Click here to close now.




















Welcome!

Microservices Expo Authors: Pat Romanski, Tim Hinds, Liz McMillan, Roger Strukhoff, Elizabeth White

Related Topics: Containers Expo Blog, Microservices Expo, @CloudExpo, Cloud Security, Government Cloud

Containers Expo Blog: Blog Post

Public-Private Information Sharing and Lessons for the Government CIO/CTO

Direct interaction is best for these long term trust based relationships

Public-Private Information Sharing, or a varient of that concept, has been a part of federal government strategic plans for as long as I can remember. Every cyber security related study I know of, including the famous 1966 President’s Commission on Critical Infrastructure Protection, has made public-private information sharing a key strategy.  Federal agencies and studies have made important suggestions regarding public-private information sharing part of most every major IT study.  I’ve seen this type of information sharing work very well, but as a technologist I’ve also seen a need for (and urged) improvements to the model.

For example, too frequently the way government executives are forced to do public-private information sharing is through processes that flow from the Federal Acquisition Regulations (FAR).  The FAR mandates market assessments and surveys to be done in ways that do not give one company an unfair advantage over another. This is smart of course, but results in some industrial age information gathering that is not very timely.

Federal technologists also do quite a bit of direct coordination with industry to learn and they do this under the watchful eye of procurement executives to make sure this is all above board, and this sort of coordination with industry technologists is absolutely critical to the smooth functioning of federal enterprises. The executives in DC who make trips to Silicon Valley or great hubs of innovation like Boston or Raleigh or Boulder (home of WayIn) come back with information that can help their strategic planning and this sort of public-private info exchange also helps industry know important things about government mission needs.

But too frequently government is tempted to just ask their local industry reps for info and advice on the future of technology. This is still public-private info sharing, and when budgets get tight is can be incredibly cost effective to just turn to a favored federal systems integrator that you already have on contract and ask them questions and consider this your public-private information exchange. There are many great integrators in the DC area and I know and love them but this is not optimal long term, since most integrators serving government become captured by government and talking to them is almost like talking to yourself.

There are also many non profit collegial organizations and consortia in the federal space that government frequently turns to for public-private information sharing and coordination.  These include many great organizations that I volunteer time with, like the Intelligence and National Security Alliance (INSA), the Armed Forced Computer and Electronics Association (AFCEA), and the National Defense Industrial Association (NDIA).  I volunteer with these groups because I love them and strongly support the positive change they make in the world. But when government turns to these groups for their public-private information exchange it is sub-optimized. They are full of people like me, former government executives who might be easy to talk with but who might not be as up to date with the best information industry has to offer.

Some lucky few government technologists get to interact with In-Q-Tel, a collective of very savvy technology and business professionals who absolutely master the art of surveying industry for best technology. The entire government would be well served if this model were replicated for all. But for now In-Q-Tel cannot serve the entire federal space. And it also serves mostly in the new technology space, not in areas like process, procedure and lessons learned exchanges. In-Q-Tel is only part of a solution.

I always recommend to government friends that they make the most of the great resources American industry has to offer and that includes learning from locals in the DC ecosystem but should also include a program of focused interaction with others far from DC.  You will make great friends doing this and the connections you make can turn into long term trust-based relationships that can help both the government and American industry advance.  Time is precious to all of us, so government executives need to plan how this is done wisely, but periodic visits to the champions of industry like Oracle, Microsoft, IBM, Apple, HP, VMware, EMC, Cloudera, Cleversafe, Terracotta, AT&T and the great Venture Capital and Private Equity firms for reviews of their portfolios are critically important. I’ve also been so fortunate in my career to have spent time with chip makers, security firms, and even great institutions like Disney. It is all a learning experience.

Direct interaction is best for these long term trust based relationships, but when that is hard you can also meet industry online. One great place to do that is through venues like the Enterprise CIO Forum. Since this is a forum backed by CXO Media (the parent company of CIO magazine) it is a well resourced venue that includes a world class community manager (John Dodge).  If you are a CTO or CIO in the federal space you probably already read CIO Magazine. Why not join the Enterprise CIO Forum to interact directly with people from outside the federal ecosystem?

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.

@MicroservicesExpo Stories
Approved this February by the Internet Engineering Task Force (IETF), HTTP/2 is the first major update to HTTP since 1999, when HTTP/1.1 was standardized. Designed with performance in mind, one of the biggest goals of HTTP/2 implementation is to decrease latency while maintaining a high-level compatibility with HTTP/1.1. Though not all testing activities will be impacted by the new protocol, it's important for testers to be aware of any changes moving forward.
Public Cloud IaaS started its life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in adop...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at @DevOpsSummit, Haseeb Budhani, CEO and Co-founder of Soha, shared five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the friction an...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
JavaScript is primarily a client-based dynamic scripting language most commonly used within web browsers as client-side scripts to interact with the user, browser, and communicate asynchronously to servers. If you have been part of any web-based development, odds are you have worked with JavaScript in one form or another. In this article, I'll focus on the aspects of JavaScript that are relevant within the Node.js environment.
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affect t...
This week, I joined SOASTA as Senior Vice President of Performance Analytics. Given my background in cloud computing and distributed systems operations — you may have read my blogs on CNET or GigaOm — this may surprise you, but I want to explain why this is the perfect time to take on this opportunity with this team. In fact, that’s probably the best way to break this down. To explain why I’d leave the world of infrastructure and code for the world of data and analytics, let’s explore the timing...
Countless business models have spawned from the IaaS industry. Resell Web hosting, blogs, public cloud, and on and on. With the overwhelming amount of tools available to us, it's sometimes easy to overlook that many of them are just new skins of resources we've had for a long time. In his General Session at 16th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, broke down what we've got to work with and discuss the benefits and pitfalls to discover how we can best use them to d...
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at DevOps Summit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Microservices are hot. And for good reason. To compete in today’s fast-moving application economy, it makes sense to break large, monolithic applications down into discrete functional units. Such an approach makes it easier to update and add functionalities (text-messaging a customer, calculating sales tax for a specific geography, etc.) and get those updates / adds into production fast. In fact, some would argue that microservices are a prerequisite for true continuous delivery. But is it too...
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Puppet Labs has published their annual State of DevOps report and it is loaded with interesting information as always. Last year’s report brought home the point that DevOps was becoming widely accepted in the enterprise. This year’s report further validates that point and provides us with some interesting insights from surveying a wide variety of companies in different phases of their DevOps journey.
"ProfitBricks was founded in 2010 and we are the painless cloud - and we are also the Infrastructure as a Service 2.0 company," noted Achim Weiss, Chief Executive Officer and Co-Founder of ProfitBricks, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Node.js is an open source runtime environment for server-side and network based applications. Node.js contains all the components needed to build a functioning website. But, you need to think of Node.js as a big tool box. As with any other art form, going to the tool box over and over to perform the same task is not productive. The concept of tool reuse is used in all forms of artistry and development is no exception.
One of the ways to increase scalability of services – and applications – is to go “stateless.” The reasons for this are many, but in general by eliminating the mapping between a single client and a single app or service instance you eliminate the need for resources to manage state in the app (overhead) and improve the distributability (I can make up words if I want) of requests across a pool of instances. The latter occurs because sessions don’t need to hang out and consume resources that could ...
What we really mean to ask is whether microservices architecture is SOA done right. But then, of course, we’d have to figure out what microservices architecture was. And if you think defining SOA is difficult, pinning down microservices architecture is unquestionably frying pan into fire time. Given my years at ZapThink, fighting to help architects understand what Service-Oriented Architecture really was and how to get it right, it’s no surprise that many people ask me this question.
The Internet of Things. Cloud. Big Data. Real-Time Analytics. To those who do not quite understand what these phrases mean (and let’s be honest, that’s likely to be a large portion of the world), words like “IoT” and “Big Data” are just buzzwords. The truth is, the Internet of Things encompasses much more than jargon and predictions of connected devices. According to Parker Trewin, Senior Director of Content and Communications of Aria Systems, “IoT is big news because it ups the ante: Reach out ...
Cloud Migration Management (CMM) refers to the best practices for planning and managing migration of IT systems from a legacy platform to a Cloud Provider through a combination professional services consulting and software tools. A Cloud migration project can be a relatively simple exercise, where applications are migrated ‘as is’, to gain benefits such as elastic capacity and utility pricing, but without making any changes to the application architecture, software development methods or busine...