Software

PaaS Provides a Solid Foundation for FCC and DISA IT Infrastructures

Platform as a Service has become increasingly common in federal IT environments.

Erin Cunningham is a writer and editor based in Maryland with experience writing about state and local government, education, technology and more.

Platform as a Service isn’t always needed when agencies modernize applications — but if you lack staff and resources, it’s an incredibly useful tool.

Take the case of the Air Mobility Command, part of the Department of Defense’s Transportation Command. The AMC recently leveraged the DoD Cloud Infrastructure as Code baseline, a service that the website for the Defense Information Systems Agency's Hosting and Compute Center website says can generate “preconfigured, preauthorized, Platform as a Service (PaaS) focused environments.”

With the help of the PaaS environment, AMC built and deployed its Blue Heron Command and Control application in just 16 days with only three full-time equivalent workers. The application supported the evacuation of Americans and Afghans from Afghanistan this summer as part of Operation Allies Refuge.

“The implication for DOD is huge,” says David Lago, product owner for the DOD Cloud IaC project. “Mission owners can save money, reduce deployment timelines and focus on what really matters: modernizing their mission applications to enable the warfighter.”

Click the banner below to get access to a customized content experience and exclusive articles.

Increasingly, federal agencies are integrating Platform as a Service into their infrastructures to track and manage processes, deploy apps rapidly and improve IT efficiency.

A May survey by market research firm IDC found that 73 percent of federal government IT decision--makers report their agencies are using PaaS, with an additional 20 percent having firm plans to implement it in the next year.

“PaaS offerings account for the core of today’s modern application platforms,” says Adelaide O’Brien, research director of government digital transformation strategies at IDC.

PaaS removes the need for organizations to manage the underlying infrastructure — typically, hardware and operating systems — and allows agency employees who are developing and managing applications to focus on that, she says.

Platform as a Service technology allows the client not to have to worry about the technology or the infrastructure. It helps agencies focus on the mission, not the IT aspect of it.”

Francisco Salguero Former CIO, Federal Communications Commission

The solution provides integrated services organized around the tasks of application development and management, application deployment, code testing, quality, application lifecycle, data management, business process management and integration.

Former Federal Communications Commission CIO Francisco Salguero, who has more than 25 years of experience in IT, says his former agency’s adoption of the ServiceNow PaaS in 2019 led to efficiencies, including infrastructure and maintenance. He has also worked in other agencies, including the U.S. Department of Agriculture, that relied on PaaS.

The FCC recently renewed a contract that provided the agency with a ServiceNow PaaS for the next five years.

“The benefits rely on the fact that Platform as a Service technology allows the client not to worry about the technology or the infrastructure,” Salguero says. “It helps agencies focus on the mission, not the IT aspect of it.”

The Next Iteration of Cloud Computing

DISA has used PaaS offerings such as Azure Database and Amazon Relational Database Service for years, but adoption is not yet mainstream, Lago says.

“I think of PaaS services as Cloud 2.0,” he says. “Currently, most U.S. Department of Defense customers are doing Cloud 1.0, using Infrastructure as a Service virtual machines, where the model looks a lot like what we do in data centers today.

“We harden an operating system, install host security, integrate middleware, connect to vulnerability scanning, etc. In Cloud 2.0, we transition much of that work to the cloud service providers themselves.”

A customer can get from Cloud 1.0 to 2.0 in a few ways, he says: The apps can be rehosted in a PaaS service; the apps may have to be refactored to operate within a container, and then the agency can use a managed container; or the apps can be rebuilt to use more serverless technologies.

Lago says the cloud service providers are responsible for patching, middleware integration and the majority of hardening. In general, it takes about 15 weeks to complete this process, and to connect host security and vulnerability scanning solutions.

“It’s not a one-time cost,” he says. “The images constantly need to be patched, and the security technical implementation guides are updated on a quarterly basis. The benefit, however, is that customers can then deploy capabilities to production faster, and with smaller teams.”

Lago says PaaS supports a variety of DOD missions, including top-secret workloads.

“At the Hosting and Compute Center, we maintain baselines via the DoD Cloud Infrastructure as Code, which provides preapproved templates to help customers take advantage of these PaaS services and can take seven months off the typical cloud journey,” he says.

Lago, an IT practitioner in the DOD and federal space for more than 20 years, thinks the biggest selling point for PaaS is tapping into the innovation from the cloud service providers, which are constantly adding new services.

PaaS managed services exist to support containers, database hosting, serverless computing, artificial intelligence and machine learning, Internet of Things, quantum computing, data lakes and content hosting. “If you can think of it,” Lago says, “there probably is a managed service available or coming soon.”

He constantly checks to see which providers have received a DISA provisional authorization. “It’s a little bit like a wish list,” he says.

smartboy10/Getty Images