Dec 05 2023
Software

Defense Agencies Turn to Platform Engineering to Accelerate DevSecOps

The Air Force’s Platform One, Navy’s Black Pearl and Army’s Futures Command lead the way in boosting development.

To deliver cutting-edge capabilities, the military needs to bring new applications to warfighters quickly and effectively. To that end, Department of Defense branches have leaned heavily into DevSecOps, a practice that encourages collaboration among development, security and operations organizations to speed software production.

But the talents needed to inform the DevSecOps pipeline aren’t always readily available. That pipeline “requires certain skills, such as Kubernetes, cloud scalability, creating specific containerizations,” says Hasan Yasar, technical director for continuous deployment of capability at the Carnegie Mellon University Software Engineering Institute.

“It is very difficult because we cannot get everybody to be experts in containers. We cannot get everybody to be experts in such complex systems,” he says.

To close the gap, the military is looking increasingly to platform engineering. This foundational approach turns the software factory from a startup-like project to a fine-tuned machine — freeing developers to focus on code and driving a more consistent end product.

Click on the banner to find out more about platform engineering.

Air Force’s Platform One Curates DevSecOps Tools

The U.S. Air Force established Platform One to bring platform engineering to life. P1 accelerates mission advantage by providing a secure, centralized software development and delivery platform, a suite of tools and training.

Lt. Col. Brian Viola, P1 materiel leader, describes the approach as vital to the modern military effort. “Today, software developers face an enormously complex set of technologies to securely develop and operate software at enterprise scale,” he says.

Platform engineering improves the software developer experience by making readily available the tools and infrastructure required for application development,” he adds.

But traditional timelines for developing a new capability can be as long as months to years; Viola says that’s not fast enough to meet today’s rapidly changing modern mission requirements.

To speed production, P1 delivers platform engineering via a curated set of DevSecOps capabilities that developers can use to deploy software quickly.

EXPLORE: Improved cybersecurity logging gives agencies better network visibility.

P1 offers secure tools through its Iron Bank, a hardened container image repository; Docker and Prisma Cloud are among them. “Then we leverage Infrastructure as Code and Configuration as Code” through a value stream the Air Force calls Big Bang, Viola says.

“The integration and orchestration of the hardened containers from Iron Bank within a Kubernetes cluster provide the platform for software developers to develop, secure and operate,” he adds.

P1’s offerings can be readily repurposed from one DevSecOps project to another. “This reusability lowers potential misconfigurations,” he says. This accounts for many software vulnerabilities and also saves the organization from having to reinvent the wheel each time it launches a new project.

In addition, P1 offers a managed Platform as a Service known as Party Bus — a secure, multitenant and multiclassification environment for development, staging and production.

With the Party Bus managed environment, “a software team can quickly deliver security-approved software applications to the warfighter within several weeks instead of years,” Viola says.

“Party Bus provides an all-encompassing platform product including a service desk and a platform operations team, so that software developers can just focus on the software that brings value to the warfighter.”

Platform Sidebar

 

Black Pearl Supports Navy DevSecOps Teams

The U.S. Navy’s version of platform engineering — the Black Pearl initiative —brings together defense industry, business, government and academic expertise to deliver “a portfolio of DevSecOps products and services that support modern software development and delivery,” according to a Navy white paper.

As a platform solution, “Black Pearl’s common software environment provides commoditized DevSecOps tooling and pipeline component templates, integration infrastructure and compute. Together, these enable fast, cost-effective standup of software factories,” the Navy notes.

Technology experts say this is just the kind of approach the military needs in today’s highly competitive environment.

“You could argue that platform engineering is the tactical next step to help a mature DevOps team work more efficiently,” says James Stanger, chief technology evangelist at CompTIA.

“The promise of platform engineering is that it provides a centralized set of tools, application programming interfaces, workflows and templates for developers to use as they follow DevOps best practices.”

When done right, this approach provides consistency. “Developers can use the same tools, for example,” Stanger says. “A well-established platform can help enforce best practices and make sure folks are following a secure software development lifecycle.”

Col. Brian Viola
Platform engineering improves the software developer experience by making readily available the tools and infrastructure required for application development.”

Col. Brian Viola Platform One Materiel Leader, U.S. Air Force

How the Army Is Looking to Simplify Platform Engineering

The Army is following a similar path as it delivers platform engineering through the Army Futures Command Software Factory.

The overall mission of Futures Command is to provide solutions to technical problems “in as close to real time as possible. And software seems to be at the heart of most technical problems these days,” says AFC Software Factory Director Col. Vito Errico.

DevSecOps can accelerate change, but it presents challenges. For example, most military stakeholders “are used to the more traditional model where security comes last, where the fusion with DevOps is just not there,” Errico says.

“You want to make it easy for the end users to give you feedback on whatever you're showing them. But it can get confusing externally, translating the security piece across the larger enterprise,” he says.

That confusion in turn can roil the development process, slowing things down and introducing a chaotic element to the endeavor.

EXPLORE: Platform One helps the Air Force find skilled workers to keep software factories running.

Platform engineering helps address this in part by bringing a common set of technologies to the table. That includes “everything on the security side for static and dynamic code analysis, pipeline-triggering tools,” Errico says. “It includes simple things like version control, basic product management tools, workload tracking as well as visualization and collaboration tools.”

With these common elements, he adds, the platform approach “serves to simplify a process that can feel esoteric to others.”

In pursuing platform engineering, the military is right in step with industry standards. Gartner expects that by 2026, 80 percent of software engineering organizations will “establish platform teams as internal providers of reusable services, components and tools for application delivery.”

Platform engineering promises not only to speed software delivery but also to ensure a more secure end product. That’s crucial in today’s adversarial cyber environment.

“If the adversary can invest hundreds of thousands of dollars to subvert a million-dollar system, that's a great investment for them,” the Air Force’s Viola says. With platform engineering, “we're trying to flip that.”

2017

The year DOD stood up its first software factory, the Air Force’s Kessel Run

Source: U.S. Air Force
Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.