2 Episode 13 - With Cliff Berg on Agile Challenges in the Public Sector – July 1, 2022. Length: 8:42
On this episode, Rick Stewart and I discuss the controversial term of NoOps with our DLT Solutions colleague, friend and Application Lifecycle Sales Manager, Jason Quattlebaum.
ContinuousX Podcast: Season 2 Episode 14 - On NIST’s Secure Software Development Framework (SSDF) – August 10, 2022. Length: 13:00
On this episode, Jason Quattlebaum, Rick Stewart and Mike Fitzurka discuss NIST’s Secure Software Development Framework (SSDF) and how it compares with DLT’s Secure Software Framework (SSF).
ContinuousX Podcast: S2 E15 — With Google's Jamie Duncan on the Benefits of Kubernetes – August 29, 2022. Length: 12:38
On this episode, Rick Stewart and Mike Fitzurka are joined by Jamie Duncan, friend, colleague, and Google Engineer as we discuss the benefits of Kubernetes for application modernization efforts.
ContinuousX Podcast: S2 E16 — With Google's Jamie Duncan on the Pluggable Design of Kubernetes – September 9, 2022. Length: 9:15
On this episode, Rick Stewart and Mike Fitzurka continue our Kubernetes discussion with Jamie Duncan, Google Cloud Engineer, on the design goals of Kubernetes, how it can be extended in both good and weird ways, and on whether you should really do-it-yourself.
ContinuousX Podcast: S2 E17 — With Google’s Jamie Duncan on the Right Modernization Mindset – September 26, 2022. Length: 14:57
On this episode, our guest Jamie Duncan, Google Cloud Engineer, joins Rick Stewart and Mike Fitzurka to discuss the right mindset when modernizing by focusing on ROI and not (necessarily) the fads, and why it is more important than ever to find out what is hiding inside your VMs in order to right-size them for the cloud.