By: Abby Kearns, for Cloud Foundry Foundation
IT development in the federal government has earned its reputation for being a painfully slow process but Cloud.gov, the government’s cloud application platform, is helping to change that by standardizing the application lifecycle and helping to document it every step of the way.
The need to document the entire stack of an IT solution in the federal government can run up to 1,000 pages, and that process requires in depth knowledge of thousands of pages of regulations, laws and risk management policies.
Typically, federal agencies have compliance experts who must review this documentation and grant approval or request changes. This can take six to 14 months to get authority to operate (ATO), and then you still need to deploy the application.
The result is that development teams spend the majority of their time navigating compliance to get ATO, and minimal time actually developing software and services.
These delays are a drag on morale and momentum, and also can make it very difficult to recruit and retain developer talent that has the option of working in the private sector with much faster iterative and deployment cycles.
GSA’s 18F digital consultancy developed Cloud.gov when it realized most agencies were facing the same set of challenges in meeting a host of mandates to modernize and streamline IT, in particular through the use of cloud solutions.
18F opted for an open source solution due to difficulties among vendors when working with the federal government, explained 18F’s Bret Mogilefsky at a recent conference for Cloud Foundry, the open source platform on which Cloud.gov is based.
The core of cloud.gov is a Platform as a Service built specifically for government work. The customer team is responsible for their own product’s code, and the cloud.gov platform handles the security and maintenance of everything underneath. It’s built to keep applications online even with large numbers of users and sharp increases in usage.
Cloud.gov is a secure, fully compliant PaaS that helps federal agencies deliver services in a faster, more user-centric way. It also empowers development teams to focus on products that serve their agency’s mission, without needing to manage the underlying server infrastructure.
Further, Cloud.gov has “built-in compliance support to help create the documentation and continuing assurance necessary for federal services to comply with FISMA regulations and agency-specific ‘Authority to Operate’ (ATO) requirements,” states the cloud.gov website.
Compliance should be lightweight and incremental, not a time-consuming process that negatively impacts developers’ morale and innovation and prevents the government from retaining top talent.
“Developers should have high confidence when entering the compliance process,” Mogilefsky added. “Cloud.gov helps agencies imagine how things can be easier and lets us demonstrate how easily they can shift their culture to be more agile.”