Risk, compliance and security are primary concerns for companies operating in the defense industry. But increased focus on these issues can complicate an organization’s agility when adopting or adapting to new technology. This is what Raytheon was up against when it embarked on an IT initiative to develop a secure, cloud-based virtual innovation environment to test and explore new technology.
New technology that hasn’t been screened or tested for potential security threats or vulnerabilities can pose a major risk to organization that prioritizes security. In developing its innovation environment, Raytheon needed to create a solution that both supports the “rigorous and time-consuming processes” of testing for potential security threats and “expedites the risk reviews while still achieving speed, agility and compliance,” says Dr. Kieran Nolan, director of digital transformation.
The project, which earned Raytheon a CIO 100 Award in IT Excellence, enables any Raytheon employee to experiment with new technologies that are considered risky, have low maturity, or have not yet been evaluated for risks, all within a security-compliant environment.
Small steps to big success
Pulling from his engineering design skills and his experience leading innovative projects in the past, Nolan determined three key requirements for the initiative: accessibility, agility and security.
He empathized with the “frustration of onboarding new technology and the difficulty of getting approvals prior to experimentation” that Raytheon employees often feel when seeking to prototype new tech. He also understood the “limitations of being co-located with physical experimentation labs,” the delay of a 60-day turn proposal and the inability to properly vet a free and open source (FOSS) solution.
Here, the cloud provided a unique opportunity for melding security and innovation, and so Nolan’s team took “several brainstorming sessions with IT cloud domain experts” to determine the implementation requirements. Using a Scrum and DevOps methodology, they broke down the problem into smaller elements to tackle first. Solutions were developed by creating a “trial and error concept” architecture that was combined with “some crazy ideas and assumptions,” Nolan says.
In the end, once the architecture was formalized, Nolan’s team sent it out to relevant groups for feedback.
Reduce, reuse and repurpose resources
Raytheon managed to keep costs down by “reusing an adjacently funded project,” Nolan says. His team repurposed and adapted technology for the new environment pulling in employees from similar projects already running in the organization. This helped save on labor costs and time to get the cloud-based innovation environment ready.
It also helped Nolan’s team sell the idea to the CIO because they were able to demonstrate that the project had a relatively short development time, repurposed resources from budgets that were already approved and that it had a viable security approach.
“While there was risk in this approach, it was worth pursuing since the benefit of success would create a great positive change for the business. By using the risk versus benefit approach, we convinced leadership to back the project,” says Nolan.
The risk paid off, and Nolan attributes a supportive CIO as a key to the success of the final project. Anytime they hit a roadblock or a challenge, or when they needed to change their approach, the CIO empowered the team to overcome any challenge and helped keep the team confident moving forward.
Challenges and roadblocks
Raytheon faced a few challenges along the way and the project had to go up against other business priorities.
“The funding levels were low, the team consisted of three people at its peak, with business priorities always over-riding the availability of labor resources,” says Nolan.
While pulling employees from other projects and business units helped cut costs, saved time getting off the ground and acted as a selling point for upper management, it also created one of Raytheon’s biggest challenges. To overcome this challenge, requirements and tasks were spread out and incorporated as small side tasks into the workflow of other project leads.
It wasn’t an ideal solution, but it helped alleviate some of the strain. If they were to repeat the process, Nolan says the organization would “staff full-time, dedicated employees instead of borrowing staff from other projects,” as these staffing transitions often slowed down timelines.
They were also limited in hands-on experience with implementing this type of cloud environment, so they had to try a few different strategies before determining the best solution and learn along the way. While one approach might work on paper, it wound up not being process-compliant while another that was process-compliant was too much to implement.
“Through trial and error in some cases, we developed the capability incrementally,” says Nolan.
What Raytheon accomplished is a solution that is just getting ready to make the transition from beta to full-time operational service. Although it’s still in the early stages of deployment, Nolan says Raytheon has already benefitted from the program.
“It has enabled our company to increase usage of more open-sourced technologies and greatly shortened our development cycles for new tech insertion. We now have a new capability that has broken a long-standing barrier, causing a game-changing enabler for our business operations,” he says.