DEVSECOPS MIGRATION TO cARMY
By Jonathan Kolhagen
JANUS Research Group is consistently establishing ways to rapidly deliver secure software capabilities to warfighters by enabling modern Software Development through products and services to grow the Army's cloud native enterprise DevSecOps ecosystem. Below outlines how JANUS delivers software development management/storage/build tools, validate paths to production, and enable DevSecOps security.
THE JANUS APPROACH
DevSecOps methodology begins with our positive and well-integrated systems development, security, and operational team culture. The JANUS approach to cloud planning, migration, and implementation is highly collaborative, harnessing established relationships with cloud providers and trusted cloud experts to achieve our client's vision. The successful migrations for Architecture Integration Management Division (AIMD) systems are due to the DevSecOps approach taken by Team JANUS and supported by AIMD, Army Futures Command (AFC), and Futures and Concepts Center (FCC) leadership to take on-prem solutions and make them modular, flexible, and agile to become focused on deliveries while improving the applications security posture and mitigating perceived performance issues. Team JANUS leverages Capability Maturity Model Integration (CMMI) Level 3 best practices for documentation and process improvements ensuring repeatable success, demonstrated by multiple iterations of migrations for both the ArCADIE and Forge applications within the Cloud.
A continuous Authorization to Operate (ATO) approach enabled by our DevSecOps methodology, security-focused culture, and Risk Management Framework (RMF) automations and templates guarantee steady standards compliant with Risk Management (RM) implementations empowered by Team JANUS' certified and experienced Information Assurance (IA)/Cybersecurity professionals.
Team JANUS provides complete IA/cybersecurity services for required systems and maintaining the ArCADIE and Forge system accreditation and ATO. Our Systems Administrators coordinate with the Cyber Security Service Provider (CSSP) (C5ISR), AFC-Modernization Application and Data Environment (MADE) Support Staff, and the cARMY Infrastructure Team to ensure continued security and cyber resilience of ArCADIE and other contractor-managed systems. We support Federal Information System Management Act (FISMA) self-reporting efforts annually by updating the IA test plan, documenting cybersecurity postures across the RMF control set, planning for and simulating disaster recovery events, and overall taking a proactive approach to accreditation management.
THE RESULT
With this methodology and approach, Team JANUS was able to successfully migrate ArCADIE to the Army Futures Command (AFC) MADE cloud for IL5 and IL6. This was the first time ArCADIE has had a Secret Internet Protocol Router Network (SIPR) instantiation in over ten years, providing a significant achievement ensuring the government can continue to develop classified architectures. Additionally, Team JANUS was able to migrate Forge from an on-prem environment to becoming the first of its kind application within cARMY for IL5 and finalizing the migration for IL6.
Once successfully migrated within the cloud hosted environment, several process improvements to the DevSecOps posture became immediately apparent, to include the use of Continuous Integration/Continuous Deployment (CI/CD) utilizing Azure Artifacts to ensure release artifacts are stored. Additional cloud related capabilities will be realized: such as BurpSuite and SonarQube for code scans, PowerBI and RShiny for dashboard and data analytics, as well as leveraging Application Programming Interface (API)s to enable data integration and data sharing across the Army.
Our team's expertise in utilizing current and emerging technologies as well as fully embracing our relationship with AFC and FCC leadership led to the development of a future vision document and within a pursuit for a stronger, faster, and more stable applications to support the growing AIMD mission and overall support to the success of Multi Domain Operations (MDO) and enabling the planning for Army 2030, Army 2040 and beyond. With this understanding, we were able to develop and implement a plan that led to the government now requiring migration of ArCADIE to the cARMY cloud.