Disruptive by Design: How to Provide a Little Incentive for Project Managers

Ever-expanding reviews and policies aren’t the only way to control enterprise information technology projects. Instead, management should establish clear standards and incentivize project managers to choose enterprise-friendly designs that streamline external reviews and eliminate the delays and costs associated with compliance.

Information technology projects have distinct requirements: cybersecurity, privacy and Section 508 compliance. These necessary requirements add a significant burden and can cause slowdowns and cost overruns. Other external challenges come from the budgeting process, procurement and configuration management.

Myriad policies create overlapping and confusing requirements. Often, the paperwork outweighs the actual implementation of the security control or 508c feature. Furthermore, every information technology project manager must gain the expertise to manage, record and obtain approval of controls compliance. This redundancy costs money and requires an army of highly trained documentation writers and reviewers. Programmers use an applicable acronym—DRY, or don’t repeat yourself. Building systems and apps from common preapproved architectures allows investment in user value instead of paperwork.

The first phase of my proposal requires standardization around a comprehensive enterprise architecture supporting all layers of an organization’s infrastructure. This architecture aligns business objectives with desired technologies and is essential for executives to make value-based decisions. Standardization requires senior management to choose and authorize frameworks and technologies that can be the foundation of systems and apps. These frameworks could include industry standards such as Ionic, Angular and Foundation, which are secured and tailored to agency requirements. The tailored frameworks would obtain compliance approval and be made available to project managers as a Platform as a Service in a federal cloud and on various assets—build once, deploy everywhere. This concept is similar to the Secure Host Baselines offered by the Defense Information Systems Agency, but at the app level.

The second phase requires incentives for project managers who follow the enterprise standards. Senior management must provide the reciprocity of underlying framework compliance to the implementing project team. This is possible because the frameworks are ultimately controlled and secured by their parent projects. Apps using frameworks employ available programming interfaces and defined components. As a result, the documentation and review burden shifts to cataloging implementation exceptions or deviations. This relieves most of the external compliance burden. Further incentives could include streamlined procurement and configuration management approvals. Reducing overhead also promotes agile development.

Several frameworks used throughout the U.S. Defense Department and other agencies could be immediately standardized across the enterprise. One example is the Ozone Widget Framework, an open-source, web-based platform to develop and deploy interconnected apps. The government controls this framework used to build mission-critical apps. Unfortunately, its use still requires the overhead that comes with a third-party framework. This does not motivate project managers to favor this framework or to require its use on contracted development efforts. Industry standard frameworks provide instant access to building cross-platform, mobile and web-based tools. These leading open-source frameworks can be tailored to the agency’s branding, requirements and environment. Once certified, they would offer a rich platform to build next-gen apps across the enterprise.

The basic elements of this proposal are found in the Navy initiative “Compile to Combat in 24 Hours,” which aims for one-day approval of application updates. A related pilot project uses a standard web framework deployed on naval assets. Apps deployed on top of this framework inherit the system’s security and usability. The technology to support this approach has been available and largely in place since 2000, but inertia has prevented full adoption.

Hopefully this pilot project spurs further investment in standardized frameworks throughout the department and the Coast Guard. With the right mix of leadership and technical expertise, this plan could reduce the overhead involved in information technology projects and bring capability to the end user faster and cheaper.

Lt. Cmdr. Jonathan White, USCG, is a member of AFCEA’s Hampton Roads Chapter and a project manager for the SeaWatch command and control and navigation system.

This article was written to gather ideas for his future thesis on refining information technology project management in the government. The views expressed here are his own.

Disruptive by Design explores innovation and ideas with the potential to expand capabilities and revolutionize products, services and behaviors. For more information, visit url.afcea.org/YoungAFCEAN.