How secure do we want to be?

This picture by Dustin Sacks shows the extreme measures one can take to feel secure.  It’s amusing that only one of the hundred or so locks actually anchors the bike to the bike rack.  Government web pages need to be secure, but currently there are many, many, different security practices—so many that it can be over-whelming.  Some are more important, while others are just cosmetic and provide only a false sense of security.  Some are not needed and may actually open the door to more attacks.  Over-zealousness may result in a situation like the bike pictured above.

Low Hanging Fruit

Why climb up the tree for an apple if you can reach the apple from the ground?  Removing the low hanging fruit for hackers needs to be first priority.  The OWASP Top 10 Risks represents the current low-hanging fruit.  If these risks are ignored, your site will be the first to get hacked.  For a development team the CWE/SANS Top 25 Most Dangerous Software Errors are more valuable and instructive.

Regular training has helped Partnet uncover and resolve vulnerabilities in DOD EMALL that was thought to be secure.  It has helped DOD EMALL  stay ahead.  Because of training with the OWASP top ten, Partnet added protection against CSRF attacks nearly a year before these protections were required by the Application Development and Security STIG in May.

Adding Depth

A government website cannot be content with simply removing the low-hanging fruit.  But with so many security activities, it’s hard to know what to focus on next.  For adding depth, the OpenSAMM (Software Assurance Maturity Model) project from OWASP provides that guidance.  It organizes many of the best security practices into a maturity model.  It organizes 12 general security practices into four business functions: Governance, Construction, Verification, […]

Beyond sales: Eight reasons why the DOD EMALL works for government

I was asked the question earlier:  “How is the DOD EMALL important other than as a sales tool?”

Apparently, the question took some people by surprise, but not me. The DOD EMALL provides several acquisition services that extend beyond traditional eCommerce (though that is certainly a big part of it).

Here are my top eight reasons why DOD EMALL works for government:

1. Saves money.  Buying online is inherently cheaper than going to a store or writing a contract for each purchase.

2. Global access – 24/7.  DOD EMALL provides a single point of access for users around the world, and around the clock.  This allows shoppers and vendors to work on their own schedules, regardless of time or location.

3. Innovation platform. For years, DOD EMALL has been a launching pad for several, new IT-acquisition practices and applications — resulting in a number of firsts for the Department of Defense:

Establishment of unique Service-acquisition rules like the Army JWOD/AbilityOne and the Army discount policy.
Strategic sourcing of office supply contracts — started by the Army, but now implemented for all the the Services.

4.   DLA enhancements.  DOD EMALL has opened up access to the Defense Logistics Agency’s managed items for Performance Based Logistics (PBL) contractors and state governments.

5.  NAVFAC base services.  For over ten years, the Naval Facilities Command has used the DOD EMALL to support base-services contracts on Navy and Marine bases worldwide.

6.  Government-wide Acquisition Contracts.  DOD EMALL allows  Military Services to grant and gain access to GWAC contracts from other federal agencies, enabling strategic sourcing across the Department of Defense.

7.  Data quality.  DOD EMALL regularly provides Level III credit card data to several Service systems, and soon the Federal Procurement Data System – Next Generation (FPDS-NG) as well.

8. […]

Governments using BPM for optimizing acquisition processes

Last week, Matt Langan of Appian had an excellent post on the emerging use of Business Process Management (BPM) software in the government acquisition process. He stated that, “we are seeing government embrace Business Process Management (BPM) acquisition solutions (versus COTS) in order to gain process transparency, react quickly to change and improve process efficiency; thereby allowing federal purchasing organizations to successfully enhance the entire procurement lifecycle.”

BPM software can guide government acquisition officers through the complex rules of government procurement — saving time and reducing administrative overhead and paperwork.  Each agency develops unique workflow and business-rule requirements, which in turn, are addressed by the application software.

With over 15 years of industry experience, Partnet understands the complexity of the business rules surrounding government acquisition, but also recognizes problems associated with implementing standard BPM applications.

Partnet’s BPM solution is a flexible and easy-to-use business-rules framework and workflow engine that directly addresses problems found in other BPM solutions.  Quartz BPM uses simple, UI-based wizards that allow any end user to design and optimize business rules and workflow for approvals, registrations, permissions, and more. These wizards help non-developers easily identify application trigger points, data entities, users, and other critical process elements. The Quartz BPM interface also generates graphical workflow representations that allow users to see their processes as they’re defined.

In other words, Quartz BPM helps align and continuously improve government and commercial  business processes.

Partnet supports DOD EMALL sales halfway around the world

Last fall, Ronald Inman of Naval Facilities Engineering Command (NAVFAC) Public Affairs reports that the NAVFAC Far East command generated a total of 3,367 orders and approximately $13.8 million in sales on DOD EMALL in fiscal year 2009 — more than any other NAVFAC command.

The DOD EMALL is a web-based Government eCommerce site enabling authorized military and government customers to search for and order products and services from a global community of government and commercial vendors. Operated on behalf of the Defense Logistics Agency, the DOD EMALL contains over 2,000 commercial catalogs offering nearly 70 million items.

NAVFAC Far East is based in Yokosuka, Japan — nearly halfway around the globe from the DOD EMALL’s home in Ogden, UT.  Partnet keeps the DOD EMALL applications running smoothly — 24 X 7, 365 days a year. Over the last year, Partnet maintained system uptime at 99.75%.    Without high system availability, NAVFAC would have been relegated to slower, less efficient forms of procurement.

Naming Conventions and Standardization: Improving Findability on the DOD EMALL

“What’s in a name? That which we call a rose by any other name would smell as sweet.”

Shakespeare’s famous quote may be true of flowers and lovers, but what about hardware and repair parts?

Name standardization and good data quality are important aspects of eCommerce,  but they are especially imperative in a Government eCommerce site, where the Federal Catalog System has required item identification and naming standards  since World War II.

Unfortunately, some manufacturers label items using cryptic part numbers that confuse customers.   Vendors frequently shrug this off, saying, “My customers know what my products are and how to find them.”  Vendors making this case, however, are simply cutting themselves off from a much larger customer base.

Naming conventions are one way to solve this, but even then, the conventions themselves must be standardized.  Lack of standardized naming conventions is a frequent problem within Government eCommerce sites.  A single item may have one name in the private sector, and an entirely different name in the government space.

Names may even change from region to region.  Take gypsum board, sheet rock, and wallboard, for instance.  Many customers might be surprised to find that these names all refer to the same item.  Allowing for the use of colloquial names makes it easier for the customer to find items in a Government eCommerce site.

Partnet continues to search for new ways to make products easier to find on the DOD EMALL.  Using standard naming conventions across suppliers and enabling colloquial search criteria are two ways we’re simplifying the process for EMALL customers.

In doing so, perhaps we afford them a chance to take time to  smell the roses.

DOD EMALL’s pivotal role in the Haitian relief effort

According to recent reports from the Defense Logistics Information Service:
DOD EMALL has been instrumental in the Haitian relief effort by providing a purchase venue for much needed relief material.  Many organizations, primarily the US Navy, has utilized the DOD EMALL Disaster Relief Corridor to procure relief items.

While most purchased items were medical in nature, other items included maps, clothing, and aircraft accessories, along with food and water.

To date, more than $2.25 million in disaster relief materials have been purchased through DOD EMALL for Haiti.  During the height of the relief effort, sales averaged $300,000 daily.  DOD EMALL remains at the vanguard of support as DLA’s premier eCommerce logistics support tool . . . ” DLIS-L (Logistics Systems, May 2010)
As the original developer and current operator of the DOD EMALL, Partnet takes great satisfaction in knowing its Government eCommerce solutions are helping the Haitian people in their time of need.  Further, we applaud the Armed Servcies, as well as the Defense Logistics Agency, for leveraging  eCommerce innovations  in support of the DOD’s international, humanitarian mission.

Does Data Quality Influence Government eCommerce Sales?

The simple answer is, “absolutely.”

eCommerce data quality relates to both invalid data and incomplete data.  Potential customers may find its difficult to recognize what they’re buying without an image or thorough description. Data analysis on the DOD EMALL shows that vendors providing robust data descriptions and product images sell much higher volumes then vendors providing minimal data.  Not surprisingly, the absence of a product image is often the most common catalog characteristic affecting sales.

Partnet engineers are working to improve master data verification and ensure the most complete, accurate data is available to DOD EMALL customers.  In addition, Partnet’s distributed architecture and vendor management system allows vendors to maintain and update their own product data through real-time connections, which has proven to be a faster, more efficient model than caching data with a third-party host.

Good data is also portable–that is, standardized in a way that makes it consumable to external applications and systems. Toward this end, Partnet is working to improve the quality and portability of data on the DOD EMALL, in accordance with Electronic Commerce Code Management Association (ECCMA) guidelines and ISO 8000-110:2009.

Robust data can’t be achieved overnight–it requires a sustained process and thorough commitment to data integrity. Enterprises willing to make that commitment, however, will find it translates into increased sales and satisfied customers.

Around And Around With Rounding We Go . . .

No, it’s not the latest Dr. Seuss book.  It’s dealing with rounding of numbers, and in this case currency within  eCommerce websites.

Rounding has been part of computer languages as early as FORTRAN and C, which started back in the 1950s.  Unfortunately for developers during those times, various forms of rounding had to be coded specifically for each instance.  Since then, however, more modern programming languages allow for various rounding options in much easier fashions.

eCommerce sites often integrate with multiple downstream systems.  The DOD EMALL — the largest Government eCommerce site for federal buyers — is no different.  Recent efforts within DOD EMALL have been to compare all uses of currency within the application, as well as to review their uses in downstream systems.

How many versions of rounding can there be?  Well, there are numerous forms of rounding, including round-up, round-down, round-ceiling, round-floor, round-half-even, round-half-up, and round-half-down.  It really depends on how complex you want (or need) things to be.  Software developers may be wondering why their code isn’t acting as expected, and will be seeking answers. As a DOD-contracted IT-provider for the DOD EMALL, Partnet has used several rounding functions, but here are a couple of examples:

The first example is the one you probably learned when you were a child. Round-Half-Up goes to the nearest neighbor —  less than 5 rounds down, equal to or greater than 5 rounds up.

Round-Half-Up Examples

Initial Value
2 Digits of Precision

3.2277
3.23

3.22277
3.22

3.22255
3.22

3.275
3.28

Round-Half-Even is different, as it rounds to the nearest neighbor value (less than 5 rounds down, greater than 5 rounds up), but if it is 5, then it rounds to the nearest even number (either by staying or going up).

Round-Half-Even Examples

Initial Value
4 Digits of Precision

3.22223
3.2222

3.222347875
3.2223

3.222247875
3.2222

So why is rounding a big deal?  If you […]

Market Forces in Government eCommerce

Last week I wrote about the success the Department of Defense is having in leveraging Government eCommerce for the strategic sourcing of its office supplies.  What I didn’t mention was the side effect its having on the pricing structures of  office supply vendors on the DOD EMALL.

In 2004, when the Army was establishing their strategic sourcing policy, they did a market-basket analysis of office supply prices on GSA Federal Supply Schedule Contracts.  In establishing their blanket purchase agreements with 20 office supply holders, they negotiated a 15% GSA  price reduction and mandated the use of those contracts.

Each of the Armed Services followed suit — negotiating their own office supply contracts and mandatory online purchase policies.  As a result,  DOD EMALL quickly became a magnet for office supply vendors, large and small. The number of office supplies vendors on DOD EMALL skyrocketed to over 500.  So when the Army redid their initial market basket analysis two years later, their 15% pricing advantage had vanished.

What happened?

Market forces brought down the prices of the competing catalogs.  By mandating the use of Government eCommerce for office supplies, the Army had saved millions of dollars on their own office supplies and created a savings environment for the whole Department of Defense.

Defense Acquisition Reform: Closer Than You May Think

The Department of Defense recently got an earful from the Defense Acquisition Reform Panel (DARP) over its “outdated” acquisition and contracting policies.  The panel’s criticisms centered largely on ill-suited “cultural issues” preventing the DOD from moving towards more IT-focused procurement methods.  Amber Corrin’s Inside DOD blog from Federal Computer Week gives a nice, high-level overview of this argument.

Recommendations made by the panel included:

Improved process for developing contract requirements
Performance-incentives for DOD’s acquisition workforce
Getting more value from the industrial base.

I can’t imagine the recommendations are anything the DOD hasn’t already realized.  As one of many DOD-contracted IT-providers, Partnet recognizes the changes DOD is implementing towards modernizing their IT-capabilities, particularly around acquisition.  The potential cost savings to taxpayers in finding smarter, faster ways to supply and equip our Warfighters is enormous.  And few know that better than the DOD.

However, the DARP report seems to imply that the DOD is sitting on its hands, meanwhile, letting old-fashioned acquisition protocol dictate the Department’s future.

Again, I’m pretty sure the DOD knows exactly what needs to done, and in many instance, is taking strong initiative to correct so-called “cultural issues”.  Government eCommerce, for instance, is one area where the DOD is making tremendous strides.

Debra Fryar has written a number of excellent posts on this blog illustrating exactly how the DOD is leveraging information technology towards streamlined acquisition and purchasing.  And DOD EMALL (which Partnet proudly built and operates, I might add) is a concrete example of the Department’s success so far.

Not to mention the DOD is also looking to technology for OCONUS souring and contracting solutions–specifically, the potential for web applications to optimize contingency contracts and purchasing from global vendors and local markets.

None of this is to say the DOD should […]

Google+