‘BatCave’ signals CMS’ progress toward moving to the cloud

Like the famous superhero Batman, the technological environment of hospitals and medical care centers has two characteristics.

On the surface, many people think of CMS as old-fashioned and boring with mainframes and COBOL.

Find the secret switch in the chest to open the door behind the bookcase and slide down the pole to reveal the Batcave.

It’s a metaphor for how CMS has progressed over the last 10 years, but also…

READ MORE

Like the famous superhero Batman, the technological environment of hospitals and medical care centers has two characteristics.

On the surface, many people think of CMS as old-fashioned and boring with mainframes and COBOL.

Find the secret switch in the chest to open the door behind the bookcase and slide down the pole to reveal the Batcave.

This is not only a metaphor for CMS’s progress over the past decade, but also literal in the sense that the agency has developed a new IT innovation initiative called BatAgui.

Robert Wood is Chief Information Security Officer at CMS.

“The government’s official shorthand for continuous authorization and authentication engine is actually a software factory or container-based platform that optimizes software development efforts, ATO preparation efforts, ongoing maintenance, and lifetime systems. All of this in a CMS under the guise of making developers’ lives easier when building software for them,” said Robert Wood, CMS’s chief information security officer, in an interview with the Federal News Network. “It’s a DevSecOps platform and a software industry, so I see them as almost identical in some ways. It’s an accumulation of technologies, processes, and cultures that align with the principles of building software, getting it out the door fast, and deploying continuously.”

Also Read :  How area members of Congress voted

Wood’s team leads BatCave because to build software faster, the security group must reduce friction, ensure stability and flexibility, and most importantly, automate and streamline security processes as much as possible.

Some people see CMS as stuck in mainframes and COBOL, but over the past few years, the agency has been aggressively moving systems and data to the cloud.

CMS Chief Information Officer Rajiv Uppal said at AFCEA’s recent Health IT Day that the agency has migrated more than 90 systems from 200 to the cloud.

“There are some things that take a long time to get to the cloud. For example, we are processing claims. It’s a 40-year-old system running on a mainframe. We’re taking it piece by piece and moving it to the cloud. It’s going to take time, and we have to be careful about how we do these things,” he said. “Eventually, I believe almost everything will be in the cloud. CMS probably has the largest cloud footprint in the civilian sector. We’re well on our way. going.”

Borrowed from the Air Force and others

The BatCave isn’t necessarily a new concept. CMS worked closely with and was modeled after the Air Force’s single platform effort.

CMS developers aren’t obligated to use BatCave, so Wood knows it has to provide value and incentives to attract users.

“We’re working with and talking to the Air Force because they’ve done it in a very integrated environment, which is similar to how we should operate in CMS. Everyone has their own money and they’re doing their own thing,” he said. adoption is optional, not mandated. We have to create the right incentives and value proposition for someone to choose to use a centralized service. So there are a lot of lessons learned from the Navy effort and the Air Force effort.”

Also Read :  PUBG MOBILE: Paving the way

To attract these customers, Wood said one big lesson he learned from the Air Force is to focus on the needs of the community and the customers.

“I think it’s a trap to create what the community thinks they need instead of really listening to them or letting them drive the data where it’s needed. In our case, we dug into a lot of user research, user validation, what our systems looked like, the ATO process and things like that, and really informed those efforts before BatCave. How we were going to build, what we were going to build,” he said. “We did a whole human-centered design study and thought from a value-driven flywheel perspective. Doing something like this requires consumer engagement and community engagement.”

Inheritance of Security Controls

Wood said CMS moved the DevSecOps platform from contract award to production in less than a year, and six teams are currently using it. He said several other CMS mission areas are evaluating how to take advantage of the tools in the future.

“It’s not for everyone, we admit that, but people who are running containerized workloads, trying to get faster with software, working in the cloud, running web services and application programming interfaces (APIs) will be a great fit.” .” he said. “They may benefit from not having to worry about additional ATO costs. Every time they want to release a new version or introduce a new feature, they can benefit from changing their software and deploying it really quickly without having to go through costly and time-consuming security impact analysis.” All of this contributes to faster mission-to-market and faster time-to-market.”

Also Read :  How to use Slack's huddle feature (and why you should)

Wood says one of the biggest advantages of the BatCave platform is that developers inherit nearly 80% of the security controls they need. This means they only have to test the remaining 20%, reducing the time from development to production.

“We have not started trying to reach 80%. We basically built what we thought was the ideal Minimum Viable Product (MVP) and went through the hard work of mapping out everything that goes into it in such a modular way. This was just an MVP, so hopefully we can add more things to the pipeline,” he said. log collection, integration, software bill of materials (SBOM) etc. All of this is on the backs of the development teams, but we feel that we can ingest artifacts to make them successful, review them regularly, and reach our level of integrity. It’s nice to put it in a state of approval.”



Source

Leave a Reply

Your email address will not be published.

Related Articles

Back to top button