Skip to Main Content

VA’s Platform One Supports Faster, Secure Development

Modeled after DOD’s Platform One, a new enterprise-class hosting service is enabling faster development.
7m read
Written by:
VA's Platform One Supports Faster, Secure Development
Photo Credit: nespix/iStock

Drawing inspiration from the Defense Department’s Platform One, the Department of Veterans Affairs is building its very own modernized computing infrastructure in an effort to deliver new software and services more quickly to veterans.

VA’s Office of Information and Technology began its VA Platform One (VAPO) journey in September 2020 and launched the platform in March 2021. VAPO leverages the VA Enterprise Cloud and fits within the agency’s overall DevSecOps transformation, VA Deputy Assistant Secretary for DevSecOps Todd Simpson told GovCIO Media & Research.

“DevSecOps has fundamentally changed the way that we design, build and deliver products here at the VA,” Simpson said. “VAPO will transform the way we develop and deliver software across VA as it will empower autonomous teams improving speed, productivity and quality.”

Very much like DOD’s Platform One, VAPO provides containerized microservices to developers building various products or services.

Containerization, Simpson said, enables developers at VA to create secure code pipeline, proactively resolve security risks, eliminate vulnerabilities between apps and facilitate agile security. Additionally, isolated containers can be updated quickly without impacting other microservices in an application.

All this supports the department’s overall DevSecOps effort to streamline its business functions and product lines and move away from the traditional waterfall approach of software development.

“That’s the continuous journey away from the monolith into that containerization model,” Simpson said. “As we move into this SaaS model, where we buy before build, we’re using tools that can be automated whenever possible: testing code, executing workflows and maintaining infrastructure.”

VAPO also incorporates automation to enable faster development.

“VA Platform One leverages a continuous integration and continuous delivery tool set that’ll allows our teams to quickly configure automated tests to ensure that the code is always ready to deploy, defect free, and new code is integrated as frequently as several times a day,” Simpson said.

VA isn’t the only agency taking cues from DOD with an enterprise microservices approach. The Centers for Medicare and Medicaid’s cybersecurity chief has been working on the “Batcave,” a continuous authorization and verification engine supporting the authority to operate (ATO) workflow process.

VA’s next steps for VAPO is working with portfolio and product line managers on a modernization readiness assessment to determine if the platform is right for their product.

The team is also working on integrating directives as part of the recent cybersecurity executive order from the White House — especially when it comes to zero trust.

“The incremental implementation of modern security technology and processes is just not working. We can’t patch and apply new technology to fight last year’s problems. We’re leaning forward and thinking of bold ideas that can be integrated as part of that mission,” Simpson said. “Our DevSecOps team is responsible for a few specific elements to include the zero trust architecture and that cloud adoption piece and the endpoint detection response.”

As part of a five-year cybersecurity plan, the agency also is implementing new controls to monitor data and enhance encryption around data sets.

“We’ve implemented a journey around maturing … we’re moving toward monitoring, we’re moving toward maturation of product lines … and we’re trying to move all our product lines through the fourth level of maturity that we’ve identified. Most of our product lines are in level two right now,” Simpson said. “The focus is on action and iterative product development at all times.”

Taking into account customer feedback and in promoting adoption of the tool moving forward, VA expects to eventually accommodate more customers and benefit more teams across the agency.

“[We’re] getting our VA Platform One more widely embraced, leveraging the investment in our cloud technologies, getting more precise with how we’re using our DevSecOps tools and really doubling down around the culture,” Simpson said. “We’re committed to modernizing VA with solutions that produce trusted products to improve the veteran experience.”

Related Content