Platform Engineering Pushes Government to ‘Production as a Service’

Government agencies and defense contractors are adopting platform engineering to accelerate software deployment and reduce delays, noted Marine Corps Community Services Chief Digital Business Officer David Raley.

The model shifts away from manual authorization processes toward centralized platforms where infrastructure and security are delivered as a service, reducing the technical overhead required to achieve an authority to operate (ATO). Raley’s team is demonstrating this approach with Operation StormBreaker, a program aimed at tackling slow development cycles and burdensome authorization processes.

“We endeavor to abstract away almost all of the underlying infrastructure complexity from the engineer and focus them only on the application layer,” Raley said. “That’s what we do. And we provide the platform capability to the vendor or the mission owner, or on behalf of the mission or to the vendor, right to the application team as a service.”

Abstracting the Complexity

As the Pentagon confronts increasingly software‑defined missions, the War Department is emphasizing a shift toward standardized development platforms. In the DOW’s 2023 Digital Engineering Strategy, the department calls for establishing policy for platform engineering across acquisition programs and calls for a department-wide integrated digital approach that emphasizes digital engineering environments must enable earlier testing, faster iteration and more resilient software.

January’s DOW Digital Standards Strategy further establishes procedures for platform engineering standardization to

“ISO/IEC has developed an Online Standards Development Platform to be used for the native creation of SMART ISO/IEC standards, providing standards developers with digital tools to draft, edit, author, and coordinate standards,” the Defense Standardization Program Office wrote in the strategy. “This allows for end-to-end online standards development and configuration management processes. With this, ISO/IEC is also exploring the business models for distributing and commercializing SMART standards and identifying related legal implications in a newly digital market.”

The department has a series of platform engineering initiatives within its DevSecOps ecosystem, including the flagship Platform One, according to officials.

“The best example is Platform One,” George Lamb, the director for DOD Cloud and Software Modernization in the Information Enterprise Office of the DOD CIO told GovCIO Media & Research in 2025. “Working hand-in-hand with how we built Platform One, [the platform engineering ecosystem incorporates] Kubernetes, the containers, the service mesh and the way that microsegmentation and zero trust are built in … The strategy was going hand-in-hand, we informed it.”

Reducing Cognitive Load

The goal of StormBreaker and similar platform engineering initiatives is to reduce the “cognitive load” on developers. In a traditional government setting, a software engineer isn’t just writing code; they are often forced to navigate Kubernetes configurations, network pathing and complex Risk Management Framework (RMF) documentation.

“The issue is of a little wider scope than the cognitive load on platform engineers,” Raley said. “It’s all of the underlying infrastructure, the security control inheritance, the deeper look from a cybersecurity perspective and the way that you can position engineers to build and deploy code securely in minutes, as opposed to them focusing on all the other things.”

Raley said production — not sandbox environments — must serve as the “north star” for development. He described Operation StormBreaker as a “production-as-a-service” platform, designed to enable rapid deployment by decoupling infrastructure from application logic.

“[Sandbox overuse] is a problem that has plagued some of the software platforms across the DOW,” Raley said. “Most of them end up being in kind of ‘research, repair and treat it’ … StormBreaker’s north star has always been production. We know that that’s where the real impact is.”

Shifting Cybersecurity Outcomes

Raley said that platform engineering excels in its the ability to “shift left” on cybersecurity. Instead of waiting months for a final audit, developers receive real-time feedback through automated scanning tools, he said. The automation applies risk management requirements during the compile process, identifying vulnerabilities earlier than traditional methods.

“An engineer puts secrets in his code, and he tries to run the compile process, and we flag it with our scanning tool, and we push it back to him with a report that says, ‘hey, don’t put secrets in your code,’” Raley said of the quicker ATO process. “It’s all of the underlying infrastructure, the security control inheritance, the deeper look from a cybersecurity perspective and the way that you can position engineers to build and deploy code securely in minutes.”

Raley added that the impact needs to be much broader than a single program like Operation StormBreaker.

“We need 200 StormBreakers for the Department of War,” he said. “Can we move to the concept where this is provided as a service, so it doesn’t have to be redone every time?”