|By Bob Gourley||
|November 27, 2012 10:00 AM EST||
Public-Private Information Sharing, or a varient of that concept, has been a part of federal government strategic plans for as long as I can remember. Every cyber security related study I know of, including the famous 1966 President’s Commission on Critical Infrastructure Protection, has made public-private information sharing a key strategy. Federal agencies and studies have made important suggestions regarding public-private information sharing part of most every major IT study. I’ve seen this type of information sharing work very well, but as a technologist I’ve also seen a need for (and urged) improvements to the model.
For example, too frequently the way government executives are forced to do public-private information sharing is through processes that flow from the Federal Acquisition Regulations (FAR). The FAR mandates market assessments and surveys to be done in ways that do not give one company an unfair advantage over another. This is smart of course, but results in some industrial age information gathering that is not very timely.
Federal technologists also do quite a bit of direct coordination with industry to learn and they do this under the watchful eye of procurement executives to make sure this is all above board, and this sort of coordination with industry technologists is absolutely critical to the smooth functioning of federal enterprises. The executives in DC who make trips to Silicon Valley or great hubs of innovation like Boston or Raleigh or Boulder (home of WayIn) come back with information that can help their strategic planning and this sort of public-private info exchange also helps industry know important things about government mission needs.
But too frequently government is tempted to just ask their local industry reps for info and advice on the future of technology. This is still public-private info sharing, and when budgets get tight is can be incredibly cost effective to just turn to a favored federal systems integrator that you already have on contract and ask them questions and consider this your public-private information exchange. There are many great integrators in the DC area and I know and love them but this is not optimal long term, since most integrators serving government become captured by government and talking to them is almost like talking to yourself.
There are also many non profit collegial organizations and consortia in the federal space that government frequently turns to for public-private information sharing and coordination. These include many great organizations that I volunteer time with, like the Intelligence and National Security Alliance (INSA), the Armed Forced Computer and Electronics Association (AFCEA), and the National Defense Industrial Association (NDIA). I volunteer with these groups because I love them and strongly support the positive change they make in the world. But when government turns to these groups for their public-private information exchange it is sub-optimized. They are full of people like me, former government executives who might be easy to talk with but who might not be as up to date with the best information industry has to offer.
Some lucky few government technologists get to interact with In-Q-Tel, a collective of very savvy technology and business professionals who absolutely master the art of surveying industry for best technology. The entire government would be well served if this model were replicated for all. But for now In-Q-Tel cannot serve the entire federal space. And it also serves mostly in the new technology space, not in areas like process, procedure and lessons learned exchanges. In-Q-Tel is only part of a solution.
I always recommend to government friends that they make the most of the great resources American industry has to offer and that includes learning from locals in the DC ecosystem but should also include a program of focused interaction with others far from DC. You will make great friends doing this and the connections you make can turn into long term trust-based relationships that can help both the government and American industry advance. Time is precious to all of us, so government executives need to plan how this is done wisely, but periodic visits to the champions of industry like Oracle, Microsoft, IBM, Apple, HP, VMware, EMC, Cloudera, Cleversafe, Terracotta, AT&T and the great Venture Capital and Private Equity firms for reviews of their portfolios are critically important. I’ve also been so fortunate in my career to have spent time with chip makers, security firms, and even great institutions like Disney. It is all a learning experience.
Direct interaction is best for these long term trust based relationships, but when that is hard you can also meet industry online. One great place to do that is through venues like the Enterprise CIO Forum. Since this is a forum backed by CXO Media (the parent company of CIO magazine) it is a well resourced venue that includes a world class community manager (John Dodge). If you are a CTO or CIO in the federal space you probably already read CIO Magazine. Why not join the Enterprise CIO Forum to interact directly with people from outside the federal ecosystem?
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at Logz.io, and Tomer Levy, co-founder and CEO of Logz.io, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the archi...
Oct. 8, 2015 04:00 PM EDT Reads: 388
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult - let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, will cover the current state of the art for container monitoring and visibility, including pros / cons and li...
Oct. 8, 2015 04:00 PM EDT Reads: 160
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
Oct. 8, 2015 04:00 PM EDT Reads: 1,060
DevOps has often been described in terms of CAMS: Culture, Automation, Measuring, Sharing. While we’ve seen a lot of focus on the “A” and even on the “M”, there are very few examples of why the “C" is equally important in the DevOps equation. In her session at @DevOps Summit, Lori MacVittie, of F5 Networks, will explore HTTP/1 and HTTP/2 along with Microservices to illustrate why a collaborative culture between Dev, Ops, and the Network is critical to ensuring success.
Oct. 8, 2015 03:45 PM EDT Reads: 107
The APN DevOps Competency highlights APN Partners who demonstrate deep capabilities delivering continuous integration, continuous delivery, and configuration management. They help customers transform their business to be more efficient and agile by leveraging the AWS platform and DevOps principles.
Oct. 8, 2015 03:30 PM EDT Reads: 199
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Oct. 8, 2015 03:15 PM EDT Reads: 175
Application availability is not just the measure of “being up”. Many apps can claim that status. Technically they are running and responding to requests, but at a rate which users would certainly interpret as being down. That’s because excessive load times can (and will be) interpreted as “not available.” That’s why it’s important to view ensuring application availability as requiring attention to all its composite parts: scalability, performance, and security.
Oct. 8, 2015 03:00 PM EDT Reads: 385
Saviynt Inc. has announced the availability of the next release of Saviynt for AWS. The comprehensive security and compliance solution provides a Command-and-Control center to gain visibility into risks in AWS, enforce real-time protection of critical workloads as well as data and automate access life-cycle governance. The solution enables AWS customers to meet their compliance mandates such as ITAR, SOX, PCI, etc. by including an extensive risk and controls library to detect known threats and b...
Oct. 8, 2015 03:00 PM EDT Reads: 196
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Oct. 8, 2015 03:00 PM EDT Reads: 111
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
Oct. 8, 2015 02:30 PM EDT Reads: 641
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes.
Oct. 8, 2015 02:15 PM EDT Reads: 184
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction....
Oct. 8, 2015 02:00 PM EDT Reads: 145
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how busine...
Oct. 8, 2015 01:45 PM EDT Reads: 229
At DevOps Summit NY there’s been a whole lot of talk about not just DevOps, but containers, IoT, and microservices. Sessions focused not just on the cultural shift needed to grow at scale with a DevOps approach, but also made sure to include the network ”plumbing” needed to ensure success as applications decompose into the microservice architectures enabling rapid growth and support for the Internet of (Every)Things.
Oct. 8, 2015 01:15 PM EDT Reads: 2,039
For it to be SOA – let alone SOA done right – we need to pin down just what "SOA done wrong" might be. First-generation SOA with Web Services and ESBs, perhaps? But then there's second-generation, REST-based SOA. More lightweight and cloud-friendly, but many REST-based SOA practices predate the microservices wave. Today, microservices and containers go hand in hand – only the details of "container-oriented architecture" are largely on the drawing board – and are not likely to look much like S...
Oct. 8, 2015 01:00 PM EDT Reads: 479
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
Oct. 8, 2015 01:00 PM EDT Reads: 771
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today's cloud world, we're revisiting what to takes to make a good service in the first place. Listen in to learn why following "the book" doesn't necessarily mean that you're solving key business problems.
Oct. 8, 2015 01:00 PM EDT Reads: 2,213
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, ...
Oct. 8, 2015 12:45 PM EDT Reads: 504
Despite all the talk about public cloud services and DevOps, you would think the move to cloud for enterprises is clear and simple. But in a survey of almost 1,600 IT decision makers across the USA and Europe, the state of the cloud in enterprise today is still fraught with considerable frustration. The business case for apps in the real world cloud is hybrid, bimodal, multi-platform, and difficult. Download this report commissioned by NTT Communications to see the insightful findings – registra...
Oct. 8, 2015 12:00 PM EDT Reads: 239
With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease. In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, will provide a deep dive overview of OpenShift v3 and demonstrate how it helps with DevOps.
Oct. 8, 2015 10:45 AM EDT Reads: 621