Agile Ops as a Path to Modernization

By Jessica Parks, Analyst

The word “agile” is everywhere now, describing everything from cloud technology to team dynamics. Beginning as an innovative method of software development, agile has expanded to describe projects, solutions, teams and workflows.

As government agencies look to update legacy systems, there is an increasing recognition that modernization encompasses not only updates in technology, but also improvements in how projects are developed and delivered. Here are examples of how federal agencies are applying the agile concept and how technology vendors can insert themselves in upcoming opportunities.

In the world of government IT, agile refers to a software development or project management method which aims to be faster, more customer-centric and more responsive to sudden changes than traditional methods. (If you want to further explore the basic premise of “agile,” GSA has published a comprehensive set of FAQs.) What is most noteworthy about the presence of agile development in government IT is that it represents a significant change in mindset. The government is realizing that efficiency, responsiveness and scalability are often the best ways to stay on top of rapid technological changes.

Several federal agencies have written or are writing agile ops into their requirements. For example, TSA is gearing up to release an official solicitation in August for a 7-year BPA dedicated to agile development methods, nicknamed FAST. The BPA focuses on modernizing legacy systems through continuous and consistent solution delivery. Vendors should focus on how to facilitate the transition, as well as how to provide support throughout the solution development lifecycle.

Agencies are also incorporating agile ops into their technology strategies. At HHS, CMS laid out its own strategy for agile development in 2017, deeming it crucial for quality project delivery. The guidelines emphasize customer satisfaction and transparent decision-making. Emphasizing your specific approach for project management or offering project management tools that will facilitate agile ops could help you stand out from the pack at CMS.

The government is also using agile ops to explore innovative ways of solving problems. A notable example is The Opportunity Project established by the Census Bureau, which brings together IT specialists from different sectors to utilize agile development to build data management tools for a variety of government agencies. The broad nature of this opportunity means there are multiple points of insertion. Involve your technical team early in projects which can showcase the strengths of your solution.

If you’re a vendor and the word “agile” has caught your eye in an RFQ, you’ll first want to understand the context. In addition to hiring vendors for agile development projects, agencies are also seeking tools and professional coaching to develop their own internal agile capabilities. If you are looking at training opportunities, consider what specific agile methods you have experience in, such as scrum. In terms of products, workflow management software and cloud-based solutions are a natural fit.

As federal agencies face increasing pressure to modernize, the development of adaptable, user-friendly and efficient systems is critical to success. Focusing on how your service or solution facilitates teamwork and delivers a great user experience will help agencies tackle their modernization goals.

 

Keep on top of the most recent trends in government IT. Subscribe to immixGroup’s Government Sales Insider blog.

The 6th Annual Government IT Sales Summit will be taking place in Reston, Virginia on November 21. Details here.

New Security Requirements Coming to DOD Acquisition in 2020

Lloyd McCoy Jr.Cyber security network concept. Master key connect virtual networking graphic and blur laptop with flare light effectBy Lloyd McCoy, Market Intelligence Manager

Starting next summer, anyone selling IT to the Department of Defense will need to be certified by the Cybersecurity Maturity Model Certification (CMMC) in order to compete for contracts.

The CMMC is a set of security standards that will start appearing in RFIs in June 2020 and will apply to all defense acquisitions by September. The CMMCs will represent security maturity levels and will have five levels, each with their associated security controls and processes. Level 1 will likely be like what we consider basic hygiene, with Level 5 describing the very best in security practices. The level needed will depend on the contract and will be used to determine whether a vendor makes the cut. Details on what each of the levels contain are scant right now but expect more information in the coming months as the Department collects public feedback. Read more of this post

2019 Federal Data Strategy: Prioritizing Data as a Strategic Asset

By Toné Mason, Senior Analyst

In June of 2019, an update to the Federal Data Strategy was released including the final Principles and Practices and draft Year-1 Action Plan. The final Year-1 Action Plan is anticipated to be released in September.

Vendors should understand what’s in the plan and make sure they adapt their sales strategies and messaging to address the new plan goals:

  1. Enterprise Data Governance – The federal government needs to have a plan for how to best protect their data. This includes the formation of data policies, data protection strategies and a way to monitor for compliance. Quality and integrity of data will need to be protected and monitored as best as possible.
  2. Access, Use and Augmentation – Ensuring continuous and reliable access to data will be vital. Additionally, it will be key to make the visualization of data as user-friendly as possible and ensure that proper information silos are in place, whether for an application for the public or for soldiers on the ground.
  3. Decision Making & Accountability – There are vast amounts of diverse types of data currently not being utilized. Preparing this data to be consumed can be extremely challenging. Transforming this data into actionable, real-time intelligence to inform decision making is the end goal and is even more challenging.
  4. Commercialization, Innovation and Public Use – Making federal data assets available to external stakeholders in an easy-to-use format is a key priority. This will facilitate the creation of new applications where advanced technologies and visualization techniques can be applied to transform the data into useful, consumable information for a wide range of use cases.

Read more of this post

CBP Plans Its Move to the Cloud

Tom O'Keefe

By Tom O’Keefe, Consultant

Customs and Border Protection (CBP) recently released an RFI seeking industry input on a comprehensive cloud solution that may lead to an RFP later this year or in early 2020. Cloud is a big topic of conversation at federal agencies, but right now, its bark is much larger than its bite. We can expect that to change over the next few years. As this new RFI shows us, agencies are looking to transition significant portions of their environment to the cloud. While traditional IT delivery models may still hold their value, cloud is the future.

CBP is the largest component within the Department of Homeland Security, and how it manages cloud may be indicative of how some of the smaller DHS agencies may also do so. Kshemendra Paul, DHS’s cloud officer, has indicated that only 10% of DHS applications are currently in the cloud. Another 30% are in process or are slated to move to the cloud. Most of what has already been migrated are easy-to-migrate applications like email. Large, mission-critical applications are still being hosted on premise and are likely to be the last of the applications to migrate. CBP will likely use the contract that results from this RFI to accomplish this migration.

Read more of this post

States Improving Cybersecurity Posture Through NGA Partnership

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

Spending Bills Provide Clues to NEW Federal Money

Tom O'Keefe

By Tom O’Keefe, Consultant

While there’s been political grandstanding around agency funding in the last few years, the current Democratic-led House committee is steadily advancing spending bills so that the full House can vote on them. Hopefully they’ll be sent to the Senate with plenty of time for negotiations, so they are on the President’s desk no later than October 1, 2019 (the start of FY20).

It looks like the House will be pushing several minibuses, or packages of spending bills, to the full floor over the next few weeks. In most cases these bills are significantly higher than the administration’s request, so agencies won’t be as cash strapped as they have the last few years.

While appropriations bills aren’t the best places to go hunting for opportunities, they do sometimes provide us some clues to new programs and initiatives starting up at agencies. Technology vendors might want to keep on top of these:
Read more of this post

DHS CISO Talks About Authentication, Supply Chain and Internet Regulation

By Lloyd McCoy, Market Intelligence ManagerLloyd McCoy Jr.

At a recent immixGroup vendor demo day, Paul Beckman, CISO at the Department of Homeland Security, touched on several technological challenges and frustrations that concern him – topics ranging from patching to supply chain risk to the inevitability of security regulations surrounding the internet.

“I want to get out of the patching business,” Beckman noted, asking, “why can’t I go to automatic updates?” “I don’t understand why we’re still relying on the selected pushing of patches,” he continued. A decade ago a service patch might have created the “blue screen of death” on machines, Beckman said, so that even today, “the ops side of the house is telling me, ‘what are we going to do if we get a bad patch?’”

“My response to them is that restore capability has matured greatly in the last decade. Something goes bad in the machine, push a button, you’re back to where you were at midnight last night.” Beckman added that technology has advanced to the point where the bad patch argument can be discounted and end points can go to automatic patching.
Read more of this post

%d bloggers like this: