Spurred by the mounting cyber threats targeting the country, the White House issued an Executive Order mandating agencies enhance and strengthen our nation’s cybersecurity. Hence, government agencies must continuously strengthen their cybersecurity postures when modernizing. Part of that process is the implementation of Zero Trust Architecture (ZTA). As a recent analysis in Nextgov suggests, ZTA structured around a service mesh provides a novel and efficient approach to rapidly implementing cybersecurity in legacy applications. Karsun is at the forefront of delivering these service mesh based solutions.
Zero Trust Architecture
ZTA is a strategic cybersecurity strategy to secure an organization by eliminating implicit trust and continuously validating every stage of digital interaction by verifying people and devices accessing applications, data, and systems.
Based on our extensive experience in modernization, we strongly recommend that any modernization efforts adopt a zero-trust architecture. At the same time, ZTA can be challenging to implement when compounded by the presence of legacy systems and applications that aren’t made for a distributed, cloud-based environment.
An effective way to manage and solve that problem is using a service mesh. A service mesh offers a dedicated domain-agnostic infrastructure layer (abstraction) that you can add to your services for capabilities like observability, traffic management, and security without adding them to your code. While most commonly used for cloud-native capabilities, such as microservices and containers, a service mesh can be the most efficient way to bring legacy systems into the ZTA fold.
Karsun’s Service Mesh Pilot
Our Innovation Center pilots and validates innovative approaches to enterprise modernization through several pathways, including Innovation Weeks, codeathons and delivery-guided pilot programs. In one such pilot program, we introduced a service mesh in a legacy application system. While common for containerized systems, our implementation went one step further, examining the opportunity for ZTA modernization in a non-containerized legacy application. We found a service mesh based approach provides a compelling alternative to lift and shift methods.
Most service mesh solutions are designed to be used in a Kubernetes environment. In our proof of concept, using HashiCorp Consul we built a service mesh for a non-containerized legacy app. Using a service mesh allowed us to adapt the legacy application to meet the identity management requirements of a zero trust environment.
A core ZTA tenant requires us to verify the identity of resources accessing the system. Combining HashiCorp Vault allowed us to integrate with Google OAuth2 for identity and access management. Users and applications authenticated happens before their request reaches servers or containers.
When implementing ZTA, you also should provide the lowest level of privileges possible. In our implementation, the services always start with no trust and no allowed routes. We configured all traffic via policies to ensure only authorized sources get access to the services. We also secured service-to-service communications while controlling outbound communication. With our service mesh, we found we could secure communications between Windows Server hosted applications and Linux based containers operating on Kubernetes through AWS EKS or AWS Elastic Container Service.
Combining these two tenets ensures a bad actor using compromised credentials does not have the attack surface necessary for great damage to the system. A service mesh like that implemented by our pilot team supports the identity and access management necessary for a true ZTA environment. Moreover, it can be used in both containerized and non-containerized environments. It is a powerful option for agencies looking to build ZTA for greenfield development and legacy application modernization.
Our Zero Trust Architecture Service Mesh is a product of the Karsun Innovation Center (KIC). Want to learn more? Check out the new Getting Legacy Systems Up to Speed With Modern Security report from GovLoop.
Karsun Solutions concluded 2019 celebrating its ten year anniversary. In addition to early enterprise modernization leadership, it cemented a decade-long commitment to innovation through the Karsun Innovation Center (KIC). By combining industry leadership with ingenuity Karsun won multiple $100+ million prime contracts with IT modernization work at agencies including DHS, FAA, and GSA.
Today, the Innovation Center leads teams in researching emerging technologies, forming industry relationships, and developing customer prototypes. Karsun wraps up 2019 celebrating the innovative spirit driving these first ten years. From automation to zombie code the Innovation Center and Karsun leadership teams are IT leaders, lending expert counsel and educating the community on best practices in emerging technology.
ACT-IAC
Karsun Solutions Chief Operating Officer Terry Miller kicked off 2019 as the Industry Chair for the American Council for Technology and Industry Advisory Council’s (ACT-IAC) Partners Program. One of three professional development programs offered by ACT-IAC, the Partners Program pairs senior industry and government leaders together for a series of in-depth sessions throughout the year. This year’s program concluded with a series of panel presentations at the organization’s annual Imagine Nation ELC conference. In addition to the Partners Program, Senior Director of Business Development Juan Robles is an Industry Vice Chair for the Voyagers Program. Participants graduating from both the programs become ACT-IAC Fellows. In total two Karsun leaders became Fellows in 2019, Sudhir Duggineni and Shaunak Ashtaputre. Satish Alluri was selected for the 2020 Voyagers class. The addition of Satish will bring Karsun’s total number of ACT-IAC Fellows to ten.
AI/ML and RPA
In addition to ACT-IAC fellowships, Karsun experts also join the organization’s working groups. Manish Bhatia from Karsun’s Cloud Solutions practice is a member of both ACT-IAC’s Intelligent Automation Working Group and Igniting Innovation Selection Committee. This fall the working group released its Robotic Process Automation (RPA) playbook. The playbook is designed for government organizations considering RPA pilots or accelerated development.
Business Leadership at Scale
The Washington Business Journal honored Karsun Solutions CEO Sundar Vaidyanathan as a member of its 2019 Minority Business Leader Award class. Honorees are among the region’s top 25 minority business leaders. That spring he also joined the TiE DC panel on Scaling and Growth. With Sundar and Co-Founder Kartik Mecheri at the helm, the Karsun’s leadership expanded, including the addition of industry veteran Ben Marglin as the new VP of Client Services, as Karsun received a series of awards for growth and innovation in 2019.
CMMI Level 5 DEV
In February 2019, Karsun Solutions announced its software development unit was appraised at CMMI Level 5 DEV. At this level, an organization continually improves its processes based on a quantitative understanding of its business objectives and performance needs. At the time of the appraisal, fewer than 50 organizations in the United States were rated CMMI Level 5 DEV.
COMET BPA
The General Services Administration (GSA) announced in November 2019 Karsun Solutions was one of twelve vendors selected for a spot on the CIO Modernization and Enterprise Transformation (COMET) BPA. The vehicle is intended to create a multiple award BPA on GSA’s IT 70 Schedule. It is the successor to 2014’s CAMEO contract. Karsun’s GSA DMS program also celebrated its first anniversary this year.
DevOps Innovation Practice
The KIC spun off its new DevOps practice led by Samir Bham. It is the second of several practice areas launching from the Innovation Center. An employee-focused research and development unit, it enables the adoption of DevSecOps practices. This practice, along with the Data Practice launched in 2018, hosts weekly Work from KIC workshops held in the new Herndon Headquarters.
Employee Development
Karsun Solutions invested in employee development early in 2019. The firm took the opportunity to train the more than 150 team members impacted by the partial government shutdown. These team members returned to work in February with new skillsets in microservices, domain driven design, web application security and cloud solutions.
FEMA Grants Management Modernization
This year Karsun began work on the FEMA Grants Management Modernization (GMM) program. The Department of Homeland Security (DHS) awarded Karsun Solutions the Agile development contract. The program will streamline grants management across the agency’s 40+ grant programs through a user-centered, business-driven approach. This five-year single award Blanket Purchase Agreement (BPA) with a ceiling value of $80 million was awarded under Full and Open Competition. It was Karsun’s first Full and Open contract win.
Government Competency
Karsun Solutions received its AWS Government Competency in 2019. This designation recognizes that Karsun Solutions has deep experience developing solutions for government customers delivering mission-critical workloads and applications on Amazon Web Services. Leading up to the competency announcement the cloud solutions and DevSecOps practices shared some of their favorite AWS case studies.
Office Opening
In September Karsun Solutions moved into its new 75,000 square foot headquarters in Herndon, Virginia. The new facility supports teams servicing Karsun’s DHS, FAA, and GSA portfolios. It is also home to the Karsun Innovation Center and training facilities.
Records Digitization
Karsun Solutions Co-Founder and Chief Architect Kartik Mecheri appeared on Government Matters TV in April. On the program, he broke down NARA 2022 and the future of records digitization. Tune in to learn more about Karsun’s modernization approach.
SEC One IT
In March, Karsun Solutions announced the Securities and Exchange Commission awarded KHS Solutions, LLC a spot on the SEC One IT contract. SEC One IT is an indefinite delivery-indefinite quantity (IDIQ) contract with a ceiling value of $2.5 billion. KHS Solutions, LLC is an SBA approved 8(a) Mentor Protégé Joint Venture between Karsun Solutions (Mentor) and Mindcubed (Protégé).
Test Automation
Automation Test Lead Aditi Mulay spoke at several industry events throughout 2019 including Agile Testing Days and SeleniumConf London. Fellow automation test lead Ricardo Mediavilla joined her for Agile 2019. A trainer and mentor to QA teams Aditi speaks on Object Oriented Programming approaches to automation frameworks. She advocates for automating in the right manner and ensuring tests are reusable and maintainable.
Zombie Code
In October Karsun Solutions as part of its mentor-protégé JV KHS Solutions shared “Zombie Code,” a look at the importance of dead code analysis. This practice is already part of Karsun’s development methodology. It is also one of many ways the Innovation Center proactively prototypes solutions to common modernization problems while building a roadmap for adoption among Karsun’s delivery teams. The Zombie Code video was a special Halloween release on LinkedIn. Follow Karsun there for the latest on enterprise modernization, corporate growth and award wins.
George Mason University students partnered with the Karsun Innovation Center to develop a rapid prototyping tool for microservices. Joseph Oliver, Artin Malekian and Habib Khalid worked directly with the innovation team on the rapid scaffolding tool. The seniors completed the work as part of their Industry-Sponsored Senior Design Project. Now in its second year, the senior capstone project integrates students’ computer science coursework with hands-on work with their capstone sponsor. The course is a unique opportunity to connect students of the Virginia-based university with the local IT industry. Including Karsun Solutions, eight companies sponsored the work of 28 students as part of the project.
The rapid scaffolding tool developed by the students aids in rapid prototyping for both monolith and microservices applications. Rapid prototyping is of utmost importance to enable human-centered design of software-intensive systems. As organizations build Lean teams, they seek opportunities to build minimum viable products (MVPs) faster with reduced initial cost. Quick set-up, using a rapid prototyping tool, gives teams this power. As an IT modernization firm specializing in modern software development, cloud solutions and advanced analytics, this project supports teams across Karsun
JHipster (https://www.jhipster.tech/) lets development teams generate application code for a variety of frameworks and languages. With this project, the intention was to extend JHipster to include support for additional languages and frameworks, so that the development teams get additional choices for building faster prototypes including polyglot microservices. In particular, the team focused their efforts on enhancing GoLang support for backend services.
The project was mentored by Badri Sriraman and Shanmuga Palanivelu. Badri is Vice President, Karsun Innovation Center (KIC) and the Chief Innovator at GoLean.io. He is an accomplished Senior IT Architect, with over 22 years in developing solutions to modernize enterprise IT systems. Shanmuga has over 14 years of experience in software development doing software design, architecture and full-stack development. He is currently focused on both developing and deploying microservices at scale and implementing DevOps at scale.
Microservices innovation is one of several areas researched within our Karsun Innovation Center. This research and development unit consists of several prototyping teams and Centers of Excellence. These teams also act as subject matter experts, form vendor partnerships, arrange training and host a yearly internship. The innovation center is part of Karsun’s larger mentorship framework which includes industry associations, academic outreach and the Karsun Academy professional development program. We connect with both students and academics through hackathons, talks, and career fairs. The innovation center is still accepting Developer and DevOps interns into their summer program.