Transforming Government Tech Governance: Utilizing AI & PowerApps to Manage 800+ Custom Applications
Many U.S. Government agencies utilize several hundred different technologies to create custom-built applications. Given the multitude of technologies—each with its unique purpose, version, and security requirements—it’s essential for agencies to establish an effective mechanism for tracking both custom applications and the specific technologies they employ. Unfortunately, these technologies and applications are often not tracked effectively or are documented in a way that fails to inform developers and key stakeholders about their purpose and availability. This oversight can lead to security vulnerabilities as developers rely on outdated and unapproved technologies, resulting in many organizations reporting significant “technical debt” associated with their custom-built applications.
To address these issues, Quantum Insights developed a solution to streamline the collection of over 800 technologies used to develop custom applications within a healthcare agency of the U.S. Government. Alongside this solution, Quantum Insights also implemented a new governance process to improve the technology review and approval workflow, thereby addressing technical debt. Quantum Insights’ approach to developing this solution was divided into three core tasks:
Rationalize the Collection of Tools and Technologies
Quantum Insights identified that the legacy process of tracking software did not provide adequate information on both their purpose and availability, leading to technical debt and redundancy. To address these pain points, Quantum Insights created a new data storage system with enhanced labels that provide greater insight into the functions of various technologies, enabling leadership to identify instances where multiple technologies and applications serve the same purpose.
Develop Common Operating Environment (COE) Application
Quantum Insights recognized the need for a scalable solution to better manage the enterprise technology stack used for developing custom applications. To that end, Quantum Insights utilized Microsoft PowerApps to rapidly design, develop, and deploy the COE application. This application utilized a cleaned version of existing data, enhanced with additional details regarding each technology’s intended purpose. It was made publicly accessible to leadership and developers, enabling them to input data on the technologies they use and view in real time which technologies (and their versions) are approved for development. Our team also incorporated AI and LLMs to help developers identify alternative technologies within the COE, in the event that they were using a technology marked as not approved for use.
Develop and Instantiate COE Governance Process
A recurring concern within NIAID OCICB was the absence of policies and processes to manage technical debt effectively. This lack of structure led to underlying issues such as security vulnerabilities, increased ownership costs due to redundant technologies, and difficulties in keeping pace with the rapidly changing technology landscape.
Impact of the new Governance Framework
Quantum Insights established a new governance process with several benefits:
- Reduced Technical Debt: By providing visualizations of applications currently using outdated or unapproved technologies, allowing collaboration with application owners to manage and reduce technical debt over time.
- Reduced Technology Redundancy: By updating data labels for each technology to quickly identify technologies that perform similar tasks, thereby guiding developers to utilize existing technologies before requesting new ones.
- Ensured Technologies Are Running Their Best Supported Version: By marking each technology with a retirement date, indicating when applications should cease using outdated versions and upgrade to more modern, secure alternatives.
- Identified New Technologies to Incorporate: By collaborating with leadership, developers, and other stakeholders to identify and integrate emerging technologies and solutions into the technology stack, thus enhancing support for the evolving technological landscape.