What is the DoD software modernization strategy?
The Department of Defense (DoD) software modernization strategy is a department-wide plan to reduce software delivery time from years to just minutes through comprehensive changes to processes, policies, workforce, and technology. It was approved on March 30, 2023, by DoD Chief Information Officer (CIO), John Sherman.
As outlined in the DoD Software Modernization Implementation Plan Summary, this strategy encompasses 3 main goals:
- Accelerate the DoD enterprise cloud environment.
- Establish a department-wide software factory ecosystem.
- Transform processes to boost resilience and speed.
In order to achieve these goals, it is necessary to expand the use of software factories, and to ensure that they are able to provide the solutions required for mission needs.
What is a software factory?
A software factory is an assembly line of tools, policies, processes, and people that functions in an automated fashion to help build software more efficiently and provide rapid delivery to a specific community of end users.
Software factories can incorporate a multitude of different software assets including data analytics, automation, artificial intelligence and machine learning (AI/ML), and advanced software technologies. They can also protect development, security, and operations (DevSecOps) processes by limiting mistakes due to human error and mitigating malicious interference with the software integration and delivery process. Software factories can help teams replicate industry best practices, reduce development time, improve consistency, and consolidate resources.
How does the DoD use software factories?
The use of software factories is still maturing in the DoD, and one of the primary goals of the modernization effort is to expand the use of the software factory ecosystem across the whole department. Currently, the Air Force leads the DoD with its use of software factories such as Kessel Run, a leading software factory created in 2017. However, other branches are beginning to build their own software factories, such as the Army Software Factory and the new Marine Corps Software Factory, established in March 2023.
The DoD is committed to emphasizing partnerships with commercial cloud providers and advancing the technical competencies of its workforce through training, on-the-job apprenticeship opportunities, and rotation opportunities.
Communication and collaboration through the Software Modernization Senior Steering Group (SSG) and forums such as the DevSecOps Community of Practice (CoP) are increasing awareness and interest in making use of the existing software factories and establishing new ones. Ultimately, the DoD continues to take a coordinated approach to improve their software factory ecosystem, as part of an overarching strategy to achieve a software-empowered DoD, and to create, share, and deliver mission critical software to the warfighter, ensuring superiority on the future battlefield.
What does it take to modernize software factories?
Modernizing software factories is about helping developers spend more time on development by incorporating functional capabilities, tools, processes, and automation to reduce complexity. It’s also about using updated policies and best practices to bring cohesion through governance within multiple domains, such as application development, operations, and security. When coupled with powerful metrics and insights, teams are capable of delivering software artifacts faster, in phases, and with minimal human intervention.
By using integrated operations that incorporate shared software and development objects and platforms, teams can consolidate the effort required to create software, resulting in more efficient development.
DevSecOps tooling is also necessary for modernizing software factories. For DoD use cases especially, it’s necessary to continuously integrate security into the continuous integration and continuous development (CI/CD) workflow. This must be a shared responsibility, incorporated into the entire lifecycle of the software and across all components of the software factory.
Modern software factories also employ GitOps practices in order to maximize observability, automation, and ensure continuous integration and continuous delivery (CI/CD). Using GitOps principles can ensure any software changes can be monitored and rolled back as required, improving security, reliability, and consistency across the software factory.
For DoD software factories, robust testing standards are a necessary step to increase confidence across Authority to Operate (ATO) boundaries and establish the standard body of evidence for Authorizing Officials to quickly approve software usage.
It is important to establish security policies and boundaries to secure software factories and ensure that the ATO is not compromised. This guarantees that in case the application deviates from the set policy, it will revert to a previously known secure state.
Modern software factories also require a platform that can help to simplify adoption of software delivery practices, allowing teams to focus on innovation.
Above all, a trained workforce with access to relevant content and communities of expertise is required to transform policies and processes and help the DoD to realize the full potential of software factory modernization. Cultivating cutting edge digital talent among members of the workforce while creating a culture of continuous development is necessary if the DoD is to keep pace with changing conditions and ensure desired mission outcomes.
How can Red Hat help modernize DoD software factories?
Red Hat has considerable experience in software modernization. In the realm of DoD software factories, Red Hat® OpenShift® is already being used as a certified distribution for the Air Force software factory Platform One.
Red Hat’s experience documenting existing environments and available tools used to build, test, release, and deliver software is highly relevant for the task of modernizing and expanding the DoD software factory ecosystem.
Red Hat provides a wide spectrum of zero trust and software bill of materials (SBOM) capabilities via Red Hat Trusted Software Supply Chain, bringing trusted cloud services and prescriptive workflows together to help our customers build compliant, high-quality, highly observable software with automated security guardrails.
Red Hat also helps customers to review security postures, ensuring compliance with industry standards and governance of policies to guide cloud operations.
Using Red Hat® tools and solutions, customers can build and optimize DoD software factories using customer tools on a consistent development platform, scaling software solutions as needed across multiple teams and functions.
Red Hat takes a layered approach to cyber defense that incorporates zero trust architecture (ZTA) principles, helping customers implement security across the entire infrastructure, application stack, and life cycle. This defense-in-depth strategy frees customers from relying on a single security layer. Instead, security is integrated across people, processes, and technologies.
By working with Red Hat, customers, mission partners, and communities-of-interest also have access to an expansive ecosystem of partners to help them solve complex challenges, grow commercial relationships, and accelerate the interoperability of software deployments.
Red Hat is a global leader in technology and software modernization, with a proven product portfolio of open hybrid solutions that help customers build, deploy, and manage applications while simplifying, automating, and securing processes. Red Hat solutions are commercially available across hybrid environments from on-premise, to multicloud, to edge deployments.