Army cloud office wants more DevSecOps tools and ‘CISO-as-a-service’ technologies
The Army is looking for help in building its coding environment across the force, as well as assistance with high-level cybersecurity tasks, according to a recent request for information from its Enterprise Cloud Management Office (ECMO).
The RFI seeks support from industry for the Coding Resources and Transformation Ecosystem (CReATE), the DevSecOps environment the Army is working to bring to its coders. The ECMO is also calling for “CISO-as-a-service” assistance — that is, contractors and tools that would help the force’s technology leaders with securing cloud services. It’s a way of requesting more firepower from industry to secure enterprisewide technology.
The RFI comes as the Army has been working to migrate to both data and services to cloud environments and work to enhance their security.
“ECMO will provide the Army with secure, reliable, and resilient DevSecOps services and capabilities to support customer outcomes and drive cloud adoption,” the RFI states.
Other branches have jumped all-in to DevSecOps, a method for developing code with security baked in at every level. The Air Force’s Platform One team has lead the way with in the military, with the Army appearing close behind in working to improve its coding environment.
The document also calls for CISO-as-a-service contractors, or cyber experts armed with technology that can assist in the building out Army network and cloud security architecture. It does not state all that would entail, but the RFI signals it would include macro-level architectural solutions for cloud infrastructure, platform-as a Service (PaaS), data analytics and “specialized engineering services,” to support the ECMO and Army security.
A key part of the Army’s data and cloud modernization strategy is improving its security. The department has issued several recent calls for assistance with those efforts.