Accelerating the digital supply chain with innovative procurement models

Presented by GDIT GDIT's logo

Modern supply chain engineering and logistics can be traced back to WWII, when the U.S. government developed a system to get supplies and equipment to troops spread throughout the world quickly and efficiently. Supply chain engineering and logistics have drastically changed since, in large part thanks to e-commerce, the desire for self-service procurement, and the rapid growth of purchase order transactions. Because of these factors, consumers have become more vulnerable to data risks.

Vulnerabilities to data risks have led bad actors to pounce on weak links along the complicated supply chain. These bad actors have had long-term effects on both corporations and government entities – with recent attacks racking up nearly $100 billion in repairs. It’s imperative users constantly check risks associated with their supply chain. Without constant monitoring, entities can be left exposed.

Moving software procurement to the cloud

Cloud has increased the modernization velocity at agencies, but the way software is procured has not evolved at the same pace. CIOs and developers alike want to increase the pace of cloud adoption, reduce approval times, and leverage industry-standard solutions. Finance and procurement personnel want to focus on cost effectiveness and acquisition simplicity.

However, one of the greatest hurdles to these goals is governance and compliance. Managing multiple cloud-based product subscriptions and entitlements across an agency or program is an intensive process, from obtaining the necessary security and compliance certifications to controlling costs as the number of child accounts grow. 

“Many federal agencies are struggling with cloud adoption, especially finding and deploying the right mission-enabling software to run on top of the cloud,” said Mathew Soltis, vice president of cloud at General Dynamics Information Technology (GDIT).

A secure government depends on a secure supply chain

The recent Executive Order on cybersecurity calls for new criteria to evaluate the security practices of software developers and suppliers, and for the development of new tools to demonstrate conformance with secure practices. The Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency, have all recently released guidance around securing the software supply chain.

The private sector, which has more flexibility in procurement, has access to digital marketplace solutions that allow company IT teams to rapidly and securely introduce these solutions. These solutions are now coming to government agencies through GDIT’s AWS Private Marketplace.

“GDIT’s AWS Private Marketplace offers an end-to-end supply chain with the ability to find, subscribe, deploy and govern third-party software and solutions all in one place,” Soltis said. “Marketplace was designed for speed while also unlocking innovation with features that streamline procurement, automate provisioning, implement controls, and enable teams and their missions.”

To prevent exposure to bad actors, agencies should plan ahead and be aware of possible disruptions to the supply chain.

“Agencies need to build a strong relationship with their suppliers – it’s crucial to do this before supply chain issues start,” said Ken Bailey, senior business development manager at AWS. “If you know how your supplier operates, who they interact with, who they deliver to, and what their business practices are, you are more likely to have more visibility into potential threats. By exposing risk earlier, entities can make sure they are taking the correct steps to manage supply chain risk.”

Bringing commercial and emerging tech with government

Many agencies are already running cloud-native tools, but they need to complement those tools either with open source or third-party software. And to get that software, they need to procure it, buy it, install it themselves and manage it.

“GDIT’s AWS Private Marketplace has cloud-based solutions from thousands of independent software vendors,” said Soltis. “Procurement teams can quickly and easily refine catalogs to make agency-approved software and applications available to program teams through this Marketplace.”

Software is scanned for security compliance and billing, and metering and usage for paid software is integrated into the AWS customer bill. It allows customers to move quickly.

The platform provides a channel that documents attestations for secure development environments, such as the use of encryption, and appropriate monitoring and logging for those critical software components. 

“By having identity and access management integrated into the GDIT’s AWS Marketplace, administrators can control not only who has the permission to access Marketplace, but also who has the ability to authorize procurements,” Bailey said. 

Bridging compliance with innovation

Technology plays a leading role in the increase of cyber threats in the supply chain, but the same innovative technology is essential to driving critical agency missions forward. Governments need access to innovative technology that also focus on governance and compliance, as they relate to acquisition, in this case for software on the cloud.

To adhere to federal acquisition regulations (FAR), GDIT evaluates suppliers and subcontractors for risk, including cyber security risk, prior to point of procurement, Soltis notes. This enables appropriate monitoring and preventive action throughout the supplier life cycle.

The cloud by itself has several benefits to offer: it’s elastic, scalable and gives agencies the enhanced capabilities to accomplish goals.

“Treat cloud as a mission enabler to enhance your core capabilities, and you start to see all the components necessary to ensure you are leveraging cloud to its fullest potential for your agency,” said Bailey.

This content is made possible by our sponsor General Dynamics Information Technology, Inc; it is not written by and does not necessarily reflect the views of GovExec's editorial staff.

NEXT STORY: Data-led transformation: Minimize sprawl, maximize value

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.