One of the biggest challenges facing any agency looking to move its systems to the cloud is deciding what to do about legacy applications.
In a panel discussion moderated by Jason Miller, executive editor of Federal News Radio, government and industry executives discussed the headaches and opportunities presented in making the transition, and the role that open source software can play in accomplishing the change successfully.
Frank Konieczny, CTO in the Office of Information Dominance and CIO of the Air Force, summed up the challenge. “The Air Force is going [through] apps rationalization, looking at it from a mission area viewpoint. [R]ationalization means, of course, you need to get rid of the app, merge it with other apps, or modernize it.”
To do that, he said, there has to be a complete inventory of all the apps, and all the places where the app can be found. Frequently the same app is in different places and on different platforms. Then they have to be categorized – is it Java-based, for instance, or how old it is – to determine if it should be modernized or discarded. In the Air Force, for instance, there are four mission areas, but each one has approximately 700 apps, many of which are unique to that mission but some of which may overlap.
The difficulties are frequently compounded because the mission is evolving, said Daniel Massey, program manager in the Department of Homeland Security Science and Technology Directorate’s Cybersecurity Division. Old apps may pose security risks, Massey said, but they may have to be updated.
“One of the things we’re advocating [is] a lot of flexibility in adapting the app to the mission” in order to keep up with the changing scope of that mission, he said.
Massey said the Science and Technology Directorate is putting a lot of research and development resources into promoting open source solutions as a way to remain agile. “It’s cost effective, it’s the adaptability.”
Open source presents its own challenge, primarily with regard to security, Konieczny said. “Security is a big issue, particularly for [the Defense Department]. Even though we have some open source, it needs to be security-approved before it gets on the network.”
“Middleware is still the core framework,” said Joel Jackson, federal middleware manager at Red Hat. “The new middleware technologies are getting really good” at extracting the functionality of the apps. He said the new technologies are going to be a big part of how middleware will be treated in a cloud environment. “Developers and operators are making decisions together now.”
Massey said his office is using the Software Assurance Marketplace, called SWAMP, to help speed up the security assessment process. “We’re bringing together a number of ways to bring security validation. It won’t get you certification, but it helps bridge the gap and helps you get there.”