How to scale value without scaling complexity

There are certain technologies that have stopped being optional and have become essential. I’m not talking about artificial intelligence or machine learning, but about the Platform-as-a-Service cloud service delivery model. Teams that do not use this model to deliver software capabilities have fallen behind the delivery curve.

In order to understand why it is essential, we must examine the challenges of modern software development. These challenges are ever-increasing, and product teams cannot do it all. Finding the right abstraction of responsibilities to outsource is key to faster delivery while managing complexity and avoiding threats.

(Editor’s note: ATARC, like Nextgov/FCW, is owned by GovExec.)

Industrialization of software: reduce complexity with software assembly

There have been many digital transformation efforts, but the most dangerous assumption a leader can make is that software is still "written" from scratch. In reality, modern software is assembled. As complexity scales and the demand for rapid delivery becomes non-negotiable, the role of the executive is no longer to oversee developers or coders, but to empower "software factories."

Developers know that no one writes software from scratch. Software is assembled from existing components, much like an assembly line building a product. Creating software from scratch is possible, but delivering something of value with the same level of complexity in the least amount of time is impossible.

By combining numerous reusable components, modules, libraries and APIs, a product team can quickly deliver usable software and spend more time focusing on delivering value. This can boost efficiency, reduce errors and allows developers to focus on delivering value to the end user — much like assembling IKEA furniture versus custom-building furniture from raw materials.

Software integrity: manage digital supply chain risks

The worst case scenario for an executive leader is when their software negatively impacts the business because of a vulnerability. The public won’t remember the issue, they’ll only remember not to use their software, which is why threat management is even more critical.

This software assembly approach highlights a critical drawback: the introduction of increasing threats within the digital supply chain. Sure, anyone can inspect open-source software, but reviewing components within components to find hidden threats is very tedious, and multiplying this by the increasing number of dependencies becomes impossible. There is usually very little time for inspection when faster delivery is at stake, and not all threats need to be eliminated.

Thankfully, a modern software CI/CD pipeline has been taken into account. This should be one less worry for the development team if the responsibility has been shifted to a dedicated cybersecurity team whose responsibility is to manage supply chain risk and dependency inspection.

Platform-as-a-Service: outsource commodities and focus on delivering value

With cloud infrastructure, progressive web apps, and always-connected mobile apps, software delivery to end users has become nearly instantaneous. Just put your phone in airplane mode and see how many of them will actually work. This delivery platform provides a better developer and user experience. However, the infrastructure is another layer of responsibility that product teams should not have to worry about.

To deliver faster, a product team needs to decide what to focus on. This same model of creating software faster can be applied to delivering software faster. Much like components, product teams can find the appropriate cloud delivery model such as Infrastructure-as-a-Service or the preferred Platform-as-a-Service, to then allow the developers to focus on delivering value instead of maintaining infrastructure. 

AI to the rescue?

For an executive, the goal isn't to have AI write 10,000 lines of code faster; it’s to deliver value faster. However, current AI models are largely trained on legacy paradigms, which is the "from-scratch" coding that exists on GitHub repositories. This is where the use of AI/ML can be misleading for software development. Developers are using a modern tool to recreate archaic methods.

Because AI generates code based on raw GitHub repositories, it often encourages developers to write more code rather than better architecture. We must move beyond "generative coding" and toward "generative assembly." This is where adding additional context to AI prompts makes a huge difference in the results.

Perhaps the future is in prompt assembly where much like software assembly, developers would add large blocks of predefined templates of prompts to provide the missing context to create more accurate results, but this still requires a lot of trial and error. This highlights another layer of abstraction that could be outsourced so that teams can focus on value instead of infrastructure.

Strategic mandate: PaaS by default

Instead of doing more with less, organizations should have experts focus on what they do best. This includes how to organize and position product teams. They should focus on capability and outsource the environment. 

1. Adopt PaaS as the standard: Platform-as-a-Service should be the default delivery model for all new applications so teams can focus on end-user value.
2. Audit the assembly line: Ensure your teams have the tools to inspect the components they are assembling. Security must be baked into the platform itself.

To maintain a competitive edge, leadership must shift resources away from managing commodity infrastructure and toward high-value abstraction.

Check out our white paper on the benefits of the IaaS versus PaaS, and why teams should consider moving to the PaaS model. 

Dave Raley is the chief digital business officer with the U.S. Marine Corps' Operation StormBreaker. Gordon Deng is the government co-chair of the ATARC cATO Working Group.