Justice and Public Safety sector: Protecting high-risk data on OpenShift
|
Find out how the Justice and Public Safety sector used OpenShift to adopt flexible and modern development practices, while keeping information secure.
About
Security and privacy concerns are very complex. This case study is meant to give product owners who are new to the platform, OpenShift and DevOps a high-level overview of the B.C. Government Private Cloud Platform as a Service (PaaS).
The Justice and Public Safety sector works with some of the most confidential information in government and online services must meet rigid security and privacy requirements. Using Red Hat® OpenShift® on the B.C. Government Private Cloud PaaS, the sector has adopted flexible and modern development practices to improve service delivery, while keeping information secure.
Data in the Justice and Public Safety sector
According to Ryan Loiselle, a solutions architect with the Justice and Public Safety sector, the security and privacy requirements in his sector are some of the most stringent in government.
“The data we deal with in the Justice and Public Safety sector is highly confidential. It’s one of the few areas in government where if some of the information we work with gets out or is compromised, there can be severe consequences.”
That information includes addresses, identities, evidence from court cases and information from police investigations.
“We can’t ignore any risks in our applications because of the data we’re dealing with.”
Product teams need to feel confident that the data they’re using in their applications is secure. Ryan helps them adhere to the sector’s standards, guidance and best practices.
“My role is to help ensure that teams are using the right technology, in the right way, doing it securely, and adhering to government policies around the hosting and development of software.”
Solution architecture in the justice sector
Ryan’s sector currently has about 60 applications and integrations on the B.C. Government Private Cloud PaaS. Product teams approach Ryan with a specific business need and he supports them through business case development, the procurement process, software architecture, planning and development.
“Once a vendor has been chosen, I work with a contracted architect to develop a solution for the product team.”
Many of the cloud applications his sector builds need to integrate with traditional systems managed by the justice sector. Ryan helps teams find solutions that work with the sector’s infrastructure, “rather than vendors proposing something that we either don’t have the capabilities to host or that doesn’t fit into our support model or strategic direction.”
Why the Justice and Public Safety sector chose the private cloud
Almost 15 years ago, the justice sector started looking at containerization and cloud-native applications as a way to remove some of the traditional requirements for application development. Cloud-native applications offered a development experience that was flexible, quick and responsive.
“A business area could come to me at 10 am this morning and want to develop an application. In OpenShift, I could have them up and running with a namespace, forked software and a pattern to follow by the end of the day.”
The process isn’t the same in the traditional space.
“One of the advantages of OpenShift is that there aren’t as many dependencies because it’s not a shared environment. You’re running your own instance of a server. Developers get a lot more control in the private cloud space than they do in legacy systems.”
His sector also considered how cloud infrastructure could be leveraged to reduce compute capacity costs. In the past, product teams were asked to purchase capacity for their applications up-front, before they understood or could determine what their resource needs would be. On OpenShift, applications can scale dynamically.
“We can scale resources up and down to accommodate demand.”
However, moving into the cloud introduced new issues, like network and data security.
“When I first started in the sector five years ago, there were a couple applications that we were still building in the traditional space, because we hadn’t answered a lot of the security questions or concerns regarding the private cloud.”
Keeping data secure in the cloud
To address his sector’s security concerns, Ryan has worked with the Platform Services team, providing insight into the unique needs and requirements of his sector. For example, many of the applications that the justice sector is building in the private cloud need to integrate with existing legacy systems. This requirement can cause complications.
“Because many traditional network controls are based on IPs and ports, there’s often no way for traditional systems to distinguish between a team’s OpenShift traffic and any other OpenShift traffic, since they come through the same IP address.”
As a result, Ryan’s sector has had to implement additional security controls to determine exactly which private cloud applications are interacting with their legacy systems.
To reinforce their applications, his sector has also leveraged many of the security tools available on the platform.
“Part of proving how secure the platform is has involved bringing technology to the table that allows us to determine if our code is free of vulnerabilities. The tools and technology that are now available on the private cloud platform have increased our visibility into the code we write, and it’s increased our security posture. Now we’re doing static code analysis and unit testing. We’re doing all these DevSecOps activities in OpenShift that we couldn’t do in the legacy environment. There’s a lot of agility and flexibility.”
Static code analysis and unit testing are some of the many routes teams can take to secure their applications. There are also templates, which teams can use to incorporate dynamic security testing and image scanning into their deployment processes. These can help identify vulnerabilities at different stages of their application’s lifecycle.
Future plans
Ryan anticipates that the future of application development in his sector will continue in the cloud.
“We’re going through a legacy modernization process to update our business apps that are hosted in the traditional space. At the moment, the target deployment environment is OpenShift. We want to move those apps out of the traditional space to more modern technology.”
Overall, Ryan believes the B.C. Government Private Cloud PaaS has made considerable progress since it first became available, and has helped his sector deliver services more efficiently.
“Using the platform has allowed us to get services out the door faster and be more responsive to changes.”
As for security, he says the platform has come a long way.
“Security has improved and continues to improve, and the justice sector continues to be a champion for that progress.”
Thanks to contributions from Ryan’s sector, the B.C. Government Private Cloud PaaS is even better equipped to meet the varying needs of product teams. Ryan and his sector are an example of how any team not only has the opportunity to leverage the cloud for their own services, but can improve the experience for product teams across government.
Start your next project
Find out if the B.C. Government Private Cloud PaaS is a good fit for your next application.