Blog Archives - Page 4 of 12

Over 21,000 people visit U.S. government websites each day. The annual paperwork burden for executive departments and agencies exceeds 9 billion hours. Adopting next-generation user experience practices can address these challenges. By considering the needs of all stakeholders, designing for scale can improve the user experience, reducing paperwork and empowering agencies to meet their mission no matter the changing digital landscape.

In 2021, the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government called on agencies to improve government performance while using proven best practices such as human centered design and service delivery models. We must embed the user experience in the process to meet these requirements as early as possible. It compels us to take a long view. We should take a product oriented mindset that asks not how we can introduce a particular feature or functionality but how the product itself will be used past the completion of a modernization project.

We have applied this approach to modernization projects for our customers in the acquisitions, aviation, and grants management industries. Aligning to industry standards, some of our applications see more than 1 million registered users. Using repeatable processes, we enable User Experience/User Interface (UI/UX) on a massive scale as we modernize complex systems for our agency customers. We collect our best practices, resources, and components into toolkits used by our teams. Now we have assembled our insights into a white paper from our Karsun Innovation Center.

Our new Design for Every Next white paper takes you step by step through this process. From building your data capabilities to effectively analyzing stakeholder needs to creating effective feedback loops. We also share best practices and strategies for leveraging emerging technologies to implement new enhancements quickly. We also share our component-based approach to rapidly iterating and prototyping interfaces. Part of our Digital Transformation Toolkits, our Design Toolkit ensures teams have the resources and expertise to accelerate transformation with a comprehensive view of stakeholder needs and wants. Download the white paper at https://karsun-llc.com/resource/design-for-every-next-2/.

This week the Washington Business Journal released its annual diversity index. We are proud to have appeared here and on the Journal’s other diverse businesses lists in the past. A critical part of building our diverse culture is a commitment to creating collaborative spaces and instilling teamwork across our organization.

It begins at the top. Our CEO and co-founder, Sundar Vaidyanathan, is a past winner of the Washington Business Journal’s Minority Business Leader Award. He was named to Comparably.com’s Best CEOs for Diversity in 2021 and 2022. This award is unique because the rankings are based on the reviews of diverse employee groups across Karsun. Those CEOs named to this list are recognized directly by their employees for their outstanding leadership.

“Teamwork and inclusivity are [the] most positive [part] about the culture and environment,” begins one Comparably review. Teamwork is one of our core values, and we pride ourselves on building an open and collaborative workplace. Again, much of this begins with our leadership. Each month a rotating group of employees is invited to participate in Coffee with Leadership. During these small virtual meetings, Karsun team members share feedback and concerns directly with our executive team with their recommendations to make Karsun an even better place to work. Lunch with Leadership gives managers the same opportunities to advocate on behalf of their teams.

Additionally, every employee has access to Karsun career pathing, a tool that allows them to view the pathway to every role at Karsun from entry-level through CEO. The tool suggests resources for an employee to progress and grow at Karsun. As a team growing together remotely, these resources are available to all team members regardless of their location via our Karsun Konnect app.

We extend this commitment to growing diverse teams outside Karsun as well. We invest in supporting community organizations that enable people from diverse groups to grow in their careers. This includes organizations like TiE DC, which hosts entrepreneurship programs for current and future technology leaders. Or Women in Technology, which empowers women and girls exploring careers in STEM. Many of our senior leaders and executives also support industry organizations such as the American Council for Technology-Industry Advisory Council (ACT-IAC).

While we are proud of past recognition for our diversity efforts, we are excited to see how the diverse experiences of our team members inspire us to build better solutions for our government customers. Teamwork and collaboration are core to the work we do. Learn more about meaningful opportunities to join our collaborative culture at KarsunCareers.com.

Each quarter we celebrate a special group of individuals at Karsun. These team members, nominated by their collaborators and leaders, embody our core values. Their work represents the values that drive us to deliver quality solutions to our U.S. government customers.

A recent LinkedIn survey found 82% of U.S. workers said it is important that their company’s values align with their personal values. We know core values are important to our team members, which is why we honor our values throughout the year. And it is also the reason we take special care to recognize how excellence, innovation, teamwork, commitment, integrity, and fun all help us deliver exceptional solutions to our government customers.

Excellence

At Karsun, we celebrate excellence in all we do. That includes recognizing team members who go the extra mile to learn or enhance their skills to deliver on a critical project. We also honor team members who take on new projects and responsibilities. We recently recognized a team leader who embodied both of these qualities. He stepped in to perform hands-on work when his team needed additional support. As a result, that team exceeded customer expectations on their project. When we recognize excellence, we honor both the outcome and the initiative, time, and effort required to obtain those results.

Innovation

In addition to our monthly Innovation Town Halls, we also recognize some of our innovators during our quarterly awards ceremony. Every team member at Karsun has access to the Karsun Innovation Center, no matter their role. In one instance, a recent winner was celebrated for her work prototyping a synthetic data solution within a short time frame. This award also promotes work that may otherwise go unacknowledged publicly because it relates to confidential or proprietary projects. We use this opportunity to celebrate the members of our challenge teams that take on additional work beyond their usual duties to support new opportunities.

Teamwork

Our team champions and experts unite to build extraordinary solutions for our government customers. We honor the champions that implement better ways for their teams to work together. One of these team leaders was recognized for updating onboarding, reporting, and standard operating procedures for one of our helpdesk/operations and maintenance (O&M) teams. These major process improvements enhanced the relationship between his team and other teams, and our customers. A team member from our finance team was also recognized for similar process improvements. We celebrated her for not only improving productivity across teams but the way she builds trust and loyalty within her own team as well.

Commitment

We are committed to building modernization solutions that are built to last. That commitment extends from our practice advocates in the Innovation Center to our delivery teams. As part of our organization-wide commitment to this cause, many of our team members pitch in to grow our company in a way that ensures we have knowledgeable experts on every team. Last fall, one of these individuals was recognized for his commitment to ensuring talented team members join Karsun during rapid growth. He dedicated his time to interviewing and was ultimately responsible for multiple new Software Development Engineers in Test (SDET) joining Karsun.

Integrity

We conduct ourselves with honesty and fairness. That means doing the right thing for both our employees and our customers. That also includes acting proactively to ensure we do things the right way every time. We recently recognized a member of our quality assurance team for his management of our Software Process Engineering Group (SPEG). Under his management, that group is responsible for designing and executing quality assurance programs across Karsun teams to ensure we continually meet audit standards and best practices.

Fun

From day one, Karsun celebrated fun as one of our core values. That includes both a commitment to spending meaningful time together through events such as family picnics and team celebrations to ensuring our teams use their time in the way that is most efficient for them. Several of our core value award winners were recognized for going beyond one of the core values described above to improve the culture of their team. Nominations for our awards frequently mention how these stellar individuals improve team morale, bring empathy to their projects and improve the overall experience of working at Karsun.

Our core values inspire us to deliver extraordinary solutions to our government customers. These values are important to us, and we hope they might be important to you. If these stories inspired you to join a team where we honor and recognize strong values, then it is time to Find Your Next at KarsunCareers.com.

The Great Resignation is out, and the Big Stay is in. At least according to a recent report from ADP, which observes many people are opting to stay in their current roles rather than risk an unsteady job market. However, at Karsun, we are still growing and want you to grow with us!

Here growth is about more than moving up (though if that is important to you, we hope you do that too!). It is also about growing your expertise and technical skills in government technology projects. We are an information technology consulting company, but our teams exclusively serve the federal government. If you want to grow your career in public sector IT, there is no better place to be than Karsun.

Grow to Serve the Mission

We support important missions at agencies such as the Federal Aviation Administration (FAA) and the Federal Emergency Management Agency (FEMA). We prioritize training to ensure our support of the mission continues. We proudly recall several examples when our teams persevered, despite external constraints. During the 2019 Government Shutdown, rather than send our teams home, we created a training program focused on developing the skills and tools that would best support our agency customers the moment the work stoppage lifted. Likewise, during the early days of the pandemic, one of our teams not only continued delivery on their current project but due to their expertise in enterprise modernization and grants management systems onboarded a new program to support first responders.

Because our training programs anticipate the needs of our agency customers, we can ensure they meet their missions. And as our customer wins, our teams share in those successes while growing their experience in new technologies and tools. Our Innovation Center has dedicated technical practice areas and experts focused on modernizing Acquisition, Aviation, Grants, and Fleet management systems. These same practice leaders work with our Karsun Academy team to develop tailored training programs to support the needs of our customers and our teams serving them.

Grow with our Industry

In addition to our in-house resources, we also proudly support local industry organizations like the American Council for Technology-Industry Advisory Council (ACT-IAC). In fact, eleven Karsun leaders are ACT-IAC fellows, graduating from one of its exclusive professional development cohorts. We also support organizations such as Women in Technology to ensure our region has diverse opportunities to grow and excel.

Join our team and not only grow your technical skills but grow your knowledge and experience in public sector IT. In fact, you do not have to be based in the D.C. region to utilize our resources. Karsun hires remote roles nationwide, and all of our team members have access to Karsun Konnect, our virtual portal where they can access the same Innovation Center resources available to our local employees. Many of these tools and courses are designed for remote/asynchronous learning. Visit our Career Development page to learn more about growing with Karsun or apply today at KarsunCareers.com.

NIST 800-63-3 is a set of guidelines published by the National Institute of Standards and Technology (NIST) for digital identity management and authentication. These guidelines provide recommendations for digital identity proofing, authentication protocols, and federation models. NIST 800-63-3 is widely recognized as a valuable resource for organizations looking to improve the security of their digital identity systems and reduce the risk of fraud and identity theft.

It is also essential for government agencies because it works. For instance, state governments using solutions aligned with NIST Identity Assurance Level 2 (IAL2) standards saw a significant decrease in fraudulent COVID-19 unemployment claims. Whether adapting to changing mandates or incorporating industry standards such as NIST 800-63-3, Karsun has a solution to ease the adoption of security best practices during modernization.

The NIST 800-63-Standard

NIST 800-63-3 was released in June 2017. The guidelines were intended to improve online identity verification’s security and usability while addressing new threats and challenges that have emerged in recent years.

The guidelines are organized into three parts:

Digital Identity Guidelines: Guides establishing digital identity proofing and authentication procedures.
Authentication and Lifecycle Management Guidelines: Describes implementing and managing identity credentials and authentication.
Federation and Assertions Guidelines: Provides guidance for federated identity systems and how to use assertions to share identity information between systems.

Since introducing NIST 800-63-3, these standards have become industry best practices for identity management. In addition to NIST 800-63-3 compliance, agencies are prioritizing Zero Trust as a key component of securing the User and App pillar. For example, the FAA’s 2022 AIT annual report states, “[its] network environment now operates within a Zero Trust security model, which requires users to be authenticated, authorized, and continuously validated to be granted access to a network, system, or application.” The agency’s cybersecurity-related improvement activities support the transition to Zero Trust, as well as its implementation of a new multi-factor authentication (MFA) service for users who would like to access the FAA’s network, systems, and applications.

Complementing Secure By Design Architecture

At Karsun, incorporating NIST 800-63-3 standards is part of designing secure digital architecture. Incorporating these guidelines into a secure by design architecture involves creating systems and applications with security considerations at every stage of the development process, from design to deployment.

The guidelines recommend using risk-based authentication (RBA) to assess the risk associated with each access attempt. We design systems and applications with RBA in mind and implement automated risk assessment tools to make real-time decisions about access requests.

Key to our solutions is NIST 800-63-3 adherent identity proofing. This process involves verifying user identities using multiple sources of data. We incorporate these guidelines into the design process to ensure that user identities are verified before granting access. We also consider federation and assertions. We integrate NIST 800-63-3 standards into the design process if the system or application interacts with other systems or applications.

In addition, NIST 800-63-3’s guidelines on digital identity proofing can help organizations implement identity verification procedures consistent with the zero trust principle of “never trust, always verify.” By using a risk-based approach to identity proofing, organizations can better assess the trustworthiness of each user and device and limit access to sensitive data and applications only to those users and devices verified to be trustworthy.

We design systems and applications with secure coding practices in mind and follow best practices for secure coding throughout development. In our implementation, we automated mobile testing via functional testing tools like Appium. We used code scanning and container image scanning tools to identify and mitigate vulnerabilities earlier and address those issues before deployment.

By incorporating NIST 800-63-3 guidelines and a zero trust framework into a secure by design architecture, agencies can develop systems and applications that are secure by default and can better protect sensitive data and resources.

Complexities to Implementing Authentication

While adhering to these standards is essential to building a secure application, it introduces added complexity to modernization projects. The standards specify appropriate authentication approaches based on different risk levels. Each has extensive rules, and the requirements for various authenticators may be overwhelming, unclear, ambiguous, and conflicting. Addressing each of these Authentication Levels across devices effectively can hinder the successful adoption of the security standards.

Identity Reference Framework

To meet this challenge, Karsun introduced an Identity, Credential and Access Management (ICAM) reference implementation. We customized the Keycloack open source tool via a specific Service Provider Interface (SPI) to address the complex NIST authenticator requirements while accelerating the adoption of those standards. Our team began with a risk based assessment, identifying the authentication workflows and their requirements based on risk level.

Next, using Keycloak, we created custom implementations for each workflow. Using these workflows, we created custom templates for new user sign-up forms. We also adapted these custom templates to adhere to US Digital Services (USDS) standards. This approach created a repeatable identify framework we could implement as a plug-in that can be deployed over an open source Keycloak container.

Not only does this approach reduce complexity, but it is also a more secure implementation. It allows the user, when appropriate, to use authentication other than a simple password. When using an authentication type such as FIDO2, the user enters a PIN or uses biometrics to authenticate successfully, then the authenticator uses the key in the device to sign the challenge from the identity provider. Thus the key never leaves the device. Using this highest-level-without-password/passwordless approach was more secure while simultaneously providing a better user experience.

Additionally, by using Keycloak to build our own identity reference framework library, we addressed a common concern with implementing open source tools. Using a template library created a clear separation between Keycloak and our ability to update the plug-in. We designed the library to keep the templates up to date and maintain the application’s security rather than relying on Keycloak itself.

Accelerating Identity and Access Management Adoption

Like many Karsun toolkit components, these identity reference framework resources are available to our team members to use through our InnerSource library. Evolving from an Innovation Center research and development project to a validated implementation, it can now be used as one of our readymade toolkits. All Karsun teams now have access to these vital resources and ensure that our teams can accelerate the implementation of emerging identity and ICAM standards in your agency’s modernization efforts.

Content from this post initially appeared from Pavan Kurkal as part of Karsun’s Monthly Innovation Town Hall series. These events present innovative solutions from our delivery teams across Karsun. Pavan is an engineer with the Karsun Innovation Center specializing in identity and access management.

As wildfires, tornados, flooding and other climate disasters threaten our nation, now is the time to improve the climate resiliency of our communities. The number of disasters totaling over a billion dollars has risen considerably over the past five years, with nearly 18 events a year. In some communities, the impacts of this rising rate in large-scale disasters resulted in the disruption of critical services, depressed property values, soaring insurance rates, and long-term infrastructure damage. By helping build resilient infrastructure before major disasters, climate resiliency aids diverse communities in weathering the impacts of accelerating climate change.

Karsun’s grants management modernization work supporting the Federal Emergency Management Agency (FEMA) includes its Grants Outcomes (FEMA GO) platform. This project enables FEMA to more efficiently deliver resiliency grants such as the Building Resilient Communities and Flood Mitigation Assistance. Improving climate resiliency through grants and other programs supports diverse communities in several ways.

Diverse communities are often the most vulnerable to extreme weather events, such as hurricanes, floods, and droughts. Improving climate resiliency can help reduce the impact of these events, which can help protect these communities from the economic and social costs of natural disasters. It can also protect the history of those communities for future generations. We previously shared how resiliency grants helped preserve the history of Princeville, North Carolina, one of the first towns formed by African American citizens in the United States.

Beyond preventing the harms caused by natural disasters, resilient infrastructure projects bring many benefits to communities. Improving climate resiliency might include planting more trees and creating green spaces. This helps mitigate the urban heat island effect and provides a range of other benefits, such as improving air quality and supporting biodiversity. This may also involve promoting sustainable agriculture, supporting local food systems, and implementing practices that help communities adapt to changing weather patterns. This, in turn, may increase access to fresh, healthy, and affordable food. Additionally, climate resiliency may introduce measures to reduce air pollution and promote active transportation, such as walking and cycling, which can help improve public health outcomes.

Overall, improving climate resiliency supports diverse communities by reducing their vulnerability to climate change, promoting environmental sustainability, and enhancing their overall well-being. The work done by Karsun grants management teams at FEMA support these efforts. Builders, experimenters, and innovators looking to Find Your Next while solving difficult challenges may apply for open roles at KarsunCareers.com.

Governments and corporations alike have adopted fleet electrification as a cornerstone of their plans to curb carbon emissions and head off climate change. As part of a pledge to make the federal government carbon neutral by 2050, an executive order from President Joe Biden targets an all-electric fleet by 2035. That is a fleet of 645,000 vehicles driving a whopping 4.5 billion miles a year.

Electric Fleets: Beyond Environmental Impacts

Among our fleet management projects, Karsun supports the modernization of GSA’s Advanced Fleet Platform. Karsun is proud to participate in this vital work preparing our nation for a changing climate. By using an electric fleet, governments can reduce their carbon footprint and help combat climate change. Electric vehicles also produce fewer pollutants than traditional vehicles, which can lead to improved public health. By reducing air pollution, governments can help prevent respiratory illnesses and other health problems associated with poor air quality. Moreover, electric vehicles can be powered by a variety of sources, including renewable energy sources such as wind and solar power. By using an electric fleet, the government can reduce its reliance on fossil fuels and increase its energy security.

Envisioning the Future: Empowering Local Communities

Fleet electrification is a unique opportunity to provide tangible impacts and community impact while addressing our changing climate. Federal agencies can lead by example and demonstrate their commitment to sustainability by committing to all electric fleets. This can inspire other constituents and localities to follow suit and make similar changes.

As an expert in both fleet management modernization and grants management, Karsun offers a unique opportunity for agencies to lead from the front on these initiatives. Our fleet and grants experts can help agencies modernize their systems to flow down grants to their constituents to accelerate the adoption of electric vehicles and other initiatives. Connect with us to learn more about our Fleet Management solutions or schedule a conversation with one of our enterprise modernization experts.

Remote work is no doubt popular with employees as demand for remote positions continues to grow. We have previously written about our commitment to flexible work environments, including remote work. Not only are remote and hybrid arrangements great for employee work-life balance, but they can also be great for the environment too. As part of our series this April examining the impact of Karsun’s work on the environment, we examine the ways in which remote work builds a healthier future for our communities and team members alike.

Remote work can conserve the environment in several ways. To begin with, by working remotely, employees can eliminate or significantly reduce their daily commute. That means fewer cars on the road, reduced traffic congestion, and lower greenhouse gas emissions from transportation. Remote and hybrid also reduce business travel, which is a significant source of carbon emissions. By using video conferencing and other remote collaboration tools, companies can reduce their carbon footprint. Teams in the Karsun Innovation Center support these goals by continually adding enhanced tools for remote collaboration to our Karsun Konnect employee application.

Adopting a flexible approach to remote work reduces energy usage and other waste. It moderates energy usage in buildings since fewer people are working in the office. This can lead to lower electricity and water consumption, as well as reduced HVAC usage. Karsun also uses a hoteling system as part of our Karsun Konnect app to better anticipate facilities and operational needs. This allows our onsite teams to act more efficiently to conserve resources when not in use.

Overall, remote work can help reduce the environmental impact of work and improve sustainability. But creating a better environment is also about encouraging a healthy and happy working environment too. Karsun commits to flexibility, work-life balance, and an open, collaborative culture as part of its employee-centered workplace.

Creating a Healthier Remote Work Environment

Remote work can offer several health benefits for workers. Remote work can reduce the stress of commuting and dealing with office disruptions. Workers can also have more control over their work environment, such as the temperature, lighting, and noise level, which can lead to less stress. Additionally, monthly Karsun Wellness newsletters offer tips and suggestions for reducing stress while creating a healthier work environment at home.

Flexibility is a core tenant of our approach to work. Whether that’s the flexibility to explore new technology or pick the best spaces to collaborate as a team. Remote and hybrid work offered at Karsun allows our team members to have more flexibility in their work schedules. Likewise, flexible work options improve work-life balance by allowing workers to spend more time with their families, pursue hobbies, and engage in self-care activities, which can reduce stress and improve mental health.

Working from home can also encourage a healthier lifestyle, as workers have more time for exercise and healthy meal preparation. In fact, we actively encourage our team to use Karsun resources to focus on their health throughout the work week. Our team members may tune in to weekly remote exercise and fitness groups through our Karsun Konnect.

At the same time, giving our team members the opportunity to work remotely when appropriate can also reduce exposure to illness. Workers that have the option to work remotely can reduce their proximity to others who may be sick. We also ensure our team members remain healthy throughout the year with award-winning benefits and generous paid time off.

Overall, remote work can offer a range of health benefits for workers and a healthy environment for our communities. This contributes to improved well-being and quality of life for all. Those looking for a healthier environment where happiness thrives can check out career opportunities at KarsunCareers.com.

Resiliency is about more than protecting our current possessions, it’s about preserving our past. As we enter Black History month this February, we are reminded of the importance of preserving our historic sites in areas threatened by climate change. Karsun proudly supports the work of African American communities preparing for the future by building resiliency now. Our grants management modernization program supports the Federal Emergency Management Agency (FEMA) and its Grants Outcomes (FEMA GO) platform. Through this platform these communities may apply for resiliency grants and save critical historic sites.

Princeville, North Carolina is one town protecting their history now as they prepare for future climate conditions. A recent video from the FEMA reveals resiliency efforts here. Founded in 1885 Princeville was among the first towns chartered by African American citizens in the United States.

At the conclusion of the United States Civil War, former slaves settled in an area named Freedom Hill. Residents named the fledgling community after the high bluff where newly freed slaves announced the Emancipation Declaration. Later the town incorporated, naming itself after ex-slave Turner Prince who built many of the community’s homes.

For residents of Princeville, resiliency is about more than protecting their homes, it’s about protecting this history. Much of the town is located on swamp land which is particularly vulnerable to flooding during hurricane season. In 1999 the Princeville Dike failed and water rose 23 feet above the streets. It was declared a National Disaster Area, with destruction not only to homes and businesses but also to the historic cemetery located in the town.

Residents are still recovering from Hurricane Floyd in 1999 and later Hurricane Matthew in 2016. Nevertheless, as the FEMA clip shows, the residents maintain hope for a vibrant future. Envisioning a town as a historic destination, they dream of sharing their story while growing the town for the next generation.

In 2020, the town of Princeville was selected to receive FEMA funding, as well as funds from the State and other entities, to support the town’s vision for resiliency and growth. These funds have enabled the residents of Princeville to elevate homes to protect against future flooding, rebury caskets that had washed up from the graveyard, and improve the levees to protect the town from future flooding.

Karsun is working with FEMA to modernize FEMA’s ten legacy IT systems and 40+ grants programs into a single grants management platform, as part of the FEMA GO modernization. This effort will standardize business processes through a consistent grants management lifecycle, enabling FEMA to more efficiently deliver grants such as the Building Resilient Communities and Flood Mitigation Assistance to support relief and reconstruction of towns like Princeville.

Resiliency grants and other FEMA programs help residents prepare for a better future while honoring their past. Karsun’s grants management modernization experts proudly support this agency’s mission.

About Karsun Solutions

Karsun Solutions modernizes enterprise systems enabling agencies to make the next technological advancement their next opportunity to elevate mission capability. IT solutions from Karsun are tailored to meet agencies’ unique needs and optimize operations. These solutions adapt and stay relevant to current trends while using secure, digital architecture built to last. It is a proven modernization partner whose expertise elevates agency capabilities and ensures every next opportunity is within reach.

Spurred by the mounting cyber threats targeting the country, the White House issued an Executive Order mandating agencies enhance and strengthen our nation’s cybersecurity. Hence, government agencies must continuously strengthen their cybersecurity postures when modernizing. Part of that process is the implementation of Zero Trust Architecture (ZTA). As a recent analysis in Nextgov suggests, ZTA structured around a service mesh provides a novel and efficient approach to rapidly implementing cybersecurity in legacy applications. Karsun is at the forefront of delivering these service mesh based solutions.

Zero Trust Architecture

ZTA is a strategic cybersecurity strategy to secure an organization by eliminating implicit trust and continuously validating every stage of digital interaction by verifying people and devices accessing applications, data, and systems.

Based on our extensive experience in modernization, we strongly recommend that any modernization efforts adopt a zero-trust architecture. At the same time, ZTA can be challenging to implement when compounded by the presence of legacy systems and applications that aren’t made for a distributed, cloud-based environment.

An effective way to manage and solve that problem is using a service mesh. A service mesh offers a dedicated domain-agnostic infrastructure layer (abstraction) that you can add to your services for capabilities like observability, traffic management, and security without adding them to your code. While most commonly used for cloud-native capabilities, such as microservices and containers, a service mesh can be the most efficient way to bring legacy systems into the ZTA fold.

Karsun’s Service Mesh Pilot

Our Innovation Center pilots and validates innovative approaches to enterprise modernization through several pathways, including Innovation Weeks, codeathons and delivery-guided pilot programs. In one such pilot program, we introduced a service mesh in a legacy application system. While common for containerized systems, our implementation went one step further, examining the opportunity for ZTA modernization in a non-containerized legacy application. We found a service mesh based approach provides a compelling alternative to lift and shift methods.

Most service mesh solutions are designed to be used in a Kubernetes environment. In our proof of concept, using HashiCorp Consul we built a service mesh for a non-containerized legacy app. Using a service mesh allowed us to adapt the legacy application to meet the identity management requirements of a zero trust environment.

A core ZTA tenant requires us to verify the identity of resources accessing the system. Combining HashiCorp Vault allowed us to integrate with Google OAuth2 for identity and access management. Users and applications authenticated happens before their request reaches servers or containers.

When implementing ZTA, you also should provide the lowest level of privileges possible. In our implementation, the services always start with no trust and no allowed routes. We configured all traffic via policies to ensure only authorized sources get access to the services. We also secured service-to-service communications while controlling outbound communication. With our service mesh, we found we could secure communications between Windows Server hosted applications and Linux based containers operating on Kubernetes through AWS EKS or AWS Elastic Container Service.

Combining these two tenets ensures a bad actor using compromised credentials does not have the attack surface necessary for great damage to the system. A service mesh like that implemented by our pilot team supports the identity and access management necessary for a true ZTA environment. Moreover, it can be used in both containerized and non-containerized environments. It is a powerful option for agencies looking to build ZTA for greenfield development and legacy application modernization.

Our Zero Trust Architecture Service Mesh is a product of the Karsun Innovation Center (KIC). Want to learn more? Check out the new Getting Legacy Systems Up to Speed With Modern Security report from GovLoop.