WASHINGTON — As part of its broader information technology modernization plan, the Department of the Navy established a new policy that orders certain software development programs to utilize containerization technology “effective immediately.”
The memo, titled Containerization Technology Usage, called for such containerization tech to be used “to the greatest extent possible” across all DON commands and programs that are in the cloud or transitioning to the cloud “where enterprise container platforms and DevSecOps pipelines exist or are in development.”
“This technology enables the Department to deploy applications consistently across highly varied environments while enhancing security, reducing computing resource overhead, and accelerating development cycles,” the memo, which was released by the DON CIO Jane Rathbun on Wednesday, added.
Software containerization is the practice of packaging software code with only the operating system’s libraries, related configuration files and dependencies the software absolutely needs to run the code. This is all packaged into a “container” that essentially extracts the code from the host operating system, making it portable and secure so it can run risk-free on any platform. With other, more traditional, methods of software deployment the code is often susceptible to bugs, errors and less secure when it is transferred to a new location, according to a report from IBM.
“This is a major step toward modernizing the DON’s IT infrastructure and software deployment capabilities by increasing operational agility, resiliency [and] optimization of our investments,” a DON spokesperson told Breaking Defense.
Joe Rohner, a senior vice president at Booz Allen Hamilton and technology transformation leader for the company’s Navy-Marine Corps business, told Breaking Defense that “this is a great move in the right direction and officially endorses DoD guidance and adoption of industry best practices for software development and delivery.”
“Overall, containerization enhances security by isolating applications in separate environments, limiting the impact of potential breaches. It reduces the attack surface through minimal, immutable images and enforces stricter access controls using built-in security features,” he added.
The DON didn’t specifically say how much the transition to software containerization would cost, but the spokesperson said the policy applies to several initiatives that will vary in value. “In many cases, maximizing the use of containerization technology will reduce costs in the long run,” they added. Additionally, the spokesperson said this would be an ongoing effort “with no specific end date,” noting that there will continue to be new software development activities that will be applicable to this policy.
Rohner said that while Booz “applauds DON CIO for issuing this new policy,” he suggested that to push this policy further along, the DON could “develop implementation guidance, technical baselines, and verification mechanisms to ensure consistent and secure adoption.”
Though the memo said software containerization must be utilized to the “greatest extent possible,” the DON said there will be some exemptions. For example, one may be granted if the transition to containerization would be “prohibitively expensive.” Among other scenarios, if the risk of not leveraging containerization tech is “deemed acceptable” or if a user is producing a digital twin (where the deployment cannot be containerized), an exemption could also be granted.
Click this link for the original source of this article.
Author: Carley Welch
This content is courtesy of, and owned and copyrighted by, https://breakingdefense.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
