Federal Consulting Practice www.bstonetech.com 06/07/2022 Inside the Walled Garden Drupal in the Federal Enterprise CapitalCamp DC 2011 Presented by Dan Katz Blackstone Technology Group Proprietary and Confidential
Dec 05, 2014
Federal Consulting Practice
www.bstonetech.com
04/10/2023
Inside the Walled GardenDrupal in the Federal EnterpriseCapitalCamp DC 2011
Presented by Dan Katz
Blackstone Technology Group Proprietary and Confidential
04/10/2023Blackstone Technology Group Proprietary and Confidential
Introductions
Dan Katz [email protected] Blackstone Technology Group 6 years working with Drupal 3 years working with Drupal inside Big Organizations Currently at Office of CIO in large Federal agency
3
“If you wait to do everything until you’re sure it’s right, you’ll probably never do much of anything”
– Win Borden
Disclaimer
The content of this presentation is solely the thoughts and opinions of the speaker.
I am not an employee of, nor do I represent the US Federal Government or the Department of Homeland Security.
04/10/2023Blackstone Technology Group Proprietary and Confidential
Agenda
Who does Drupal impact inside an agency? What are their perspectives and expectations? Perceived Risks Technology Flow Model of Open Source in Gov Some Tips and Gotchas Opportunities
Goal – Balance & Perspective
Does it fit within
our Enterprise Arch?
What are the security controls
?
Wow we can
download anything we want!
…and share our work with the world! It
better be 508 complia
nt.
04/10/2023Blackstone Technology Group Proprietary and Confidential
7
Will it get meappointed?
What is this going to cost over
time?
A Challenge and Opportunity
“There is a fundamental dichotomy between what Drupal is in essence and what the government needs. The government needs a 70% solution – the ability to solve a problem. Drupal is a free form landscape, not tailored. It’s a toolset that covers too much ground. The government doesn’t want a toolbox. I don’t care about tools. What I care about is solving a business problem and what it’s going to cost over time.” - Federal Executive
04/10/2023Blackstone Technology Group Proprietary and Confidential
9
“My goal is basically to keep you developers out of a jumpsuit.”
– an ISM I know
Membrane
Risk Managem
ent
Enterprise Architectu
re
Inte
rnet
and
Ope
n So
urce
Com
mun
ity
Procurement
Contracts
Secu
rity
Priv
acy
Accessibili
tySELC/QA
Code
Inta
ke
Gov
Con
trib
utio
ns
Contractors and Vendor Comm
unity
11
Perceived Risks
Open Source FUD Immature CM/ALM Immature enterprise level vendor landscape Limited to MySQL database Lack of governance for community contributions Limited clustering support within Drupal itself Rapidly evolving technology requires engagement in community
to stay current – a “DIY” culture Documentation, training and developer information requires
network access to blogs, twitter, youtube, etc… Another technology stack End users not comfortable with non-Microsoft like web
interfaces
Security & Privacy
FISMA Controls Controls flow up the stack Don’t assume it’s all data center Think of Drupal as providing services – not an app Drupal access controls – 800.53 mapping
Drupal Gotchas Plain text password settings file Editing permissions for “anonymous users” Views – admin power and permissions PHP input filter
Procurement & Contracts
FUD around open source Pre-defined product/vehicle “shrink-wrapped” Federal acquisition regulation (FAR)
Open competes without SME’s in procurement Subs to subs to subs O&M, documentation needs
Supply and Demand problems
Compliance – 508
Myths “Drupal” is 508 compliant out of the box Only the “front-end” needs to be 508 compliant Accessibility is regulated the same way across all the
Federal agencies Drupal Gotchas
Core forms – title attributes on form elements Alt text on images Tables – scopes
Community – get involved
04/10/2023Blackstone Technology Group Proprietary and Confidential
Compliance – EA/SELC
Documentation Change Control More Drupal Culture Conflicts
Opportunities
Drupal distributions Unified processes and communities around
Drupal/OSS in gov Maturing vendor landscape Training and bringing more Drupal knowledge “in
house” to the government
04/10/2023Blackstone Technology Group Proprietary and Confidential
In Summary17
Technology moves faster than government Drupal is a catalyst Maturity doesn’t mean moving backwards Vendor and Open Source Communities can help