October 27 2020
When you think about the term “software factory,” a big, scary warehouse full of servers probably comes to mind. In reality, it’s not scary at all.
Software factories are helping revolutionize government computing power, much like it has already done in the commercial sector. If you’re reading this post, you know the world of digital transformation in the government is different, though. Authority to Operate (ATO) status can take painstaking months (up to six in some cases) because, in the world of government, it’s not just a business relying on these software systems — it’s the health and safety of American citizens. So, yes, it takes a while.
These software factories, though, have helped reduce ATO time and effort. Instead of getting every facet of your digital operation approved bit-by-bit, some of the foundation — depending on the factory — comes already approved. You just need to customize what’s on top.
How is this done? And what is a software factory, anyway? Keep reading:
What is a software factory?
Think of a software factory as a warehouse built for mass production — digitally. These factories industrialize software development by exploiting the economies of scope that naturally occur when you build multiple similar software systems.
Just as a factory standardizes its assembly processes, it also standardizes its build, quality, security, and deployment stages, allowing it to be reused by multiple applications development teams. This ensures code quality and security requirements are consistent and enforced across multiple teams. They are a structured collection of related software assets, which help create applications through an assembly-like process.
Instead of a case-by-case software improvement process, a factory stresses a long-term commitment to keeping things in tip-top shape. It can also eliminate frustrating bottlenecks in your CI/CD pipeline, reduce cognitive overload in your systems, and improve productivity at every step.
The term “software factory” can mean multiple things, too. At its base, it is the code and tools used to build important applications. But it’s also the people that help craft them — take the Army’s recent announcement about its software factory in Austin, for example.
It’s such a buzzword right now. Why?
Simply, it’s a better way for government agencies to operate.
First, it's a major benefit to the application development team and product owner — they don't need the highly specialized (and rare) skill set of a good DevSecOps engineer. By making the CI/CD pipeline reusable, application teams can focus on development instead of DevOps configuration/development, which leads to every team implementing DevSecOps inconsistently.
Also, without a software factory, we see many customers struggle with product sprawl. There are too many variations — and a lack of security — with the current infrastructure norm. The way many agencies operate right now just isn’t built for proper DevSecOps procedures. In most cases, the production environment does not have the tools needed to perform automation and DevSecOps. Many agencies use DevSecOps principles in development, but it stops there — so you never get the “Ops” in DevSecOps.
These systems weren’t designed for continuous improvements. That isn’t a long-term fault, either. Agencies aren’t commercial enterprises; there is no B2B or B2C involved. The DNA is just different when it’s government providing services to all citizens instead of businesses trying to sell things.
Not all software factories are the same — and they shouldn’t be, either. They should offer a variety of pipelines. It’s why government agencies need to ensure they’re working with developers familiar with government processes and needs.
So, what does a software factory actually do for government agencies?
Think of these factories as a software plant that contains multiple assembly lines. These lines are equipped with a set of approved tools, workflows, and environments. They produce software capability faster, more consistently, more securely, and with reduced risk.
The software factory automates activities in the development, testing, delivery, and sustainment phases of the software cycle. It also:
- Reduces tool sprawl – Limiting the tools and systems you use saves time and money.
- Provides enterprise services for standard software assembly functions – Make your customization and scaling nearly seamless as your agency expands operations.
- Improves time to value and end-to-end visibility – More clarity and efficiency only help your operation become more agile and productive.
- Enhances security and provides continuous security – Security is of the utmost importance here, particularly when you’re using a DevSecOps approach with these factories.
What is "continuous security"? It's automated continuous operations (system patching, compliance scanning, data backup, system recovery, resource optimization) and continuous monitoring (logs, system events, reporting current compliance and risk level).
Ultimately, software factories provide agencies with improved predictability and governance of the software development cycle.
By creating a software factory, agencies can scale governance policies and testing over its software pipeline, bringing them into the continuous delivery process. Every merge request is automatically tested using static application security testing (SAST), dynamic application security testing (DAST), dependency scanning, container scanning, and license management.
Diving deeper
Transforming your agency’s digital operation can be intimidating. But with a secure software factory, the process can be almost painless.
There’s a lot more to cover on software factories — tooling pieces, common platforms, continuous delivery environments, and more. Stay tuned to our blog for more coverage.
