T-Rex SMART<sup>®</sup> Framework: Modernizing and Securing Environments

T-Rex SMART® Framework: Modernizing and Securing Environments

Date: October 7, 2020

T-Rex has designed, built, integrated, and operated some of the world’s largest mission critical systems for our government clients who need to leverage the power of data & the cloud while also holding to aggressive schedules. To support this, we developed the T-Rex SMART® Framework that offers an Agile and iterative methodology to take advantage of new platforms while meeting critical missions. This approach allows for micro or macro modernization in a structured fashion allowing for agencies to take advantage of available modernization funds. There are 5 steps to our framework:

S – Strategize and Stabilize

We leverage and enhance existing enterprise architecture (EA) roadmaps and perform application rationalization to establish a “landing zone” strategy for target applications. We take a structured approach to determine the most appropriate operating models (e.g., Cloud, on-premise virtualization, or bare metal) that should be considered for the greatest business benefit. The application rationalization task takes into account several factors in recommending a modernization path, including:

  • Licensing and cost optimization;
  • Cost, health, and longevity of the current hosting environment;
  • Overall value of the application to the mission and consideration of redundancies; and
  • Impact of current risk, schedule, and staffing baselines on modernization paths and movement to target stable platforms.

We then stabilize our project baselines. This includes the technical baselines such as requirements and functionality baselines, and the Implementation and Integration Plan (IIP). The IIP establishes the schedule and sequencing of modernization efforts that facilitates enterprise coordination.

M – Management and Framework

Once landing zones are determined, we establish or integrate with a management framework to provide a reporting mechanism and identify enabling tools. The framework defines core services (e.g., Network Segmentation, Configuration Management Database (CMDB), Continuous Diagnostics and Mitigation (CDM), Information Technology Service Management (ITSM), DevSecOps, and monitoring) to re-use or establish early to avoid rework and the associated added costs of doing this late. In addition, this is an important time to manage the start of FISMA compliance activities as well as provide cross-training for existing O&M staff.

A – Automate

Within the management framework and enabling tools, automation should be maximized to assure repeatability, consistency, and easy access to critical information. The core of our automation capability comes from our DevSecOps solutions, promoting automation of deployments, testing, scanning, and more. We start with discovery of existing processes and standards and then work with stakeholders to develop a roadmap to DevSecOps adoption and process and technology modernization.

R – Modernization (the 7 R’s)

Analysis of target applications determines which of the seven modernization options should be taken. The 7 R’s include: Relocate, Repurchase, Refactor or Rearchitect, Replatform, Rehost, Retire, and Retain. This is not just a one-time assessment. Our process is built to be revisited on a regular basis to determine if either technology or business factors have changed which approach is required for the applications.

T – Transition to Operations

After the application is moved, we execute our operational cut-over and monitor performance with existing O&M staff until all stakeholders sign off on a successful transition. Prerequisites to this cut-over include the completion of the ATO process to assure that Authorizing Officials and System Owners have accepted the documented security risks, implementation of controls, and any residual risk if applicable. In addition, T-Rex staff responsible for application modernization and migration engage with current system team members and operational support staff to capture and implement updates to existing O&M processes.

To learn more about T-Rex’s methodologies, check out the following:

recently posted
What We Can Learn from the SolarWinds Breach

What We Can Learn from the SolarWinds Breach

The SolarWinds breach in December 2020 demonstrates the importance of having a fortified cybersecurity approach to protect data. SolarWinds, a US-based software company, was hacked late last year. This breach remained undetected until early 2021. The supply chain attack introduced…

T-Rex Celebrates Women’s History Month

T-Rex Celebrates Women’s History Month

T-Rex is celebrating the women who shaped the tech industry. As an IT company, we’re constantly working to shape an equitable future for all by challenging gender stereotypes and improving the representation of women in Science, Technology, Engineering and Mathematics…

T-Rex at AWS re:Invent 2020

T-Rex at AWS re:Invent 2020

T-Rex partnered with the U.S. Census Bureau to implement a successful enterprise-wide IT Modernization, bringing the 2020 Census online for the first time in U.S. history without a single second of downtime. Presenting at AWS re:Invent 2020, Utpal Amin, T-Rex’s…

T-Rex #1 Cloud Support Services provider in Bloomberg Government analysis

T-Rex #1 Cloud Support Services provider in Bloomberg Government analysis

Cloud computing spend totaled $6.6 Billion collectively across the Federal government in 2020, despite multiple Cloud acquisitions being put on hold. This is slightly more than $6.1 Billion in 2019, according to a Bloomberg Government (BGOV) analysis. T-Rex rose to…