Keep More, Store Less: The Case for Advanced Compression in Federal EDR

Posted on by Richard Verwers

How agencies can retain full-fidelity data without overspending on storage

Endpoint detection and response (EDR) depends on data. The more telemetry you collect, the more context you have to detect threats, investigate incidents and meet Federal compliance requirements.

But data volume is also the problem. Federal agencies generate massive amounts of endpoint telemetry every day. Process activity. File changes. Network connections. User behavior. Multiply that across thousands of devices and storage requirements quickly grow beyond what many teams can sustain.

Security teams often face a difficult tradeoff: retain full-fidelity data and absorb higher storage costs, or limit retention and risk losing critical visibility.

That tradeoff is no longer necessary. Advanced data compression changes the economics of endpoint visibility. Agencies can retain unfiltered telemetry for extended periods without expanding storage budgets or adding operational complexity.

The Visibility–Storage Tradeoff is No Longer Sustainable

Federal cybersecurity requirements continue to raise the bar for telemetry collection and retention. Agencies must support Zero Trust initiatives, continuous monitoring programs and audit readiness. Modernization efforts increase the number of connected endpoints, including cloud workloads, remote systems and contractor-managed devices. Each new endpoint expands the telemetry footprint.

At the same time, budgets remain under scrutiny. Storage infrastructure must compete with other mission priorities and security leaders must justify every dollar. When storage costs climb, teams often respond in predictable ways:

Reduce retention windows
Sample or filter telemetry
Drop lower-priority event types
Offload data to external archives that are difficult to query

Each of these approaches creates blind spots. Shorter retention windows limit historical investigations and filtered data weakens threat hunting while fragmented storage slows response times.

In a threat context where adversaries can dwell quietly for months, incomplete data is a liability. Agencies need a way to collect and retain comprehensive telemetry without creating unsustainable storage growth.

Compression-First Architectures Improve Data Retention

Traditional security platforms treat compression as an afterthought. Data is collected at scale, stored in raw or lightly optimized formats and compressed later in the pipeline. By then, infrastructure costs are already locked in.

A compression-first architecture takes a different approach. Advanced compression techniques reduce data size at ingest. Telemetry is optimized as it enters the platform, not after it has consumed storage resources. The result is a significantly smaller storage footprint without sacrificing fidelity. For Federal security operations centers (SOCs), this shift has meaningful impact:

Longer retention without higher cost – Agencies can retain 180 days or more of full-fidelity telemetry while remaining within budget constraints.
Unfiltered visibility – Teams do not need to decide in advance which data might matter later. They can keep it all.
Faster investigations – Optimized storage enables efficient querying across large datasets, supporting threat hunting and incident response.
Simplified architecture – Native compression reduces the need for external storage tiers or complex archival systems.

Instead of managing tradeoffs, security teams regain flexibility.

Full-Fidelity Data Supports Compliance and Zero Trust

Federal mandates increasingly require measurable security maturity. Continuous monitoring, device-level visibility and documented audit trails are central to that effort, and retention depth matters.

When agencies can access complete endpoint histories, they strengthen their ability to:

Validate Zero Trust controls within the device pillar
Reconstruct events during forensic investigations
Demonstrate compliance with evolving Federal security requirements
Support reporting obligations tied to vulnerability and risk management

Short retention windows make it harder to answer fundamental questions: When did this behavior begin? Was lateral movement attempted? Did similar activity occur on other systems?

With compressed full-fidelity data, those questions become easier to answer and teams can look back months, not days. This level of historical visibility supports stronger analytics, more informed risk decisions and more defensible reporting.

Cost Efficiency Matters Under Federal Scrutiny

Every Federal technology investment must demonstrate operational value. Advanced compression directly addresses cost concerns in several ways:

Reduces total storage consumption
Delays or eliminates additional infrastructure purchases
Lowers operational overhead tied to managing multiple storage systems
Minimizes data movement between tiers

At the same time, it strengthens the overall security posture by preserving data that might otherwise be discarded. This combination of efficiency and depth is particularly important for agencies balancing modernization initiatives with budget discipline.

Security cannot become a cost center that expands without limit. It must scale responsibly. Compression-first EDR architecture supports that balance.

The Federal security community no longer needs to accept a compromise between cost and visibility. Advanced data compression enables agencies to:

Collect unfiltered endpoint telemetry
Retain data for extended periods
Support Zero Trust maturity
Strengthen investigative capabilities
Maintain fiscal discipline

As agencies define the next standard for Federal EDR, data strategy must be part of the conversation. Retention, accessibility and efficiency determine whether telemetry delivers long-term value.

Carbon Black and Carahsoft help Federal agencies adopt a compression-first approach to endpoint detection and response, so teams can keep more data, store less and operate with confidence.

Contact us to learn how your agency can adopt a compression-first approach to endpoint visibility while staying within budget.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Top 5 Insights for Government from HIMSS 2026

Posted on by Tim Boltz

Healthcare and technology leaders convened at the Healthcare Information and Management Systems Society (HIMSS) 2026 conference with a shared sense of urgency as the Federal health ecosystem is undergoing one of its most significant transformations in decades. Across panel sessions, discussions highlighted both the structural challenges and strategic investments shaping Government health agencies, from modernizing public health data infrastructure to addressing long-standing interoperability barriers that have fragmented care delivery.

Five critical insights emerged that define a path toward a more connected, data-driven and patient-centered Federal healthcare system.

Federal AI Policy Is Being Rebuilt Around Coordination, Not Fragmentation

Leaders from the Department of Health and Human Services (HHS) emphasized that agency-by-agency artificial intelligence (AI) experimentation is ending. With dozens of programs across its divisions, HHS has restructured its AI strategy around three coordinated pillars: regulation, reimbursement and research/development.

Historically fragmented efforts created conflicting signals and limited cross-agency innovation. Now, the Secretary’s office serves as an alignment layer, ensuring regulatory decisions at the Food and Drug Administration (FDA), reimbursement policies at the Centers for Medicare and Medicaid Services (CMS) and research investments at the Advanced Research Projects Agency for Health (ARPA-H) are coordinated. The goal is not to expand Government roles, but to remove barriers and accelerate adoption of existing technologies.

The FDA is rethinking how AI-enabled medical technologies are regulated. After authorizing more than 1,000 AI and machine learning products, primarily in radiology but expanding into other domains, the agency recognizes the limits of a pre-market framework designed for static hardware, not continuously evolving software. Leaders described a shift toward lighter pre-market review paired with stronger post-market surveillance, focusing on real-world performance, model drift and patient outcomes. This approach requires new regulatory frameworks and enhanced data-sharing between developers, providers and regulators.

ARPA-H complements this work by funding high-risk, high-reward innovations not supported through traditional mechanisms. Notably, no generative AI (GenAI) technology capable of providing clinical care has received FDA authorization, a gap the agency aims to close. One flagship initiative supports AI systems capable of performing comprehensive physician functions, developed alongside the FDA to establish new regulatory pathways. Additionally, ARPA-H is investing in “supervising agents,” systems that monitor and control deployed AI, addressing the scalability limits of human oversight.

The VIP Sets a New National Standard for Health Data Exchange

The Department of Veterans Affairs (VA) positioned itself as a national convener for interoperability through the Veteran Interoperability Pledge (VIP), which unites leading health systems to improve care coordination for veterans regardless of where they receive care.

Grounded in the Elizabeth Dole Act, the initiative mandates rapid adoption of national interoperability standards across care coordination, benefits, identity matching, quality measurement and public health. VA leaders outlined a layered interoperability model—from foundational standards such as X12, Fast Healthcare Interoperability Resources (FHIR) and Bulk FHIR, to data quality frameworks like Patient Information Quality Improvement (PIQI) and ultimately to advanced analytics and decision support. The key message: interoperability is foundational, but value is created through what is built on top of it.

Operationally, the VIP is already enabling real-world capabilities. The Veteran Confirmation Application Programming Interface (API) allows Electronic Health Records (EHRs) to verify veteran status in real time, supporting eligibility recommendations under the Promise to Address Comprehensive Toxics (PACT) Act and the Comprehensive Prevention, Access to Care and Treatment (COMPACT) Act. Two workgroups are developing recommendations for identity verification and care coordination workflows, targeting submission by the end of March. A structured cadence of monthly plenaries and bi-weekly workgroups ensures continuous alignment between policy, standards and implementation.

Seamless Collaboration Requires Breaking Down Technical and Cultural Barriers

Federal, State and Local leaders underscored that populations served by multiple programs cannot be effectively supported by siloed agencies. Both technical and cultural barriers must be addressed simultaneously.

At the Federal level, CMS, VA and the Indian Health Service (IHA) are advancing shared infrastructure and lowering redundancy. CMS is transitioning from Government-developed systems to commercial platforms, accelerating innovation and enabling AI tools that now reach approximately 80% of its workforce, saving an estimated 5.5 hours per employee weekly. The agency is also adopting a multicloud strategy for resilience and fostering talent pipelines through partnerships with institutions like the University of Maryland.

IHS is undergoing a similar transition to commercial platforms, improving AI integration and expanding access to advanced tools in rural and tribal communities. Enterprise services help ensure equitable access where local technical resources are limited. The VA is modernizing security processes to reduce delays in technology adoption and leveraging physical locations to support identity verification, improving access for veterans struggling with digital enrollment.

Bridging the digital divide also requires workforce and literacy solutions. Baltimore City panelists highlighted the need to translate Federal data into local action, particularly around social determinants of health, including housing and economic mobility. Community health workers were cited as essential connectors and should be integrated into digital strategies from the outset.

Public Health Data Infrastructure Must Shift from Detection to Prediction

The Center for Disease Control (CDC) acknowledged that current public health infrastructure is designed for detection, not prediction. While improvements have been made since COVID-19, a broader transformation is still underway.

The One CDC Data Platform (1CDP) serves as a central hub, enabling flexible data exchange, reusable capabilities and advanced analytics. Its purpose is to shift focus from manual data processing to proactive analysis and decision making. Leaders envision disease forecasting becoming as routine as weather forecasting, with real-time modeling to guide early intervention.

State-level examples illustrate this shift. Illinois is consolidating siloed systems into a unified cloud platform, while addressing cultural resistance to data sharing. Louisiana is focusing on targeted, use-case-driven improvements tied to Medicaid and public health outcomes. Mississippi is prioritizing foundational infrastructure and workforce readiness before scaling analytics. Across all three states, the consensus is clear that interoperability only delivers value when tied to actionable outcomes.

The VA’s NextGen CCN Redesigns Care Delivery at National Scale

Community care is one of the fastest-growing components of the VA healthcare system. Of the 17 million veterans served, roughly 6.3 million use VA healthcare annually, with 2-3 million accessing community providers. Programs introduced through the Choice Act and Maintaining Internal Systems and Strengthening Integrated Outside Networks (MISSION) Act expanded access but created operational and financial complexity.

The Next Generation Community Care Network (NextGen CCN) addresses these challenges through a comprehensive redesign of how the VA manages external care. Expected to launch in early 2027, the program introduces a more competitive ecosystem involving insurers, providers and technology partners.

Key capabilities include improved care coordination, real-time data exchange, standardized quality benchmarks and outcomes-based reimbursement. Interoperability is foundational to these goals, enabling performance measurement and accountability. The program also prioritizes transparency and trust across stakeholders, ensuring a shared understanding of care delivery. Together, these efforts are designed to position the VA to deliver high-quality, fiscally responsible care while continuing to expand access for a veteran population whose demographics and care needs are rapidly evolving.

Charting the Course for Federal Health IT Modernization

HIMSS 2026 reinforced that progress in Federal healthcare requires aligned investment across AI governance, interoperability, cross-agency collaboration, data infrastructure and care delivery redesign. Government health agencies are not simply adding new technologies onto existing systems; they are rethinking how they organize, share data and operate as an integrated ecosystem. Sustained success will depend on aligned standards, cultural transformation and technologies that translate strategy into measurable outcomes.

As Carahsoft, The Trusted Government IT Solutions Provider™, continues supporting Federal health IT modernization, these insights inform how industry can partner with Government to deliver a more connected, data-driven and patient-centered healthcare system.

Explore Carahsoft’s Healthcare Technology portfolio of leading solutions that support Federal healthcare modernization priorities including AI, interoperability, cloud infrastructure and advanced analytics.

Contact the Health IT Team at Healthcare@Carahsoft.com or (571) 591-6080 to learn more.

Why Supply Chain Risk Management is Now a Public Sector Resilience Priority

Posted on by Jeff Ladner

From ransomware disrupting city services to vendor failures impacting school operations, supply chain failures seem to be dominating the headlines lately. Naturally, whether your organization is in the Private or Public Sector, you’ll want to avoid attracting attention for the wrong reasons.

The best way to do that is to prioritize implementing best practices to safeguard critical vendors and services from cybersecurity risks and operational disruptions. In this guide, we’ll cover the NIST framework, how it applies to Public Sector organizations and how you can use NIST best practices to reduce risk and maintain public trust. Even private sector teams increasingly rely on NIST supply chain risk management practices when working with Government partners, especially across information technology environments.

Why Is Supply Chain Risk Management Important?

Managing supplier risk should be a fundamental part of any data-based businesses’ operations, but it’s all the more important for Public Sector organizations, whether that means Federal, State or Local services.

Why? Without clear practices for identifying, assessing and mitigating vendor and operational risk, you could expose your organization to a whole host of potential issues, including:

Financial losses: Even nonprofit organizations depend on reliable financial backing from Governments and other entities. Those revenue streams can be endangered when an overlooked security risk becomes an operational blockage.
Reputational damage: Eroded consumer trust can be as costly as any disruption in service or productivity. When your organization attracts the wrong kind of attention, like for suffering a data breach or failing to fulfill obligations, earning that trust back can be a difficult feat.
Regulatory violations: In worst-case scenarios, failing to catch a supply chain risk before it becomes a major problem can lead to your organization falling afoul of relevant regulations and facing stiff consequences like fines or legal fees.

Learn more: Quick Guide: What is Operational Risk Management?

When Does an Organization Need a Supply Chain Risk Management Framework?

The purpose of using a risk management framework is to standardize the process of identifying, assessing and mitigating potential threats and vulnerabilities to your organization’s supply chain. If your organization’s ability to provide services, attract new users and secure funding would be severely impacted by a potential data breach or supply chain disruption, then you’d most likely benefit from using a framework to ensure consistent supplier security.

State, Local and education (SLED) entities are all the more likely to need a framework for regulating risk assessments and mitigation steps. Since the services provided by such entities are typically essential to a community, it’s that much more important that you take all the necessary actions to secure your supply chain and prevent service interruptions whenever possible.

What Is the NIST Risk Management Framework?

The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is the go-to solution public service organizations have been using to mitigate vendor, technology and cybersecurity risks for the last decade. The result of a Federal task force established in 2014 under the Federal Information Security Modernization Act (FISMA), this framework for risk management processes can be used to set standards across Federal agencies and the organizations that work with them.

Today, the NIST framework is a main point of reference for any organization looking to implement a secure and reliable process for managing cybersecurity risks and other potential supply chain issues. The framework is a living document regularly updated to meet the latest challenges in the data privacy space.

Learn more: What is NIST RMF? Risk Management Framework

What Are the NIST Best Practices for Supply Chain Management?

The 2022 revision NIST SP 800-161 offers comprehensive guidelines for handling supply chain risks related to information and communications technology. These recommendations are divided into three main categories: foundational practices, sustaining practices and enhancing practices.

Think of these categories as sequential stages. You’ll need to implement foundational practices before you move on to sustaining practices, and sustaining must come before enhancing.

1. Foundational Practices: Establishing a Process for Supply Chain Risk Management

Some of the best practices recommended in NIST SP 800-161 for creating a foundation for a supply chain risk management process include:

Dedicate a multidisciplinary team to your vendor and technology risk oversight
Create and fill dedicated roles for risk oversight procedures
Gain support from senior leadership to ensure adequate resources
Implement a governance hierarchy and a governance structure
Codify processes for identifying and assessing the criticality of your suppliers, products and services and conducting formal risk assessments, preferably using FIPS 199 impact levels
Establish internal checks and balances for compliance
Integrate risk oversight practices into your policies regarding supplier selection
Raise internal awareness and understanding of the importance of supply chain risk management
Create processes and practices for quality control and consistent development practices

Learn more: Guide: Risk Management Strategies To Future-Proof Your Organization

2. Sustaining Practices: Improving the Efficacy of Your Supply Chain Risk Management

Some of the best practices recommended in NIST SP 800-161 for building on your foundational risk management processes include:

Implement third-party risk assessments
Create a program for monitoring suppliers
Define and quantify levels of acceptable risk
Determine key supplier risk metrics and create procedures for tracking and reporting them
Formalize your information sharing procedures
Establish a training program for vendor risk practices
Integrate supply chain risk management practices into your supplier contracts
Solicit supplier participation in contingency planning and incident response
Collaborate with suppliers to address risk factors
Expand supply chain risk management training to all applicable roles across your organization

Learn more: How to Mitigate Third-Party Risks in Your Supply Chain

3. Enhancing Practices: Predicting Supply Chain Issues Before They Impact Your Business

Some of the best practices recommended in NIST SP 800-161 for building a structured supply chain risk management program include:

Codify processes for quantitative risk analysis, optimize risk response resources and measure your return on investment
Use insights gained over time to identify key risk factors and create predictive strategies to address risks before they arise
Introduce automation into your cybersecurity oversight procedures whenever possible
Join a community of practice where you can improve your cybersecurity risk management practices

Learn more: 5 Reasons Your Company Should Automate Third-Party Risk Management – Onspring

Additional NIST Resources

Organizations implementing a supply chain risk management program often reference several complementary NIST publications, including:

NIST Special Publication (SP) 800-39
NIST SP 800-30r.1
Federal Information Processing Standards (FIPS) Publication 199
NIST SP 800-53

How to Future-Proof Your Vendor Risk Program

It’s impossible to overstate the importance of recognizing and addressing risk factors in your supply chain when your organization is responsible for providing or securing local and state services. The best guide to follow when establishing or enhancing your supplier risk program is the NIST Risk Management Framework. A structured platform can help Public Sector teams manage these challenges more effectively while taking advantage of AI advancements without exposing their organizations to unnecessary risk.

See how Onspring’s platform supports these efforts and get a demo today.

How AI is Reshaping Courts and Legal Operations

Posted on by Michael Shrader

The conversation around artificial intelligence (AI) in the legal system has fundamentally shifted from courts and legal organizations debating whether it belongs in legal environments to how to integrate AI responsibly into daily operations. For courts facing expanding caseloads, staffing shortages and budget constraints, AI-powered legal technologies have become operational tools for improving efficiency, access to justice and administrative effectiveness across the legal lifecycle. While AI can significantly enhance legal workflows, responsibility for judgement, accuracy and decision-making must remain with human professionals.

From Policy Discussion to Practical Adoption

The American Bar Association’s (ABA) Year 2 Report on the Impact of AI on the Practice of Law makes clear that AI adoption in the legal profession has entered a new phase. Early concerns centered on ethics, confidentiality and professional responsibility. Today, the focus has shifted toward responsible deployment, governance and workflow integration where efficiency gains are immediate and measurable. These applications allow courts to redirect limited staff resources toward higher-value legal and judicial work rather than routine manual processes.

Common AI-enabled courtroom use cases already in practice include:

Organizing and searching large volumes of filings, briefs and evidence

Creating unofficial or preliminary real-time transcriptions

Summarizing motions, exhibits and prior case materials

Supporting scheduling, workload analysis and calendar management

This is especially important for Federal, State and Local courts that must maintain service levels despite limited resources. AI-enabled legal technologies provide a validated path to modernizing court operations while preserving judicial independence, transparency and accountability.

Real-World Applications Delivering Value

AI adoption is already producing tangible operational benefits across court systems.

Administrative and workflow automation applications include drafting routine administrative orders and standard court notices, managing scheduling and calendar coordination, conducting workload studies and organizing court documents and filings for improved retrieval. These implementations reduce administrative burden while improving consistency in standard legal processes.

Document review and case support capabilities allow legal teams to summarize briefs, motions, pleadings, depositions and exhibits at scale. AI systems create timelines of relevant events across large case records and assist with legal research when trained on reputable legal authorities. Some implementations identify misstated law or omitted legal authority in filings, though human verification remains mandatory for all outputs.

Transcription, translation and accessibility services are also being rapidly adopted. Courts are generating unofficial or preliminary real-time transcriptions to accelerate case documentation. Systems provide preliminary translations of foreign-language documents and support accessibility services for self-represented litigations navigating complex court procedures. These applications expand access to justice by reducing cost barriers and improving navigation of legal systems for citizens.

Scaling Court Operations Under Budget Constraints

Rising caseloads combined with constrained budgets make AI adoption particularly relevant for Government legal operations. Technology adoption has emerged as the primary driver of scalability for courts that cannot expand head count. By automating manual processes such as transcription, document review, evidence management and research, AI allows existing staff to handle higher volumes while maintaining or improving service quality.

This approach aligns with broader access-to-justice goals highlighted in the ABA report. AI-enabled tools are already helping courts improve case management, streamline dispute resolution processes and support self-represented litigants through better access to information and court services. These gains are particularly impactful for jurisdictions seeking to modernize legacy systems while preserving fairness, transparency and judicial independence.

Human Oversight and Accountability

While AI delivers meaningful efficiency gains, the ABA report stresses that AI-generated outputs may appear authoritative while containing factual or legal inaccuracies. The risk of hallucinations has not been fully resolved in any current generative AI (GenAI) tools. As a result, AI should not replace judges or court staff, nor should it be treated as an authoritative source of truth. Instead, AI should serve as an assistive technology that augments human expertise, improving documentation quality, accelerating research and making information more accessible.

Judicial guidelines outlined in the report reinforce several critical principles:

Judges and attorneys remain fully responsible for accuracy and legal reasoning

AI-generated content must always be reviewed for correctness and relevance

Overreliance on AI can introduce risks such as automation bias or misinformation

Courts adopting AI must establish clear governance frameworks that address privacy, security, transparency and oversight. Human verification of AI outputs is essential to ensuring that AI enhances documentation quality and accelerates legal research without compromising accuracy, professional responsibility and public trust.

Responsible Adoption Through Trusted Procurement

The ABA emphasizes that responsible AI adoption is not optional; it is a leadership responsibility. Human oversight, ethical use policies and ongoing evaluation remain essential to ensuring AI strengthens, rather than undermines, trust in the justice system.

Carahsoft, The Trusted Government IT Solutions Provider®, works with leading legal tech software providers to help Federal, State and Local courts modernize legacy systems, reduce administrative burden and implement AI responsibly at scale. By making these technologies accessible through trusted procurement vehicles, Carahsoft enables courts and Government legal organizations to adopt AI while aligning with established legal, ethical and operational requirements.

AI is not a substitute for legal expertise, but it is quickly becoming an indispensable tool for courts seeking efficiency, consistency and scalability. By procuring AI solutions through Carahsoft, Government courts can ensure their modernization demands will be met while maintaining legal and ethical standards. As AI continues to reshape legal operations, organizations that pair technology deployment with clear governance, training and accountability frameworks will be better positioned to deliver improved services to the public.

Ready to explore AI-enabled legal technology solutions? Explore Carahsoft’s Legal & Courtroom Technology Solutions portfolio or take a Self-Guided Tour.

Contact Carahsoft’s team at LegalTech@carahsoft.com to discuss AI solutions tailored for your organization’s needs.

Unified Financial Intelligence: Why Government Finance Teams Have a Data Foundation Problem, Not a Data Problem

Posted on by Rolf Heimes

How Incorta, Google and Carahsoft help State, Local, education and Federal civilian agencies move from slow close cycles to real-time, AI-ready financial insight

I spend a lot of my time talking with Government finance leaders—CFOs, comptrollers, budget directors—and the conversation almost always starts with AI and ends with data. Almost every agency I talk to eventually runs into the same wall: their data isn’t ready. As we move toward agentic AI—AI that takes actions and makes decisions on its own, not just answers questions—the demands on that foundation multiply fast. Until it’s right, AI remains a slide in a strategy deck. That’s the problem Incorta was built to solve.

Nowhere is this more obvious than in Public Sector financial management, where the stakes are high, the infrastructure is often decades old and the expectation for transparency has never been greater. If we want to talk seriously about Unified Financial Intelligence in Government, we have to talk seriously about the data brain underneath it—the trusted, real-time, contextual foundation that AI agents depend on to make accurate, explainable decisions. Without it, you don’t have an AI problem. You have a data problem dressed up as one.

The Real Bottleneck: Government Finance Needs a Data Brain

Public Sector finance teams are under more pressure than ever: leaner budgets, post-pandemic fiscal gaps, enrollment volatility and a mandate to do more with less. New White House and OMB directives are accelerating the AI timeline—agencies are being asked to demonstrate AI-ready infrastructure now, not in a future budget cycle.

For CFOs, comptrollers and finance teams, that pressure is concrete. Close cycles still take days or weeks. Analysts spend more time gathering data than using it. When leadership questions a number, the answer is “let me pull it manually”—because the system shows aggregates, not the transactions behind them.

The root cause isn’t a lack of tools or talent. Financial data is scattered across GL, procurement, grants, payroll and project systems—each with its own codes and timing—and traditional ETL strips out the very context that makes it useful. That’s the data brain problem.

What the Data Brain Has to Deliver

For finance, AI isn’t about prettier dashboards. It’s about answering hard questions: why did this variance occur? Where are the early signals of fraud, waste or abuse? What does next quarter look like if this assumption changes? To answer those credibly, AI needs a data brain.

That data brain has to deliver three things: granularity (100% transactional detail), timeliness (near real-time, not last week’s batch) and context (preserved relationships—purchase orders to vendors, funds to appropriations, payroll to projects).

Traditional ETL gives you the opposite of a data brain: summarized, stale data stripped of business logic. When you layer AI on top of it, the model fills in the gaps—and for Government finance, that’s not a technical problem. If an AI-assisted answer can’t be traced back to the exact transaction, your auditors and oversight bodies won’t accept it.

That’s how you get hallucinations instead of financial intelligence.

The “AI problem” and the “data problem” in Government finance are actually the same problem. Build the data brain, and Unified Financial Intelligence follows.

What Changes When You Have a Data Brain

Take a Federal civilian agency we worked with: 24-hour data refresh cycles, manual reconciliation, spreadsheets and email chains just to close the books. Analysts spent most of their time getting data into a usable format—not using it.

After implementing Incorta with Google Cloud, that agency went from 24-hour to 15-minute data refreshes for key financial subject areas.

From periodic close to continuous audit. Anomalies surface in near real-time—before they snowball, not after month-end.
From “check the dashboard” to “follow the data.” The CFO questions a number; the analyst drills to the exact transaction, in the same environment.
From data gathering to value creation. Analysts shift from reconciliation to scenario modeling and real decisions.

That’s Unified Financial Intelligence with a data brain underneath it: full, timely, contextual access to the truth—and the time to actually use it.

How Incorta Builds the Data Brain

The traditional path to modernizing financial data in Government is measured in years and eight-figure budgets—and most of us have seen how that story ends. At Incorta, we took a different approach: build the data brain for Government finance on Google Cloud without requiring agencies to tear out what’s already there. Three pillars make that possible:

Direct access to ERP data in its native form – Incorta connects directly to Oracle EBS, Oracle Fusion, SAP and Workday, ingesting data in its native schema—no heavy transformation, no lost business context.
Prebuilt blueprints for Public Sector financial systems – A library of prebuilt blueprints captures how ERP tables relate, how funds and projects are structured and how to translate that into analytics-ready models—removing months of data engineering work.
Landing it all in Google BigQuery for AI-ready analytics – The result is a production-ready financial data brain in Google BigQuery—granular, near real-time and fully contextualized—standing up in weeks, not months or years, with Gemini for Government and agentic AI tools ready to operate on top.

On top of this, Incorta layers AI-powered insights with built-in hallucination mitigation, role-based access controls, audit trails and mirrored source system permissions—so agencies can scale AI without sacrificing governance.

Carahsoft plays a crucial role in this story by making it easy for agencies to get started—through existing contract vehicles and the Google Cloud Marketplace—without embarking on another risky, bespoke IT project.

Where State, Local, Education and Federal Civilian Finance Teams Are Starting

State budget offices need real-time visibility into appropriations and fund balances—so leadership responds to revenue shifts, not monthly reports. Local Governments want to move from reactive spreadsheets to proactive scenario planning and cleaner audits. Education finance teams need unified views of budgets, grants and financial aid to navigate enrollment volatility. Federal civilian CFO offices are pursuing continuous close and early AI-driven detection of fraud, waste and abuse. In every case: build the data brain first, and the downstream AI use cases become operational, not experimental.

Getting Started Doesn’t Have to Be a Multi-Year Commitment

One of the most consistent concerns I hear is: “We’ve been burned by big data projects before. We can’t sign up for another multi-year transformation.” That hesitation is completely rational—and it’s exactly why we’ve structured our approach with Google and Carahsoft to deliver value in weeks, not years.

A practical entry point is a Unified Financial Intelligence Modernization Assessment—a focused engagement to assess your ERP landscape, map how your data lands in BigQuery (secure, governed, auditable) and define a 60- to 90-day outcome that shows what the data brain delivers in your environment.

Incorta is available through Carahsoft on the Google Cloud Marketplace—most agencies can use existing contracts and cloud commitments to get started, no new RFX required.

The Bottom Line

State, Local, education and Federal civilian finance teams don’t need another dashboard. They need the data brain that makes Unified Financial Intelligence possible—access to all of their financial data, in near real-time, with full business context, so they can shift from gathering data to actually using it.

That’s what Incorta, Google and Carahsoft are building together for Government. In an environment where agencies are being asked to do more with less, standing up that data brain in weeks rather than years isn’t just a nice-to-have. It’s the difference between a finance function that’s keeping up and one that’s falling behind.

→ Request a live Agentic AI demo — see Incorta + Google in action on your mission data.

→ Try free for 30 days on Google Cloud Marketplace — software free; infrastructure costs may apply.

→ Get started with the Unified Financial Intelligence Modernization Assessment — map your data brain and define a 60- to 90-day outcome.

Ready to explore what real-time financial intelligence looks like for your agency? Learn more about Incorta’s Government solutions on Carahsoft’s Incorta microsite. Watch our joint Incorta + Google session on AI-ready financial data for Public Sector.

Contact the Carahsoft Team ☎ (703) 871-8548 | ✉ incorta@carahsoft.com

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Incorta, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Integrated Threat Hunting: A Smarter Path for Stretched Federal SOCs

Posted on by Richard Verwers

Why visibility, automation and collaboration are now mission-critical

Federal Security Operations Center (SOC) teams are under relentless pressure. Teams are increasingly stretched thin as agencies grapple with AI-enhanced threats, Zero Trust requirements and operational mandates like FISMA 2.0. Despite limited staff and growing workloads, though, the mission remains clear: defend critical infrastructure, secure sensitive data and maintain compliance.

For split-second contexts in the face of critical alerts, fragmented tools and siloed data only make matters worse. Analysts lose time switching between platforms. Revalidating and responding to quickly escalating threats takes time away from mission continuity.

Federal SOCs require integrated, intelligence-driven platforms that support end-to-end threat visibility, rapid response and secure information sharing.

Modern Federal SOCs Face Mounting Challenges

Staffing shortfalls are now a systemic issue. The cybersecurity talent gap currently exceeds 5.5 million unfilled roles globally, with Federal agencies competing for a shrinking pool of qualified professionals.

Meanwhile, tool sprawl and console fatigue complicate workflows. Analysts must juggle multiple platforms to correlate data, validate incidents and track lateral movement all while meeting increasingly complex compliance reporting mandates.

Agencies must also contend with:

AI-generated malware that evades signature-based detection
Expanding attack surfaces from hybrid environments and remote endpoints
Escalating compliance expectations tied to FISMA modernization, OMB M-24-14 and Zero Trust architecture maturity

To keep pace, teams need tools that consolidate, correlate and streamline.

Real-time Response Enhances SOC Agility

Threat impact is defined by the time it takes to respond properly. Delayed containment leads to higher costs and increased exposure. That’s why real-time response is now essential to any defensible cybersecurity posture.

Modern endpoint detection and response (EDR) platforms allow teams to:

Isolate compromised endpoints instantly
Terminate malicious processes at the source
Prevent data exfiltration in-flight
Apply automated playbooks for repeatable, standards-based remediation

These capabilities reduce manual intervention and align with CISA’s SOAR guidance, enabling SOCs to act swiftly within a Zero Trust model. For Federal teams, this also supports audit-readiness with timestamped forensic records that meet FISMA and OMB compliance requirements.

Unified Telemetry Accelerates Threat Hunting

Siloed data weakens an analyst’s ability to detect patterns and perform deep investigations. By unifying endpoint telemetry across devices and environments, teams gain access to richer datasets and longer retention windows for root cause analysis.

Carbon Black EDR captures high-fidelity endpoint activity and retains up to 180 days of telemetry, letting teams uncover threats that may have originated weeks or months prior.

With behavior-based analytics, SOCs can move past static signatures and detect anomalies faster. This involves pinpointing lateral movement, privilege escalation and indicators of compromise before damage escalates.

Collaboration and Data Sharing Reduce Operational Risk

Cybersecurity is a team sport, but without integrated data sharing, even the best defenses can fall short. Fragmented environments limit visibility, making it difficult to act on shared intelligence across tools and agency teams.

Integrated platforms streamline threat intelligence sharing through features such as:

The Carbon Black Data Forwarder, which simplifies integration with SIEM/SOAR platforms
API-driven data sharing that supports automation and collaboration
Compatibility with Zero Trust frameworks, particularly the Device Pillar of OMB M-24-14

With cross-environment visibility and collective learning, SOC teams can improve incident response while advancing cybersecurity maturity across the agency.

Work Smarter, Not Harder

Federal SOCs face high-stakes situations where time and clarity are critical and impact lives in real time. Every alert demands focus. Every decision must be defensible. To operate effectively under pressure, teams need platforms that reduce noise, unify workflows and enable smart action.

Carbon Black and Carahsoft help Federal teams do more with less. We empower analysts with the real-time insights and interoperability they need to protect what matters most.

Contact us to learn how your agency can simplify threat detection, response and collaboration with Carbon Black EDR.

Weathering the Storm: Migrating to the Cloud in Government

Posted on by Ruslain Shlain

Government agencies are under increasing pressure to modernize IT systems and deliver secure, efficient digital services. Migrating to the cloud is a critical step in this transformation, but the journey can feel like navigating a storm. In our latest CarahCast podcast episode, “Weather the Storm of Migrating to the Cloud,” experts share strategies to help agencies adopt cloud solutions with confidence.

Why Cloud Migration Matters

Cloud adoption enables scalability, resilience and innovation. Agencies can reduce reliance on outdated legacy systems, strengthen disaster recovery and improve citizen services.

Key Benefits:

Efficiency: Lower costs and improved scalability.
Resilience: Faster adaptation to crises and cybersecurity threats
Innovation: Access to artificial intelligence (AI), analytics and automation.
Citizen experience: Reliable digital services that build trust.

Key Challenges:

Despite its benefits, migration presents hurdles:

Security and compliance requirements
Legacy infrastructure integration
Budget limitations
Cultural resistance to change
Vendor management and lock‑in risks

Expert Insights from CarahCast

Podcast experts highlight that migration is not one‑size‑fits‑all. Key takeaways include:

Start small with pilot projects to prove value.
Embed security and compliance at every stage.
Engage stakeholders across IT, leadership and end‑users.

As one guest noted, “Cloud migration is about resilience, not just moving workloads.”

Best Practices to Weather the Storm

To navigate the complexities of cloud migration, agencies should:

Define a clear roadmap with goals and milestones.
Use hybrid approaches to balance on‑premises and cloud systems.
Invest in staff training and change management.
Partner with trusted vendors and experts.
Measure success with KPIs like uptime and cost savings.

Real‑World Examples

Agencies nationwide are already seeing results:

State Governments modernized licensing systems to reduce wait times.
Federal departments leveraged cloud analytics for disaster response.
Local Governments adopted cloud collaboration tools to streamline operations.

Listen to the Podcast

For deeper insights, tune in to CarahCast: Weather the Storm of Migrating to the Cloud. Hear directly from experts guiding agencies through successful migrations.

Migrating to the cloud may seem daunting, but with the right strategy, agencies can emerge stronger, more resilient and better equipped to serve citizens. The CarahCast podcast is your trusted resource for navigating this journey. Subscribe today to stay informed on the latest technology trends shaping Government.

Top 10 DevSecOps Events for Government in 2026

Posted on by Rich Savage

As Federal, State and Local agencies accelerate their modernization initiatives, DevSecOps has evolved from an emerging practice to a mission-critical capability. Integrating security at the speed of development is a foundational requirement for agencies seeking to deliver innovative services while maintaining rigorous compliance and protecting sensitive data. Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, has been at the forefront of this transformation, serving as the central hub connecting Government agencies with the industry’s leading DevSecOps solutions, platforms and expertise. Through our extensive partner ecosystem and Government contract vehicles, we enable Public Sector organizations to operationalize secure software delivery at scale. The events below represent essential opportunities for Government IT leaders, developers, security professionals and acquisition teams to explore cutting-edge DevSecOps methodologies, connect with mission-focused innovators and gain actionable insights that can be immediately applied to their agency’s secure delivery transformation.

RSA Conference

March 23-26 | San Francisco, CA | In-Person Event

In 2026, the theme “The Power of Community” underscores that effective DevSecOps is a collaborative effort between people, processes and technology. As Government agencies work to meet modern mandates, integrating security at the speed of development is now a mission requirement. The RSA Conference provides a vital forum for Public Sector professionals to explore how automation, artificial intelligence (AI) and community-driven innovation can secure the software supply chain and accelerate digital transformation.

Sessions to look out for:

How to Secure Containerized Applications from Supply Chain Attacks

Chainloop: Inside Modern Software Factory: Why Bolted-On Security Fails in the AI Era

Techstrong Seminar: AI NativeDev and the Next Evolution of DevSecOps

Carahsoft serves as the central hub for the Public Sector community at RSA, beginning with the 13^th Annual RSA Public Sector Day on Monday, March 23^rd. Sessions will focus on FedRAMP cloud architectures, Cybersecurity Maturity Model Certification (CMMC) compliance and modernizing state cyber defenses. We invite our partners and Government customers to join us at this dedicated forum to discuss mission-specific challenges and network with the leaders shaping the future of Public Sector security. To facilitate cross-agency networking, Carahsoft will host our signature Public Sector Reception on Tuesday evening, March 24^th, providing a dedicated venue for Federal, State and Local officials to connect with peers and explore tailored solutions for their specific mission requirements.

F5 AppWorld Public Sector Symposium

April 8-10 | McLean, VA | In-Person Event

This event serves as a dedicated gathering for IT, DevSecOps, cloud and application delivery professionals in the Government community. Hosted by F5, the symposium brings together Public Sector leaders, solution architects, engineers and ecosystem partners to explore strategies for securing, scaling and optimizing modern applications, Application Programing Interfaces (APIs), hybrid networking and cloud environments. Attendees will experience hands-on labs, customer success stories and deep-dive sessions led by F5 experts that cover topics such as AI-driven application protection, hybrid multicloud networking, Zero Trust strategies and modernizing legacy systems. This symposium provides Government professionals with the opportunity to sharpen technical skills, engage with real-world use cases and connect with a community focused on advancing mission outcomes through secure, high-performing application infrastructure.

Carahsoft is proud to serve as the host sponsor of F5 Public Sector Symposium 2026, bringing together Government IT, DevSecOps, networking, cloud and application delivery professionals with the experts and technologies that enable mission success. As F5’s trusted Public Sector distributor and a long-standing partner, Carahsoft connects Federal, State and Local agencies with F5 solutions that secure, scale and optimize application delivery across hybrid and multicloud environments. Attendees are encouraged to visit Carahsoft and our ecosystem of partners on the symposium floor to explore Government-ready tools, engage with technical demonstrations and discuss how secure delivery practices can be operationalized within agency programs.

Team ’26 by Atlassian

May 5-7 | Anaheim, CA | In-Person Event

This conference brings together the global community of practitioners and leaders at the Anaheim Convention Center to explore the future of modern teamwork. For DevSecOps professionals, this conference is a vital touchpoint for learning how to bake security and compliance directly into the developer experience. As agencies scale their collaborative environments, this conference highlights the tools and methodologies needed to bridge the gap between building software and maintaining a rigorous security posture. Attendees can expect interactive learning sessions with hands-on guided exercises, demos, best practices and Q&A with Atlassian product experts designed to deepen practical knowledge on agile planning, workflow automation and modern delivery practices, as well as breakout sessions and panels on scalable teamwork exploring how teams solve real-world challenges with Atlassian tools.

Carahsoft serves as the primary Government aggregator for Atlassian‘s full suite of collaboration, agile and development tools, enabling Public Sector organizations to modernize teamwork and software delivery practices. Through our dedicated Atlassian team, Carahsoft works closely with Federal, State and Local agencies to streamline access to Atlassian solutions via a wide range of Government contract vehicles, helping agencies maximize the value of their Atlassian investments highlighted at Team ’26.

Red Hat Summit

May 11-14 | Atlanta, GA | In-Person Event

Registration for Red Hat Summit 2026 is now live. The event will convene thought leaders, practitioners and IT pioneers to explore innovations in DevSecOps, AI, hybrid cloud, automation and emerging technologies. For Public Sector agencies, this event is the premier destination to learn how to operationalize DevSecOps through hybrid cloud and automation. The 2026 agenda is built around providing technical depth and “beyond the basics” insights to help agencies maximize their investments in secure, scalable infrastructure. Key areas of focus will include application of Red Hat Technologies, AI and emerging tech, community and team innovation and development best practices.

As a continued sponsor for 2026, Carahsoft will host a 10×10 exhibit in the expo hall. Public Sector attendees can connect with Carahsoft’s Red Hat team throughout the week to explore how open source, hybrid cloud and secure platforms are enabling modernization across their agencies. Planning to attend? Contact the Red Hat team at redhatmarketing@carahsoft.com for strategies to support your IT initiatives and make the most of your time onsite.

Offset Symposium by Second Front Systems

May 14 | Washington, D.C. | In-Person Event

This symposium brings together Government leaders, technologists and mission-focused innovators to explore how emerging software capabilities can be securely delivered to the warfighter at speed and scale. Through expert-led discussions, real-world use cases and collaborative conversations, this symposium highlights how Government and industry can work together to accelerate outcomes while maintaining compliance, security and mission alignment. This event serves as a critical forum for defense and civilian agencies seeking to understand how modern DevSecOps practices can support national security objectives and operational readiness.

Carahsoft is proud to serve as a sponsor of this event, supporting meaningful collaboration between Government and industry to advance mission-ready software solutions for the Department of War (DoW) and Federal agencies. As a leading aggregator of innovative DevSecOps technologies for the Public Sector, Carahsoft connects defense and civilian agencies with the platforms, tools and expertise needed to accelerate secure software delivery in mission-critical environments. We encourage Government attendees to engage with Carahsoft representatives and our ecosystem of partners at the symposium to explore how our Government contract vehicles and technical expertise can help operationalize the secure delivery practices and emerging capabilities discussed throughout the event.

DevOpsCon by devmio

June 1-5 | San Diego, CA | Hybrid Event

This premier global conference series brings together IT professionals, software engineers, cloud architects and DevSecOps practitioners to explore the forefront of modern software delivery. Attendees will gain deep insights into DevSecOps best practices, Continuous Integration/Continuous Delivery (CI/CD), cloud and Kubernetes adoption, platform engineering, observability and automation workflows through expert-led sessions, hands-on workshops, bootcamps and interactive learning experiences. With tracks covering DevSecOps and cloud security, CI/CD pipeline optimization, Kubernetes ecosystem advancements and leadership strategies for scaling DevOps in enterprise environments, this conference equips Public Sector and industry teams with the knowledge needed to accelerate secure software delivery and operational excellence.

Sessions to look out for:

From Perimeter Security to Continuous Trust: Practical DevSecOps for Cloud-Native Platforms

CI/CD Workshop: From Zero to Continuous Integration and Continuous Delivery

AI-Driven Observability for Reliable Kubernetes Systems: From Incidents to Self-Healing Infrastructure

Through our deep relationships with DevSecOps technology partners and solutions providers that participate in DevOpsCon, Carahsoft helps Public Sector agencies engage with the latest methodologies in CI/CD automation, Kubernetes orchestration, cloud-native security and platform engineering. Our extensive partner ecosystem and contract vehicles make it easier for Government IT leaders to adopt the innovations showcased at DevOpsCon and accelerate their secure delivery transformations.

Carahsoft’s DevSecOps Conference

July 28 | Reston, VA | In-Person Event

Carahsoft is excited to announce the fourth annual DevSecOps Conference, an in-person forum dedicated to advancing secure software delivery across the Public Sector. As Government agencies continue to modernize their digital infrastructure, this event serves as a critical meeting point for Government leaders, systems integrators and industry thought leaders to discuss the latest updates in the evolving DevSecOps landscape. By bringing together diverse perspectives, this conference ensures that agencies are equipped to implement security and compliance at every stage of the development lifecycle. Attendees will benefit from a full day of keynote addresses, panel discussions, lightning rounds and networking opportunities focused on mission-critical DevSecOps topics, including secure automation pipelines, DevSecOps and AI integration, cloud security and compliance and cross-agency software delivery transformation. The program will feature a robust agenda of supporting panels and technical sessions designed to provide attendees with a comprehensive look at modern software development, from exploring cloud-native architectures to refining CI/CD pipelines.

Carahsoft proudly hosts the DevSecOps Conference 2026 as a signature event designed specifically for the Government DevSecOps community. As the premier Government IT solutions provider and trusted aggregator for DevSecOps technology partners, Carahsoft convenes Public Sector leaders, industry specialists and integrators to share insights, explore innovations and advance secure software delivery practices. Through this conference, Carahsoft showcases the breadth of capabilities available through our partner ecosystem and contract vehicles, helping agencies accelerate their DevSecOps journeys and operationalize secure, scalable software development across mission environments. Check out our event site closer to the date for more information. If you are a vendor interested in sponsorship opportunities, please reach out to us at DevSecOpsMarketing@Carahsoft.com.

Black Hat USA

August 1-6 | Las Vegas, NV | In-Person Event

Black Hat USA 2026 remains the world’s leading stage for cutting-edge information security research and highly technical training. For DevSecOps professionals, this event is vital for maintaining the integrity of the Software Factory against emerging vulnerabilities. While many events focus on building and deploying applications, Black Hat offers a unique “hacker’s eye view,” enabling Public Sector attendees to identify better, understand and remediate risks across CI/CD pipelines and cloud-native environments before they can be exploited. Attendees can expect hands-on security trainings for developers and engineers, technical briefings on application, cloud and infrastructure security and Arsenal tool demonstrations.

Throughout Black Hat week, Carahsoft brings together members of the Government community and industry partners to foster collaboration and knowledge sharing. A major highlight for the Government community is the Carahsoft Public Sector Reception held on Wednesday, August 5^th. This exclusive event provides a dedicated venue for Federal, State and Local officials to network with industry peers and discuss how to apply the conference’s research findings to their specific mission requirements.

Conf42 DevSecOps Conference

October 15 | Online Event

Conf42 DevSecOps 2026 is a free, online conference dedicated to advancing secure software delivery practices. It brings together DevSecOps practitioners, engineers and security advocates from around the world to share practical insights and technical lessons learned across cloud security, automation, CI/CD pipeline practices, governance, identity management and vulnerability remediation. The event is designed for anyone involved in balancing speed and safety in modern DevSecOps workflows and emphasizes community-driven, thoughtful content over sales-focused presentations. Last year’s highlights included thoughtful DevSecOps keynotes and talks featuring expert insights on embedding security into development pipelines, practical technical content across tracks spanning AI, cloud, infrastructure, security and transformation and community and industry perspectives showcasing real-world examples from practitioners in diverse environments.

Carahsoft recognizes Conf42 DevSecOps 2026 as an accessible and valuable virtual forum for Government DevSecOps professionals to engage with a global community focused on secure software delivery at scale. Through our broad partner ecosystem, Carahsoft enables Public Sector teams to connect with expert insights and community-led innovation showcased at Conf42. Government attendees can leverage these engagements and Carahsoft’s Government contract offerings to adopt, implement and scale DevSecOps practices within their mission environments.

Gartner IT Symposium/Xpo

October 19-22 | Orlando, FL | In-Person Event

The Gartner IT Symposium/Xpo is one of the most influential global conferences for Chief Information Officers (CIOs), senior IT executives and technology leaders shaping enterprise and Government IT strategy. The North America event convenes thousands of attendees each year to explore Gartner’s latest research, frameworks and guidance across digital transformation, cloud adoption, cybersecurity, AI, data and modern software delivery. For Public Sector DevSecOps leaders, this symposium provides strategic insight into how secure software development, platform engineering and cloud-native practices align with broader agency modernization goals. Attendees gain executive-level perspectives on scaling technology initiatives, managing risk and operationalizing innovation across complex environments, making the event particularly valuable for leaders responsible for Software Factories and enterprise DevSecOps programs.

Carahsoft highlights Gartner IT Symposium/Xpo 2026 as a strategic forum for Government technology and DevSecOps leaders to connect with research-driven insights and hands-on solution innovation. With a broad ecosystem of Carahsoft partners sponsoring, exhibiting and presenting across the IT Xpo, Government attendees will have the opportunity to engage with technologies that support secure collaboration, cloud modernization, automation, threat-aware delivery and scalable software engineering. Carahsoft’s Government contract vehicles and expert partner network make it easier for Public Sector agencies to adopt and operationalize the solutions and strategic guidance featured throughout the week.

OWASP Global AppSec USA

November 2-6 | San Francisco, CA | In-Person Event

OWASP Global AppSec USA 2026 is the flagship U.S. conference hosted by the Open Web Application Security Project (OWASP). This multi-day event brings together application security professionals, developers, researchers and DevSecOps practitioners to explore the latest strategies, tools and community-driven innovations that improve software safety and secure development practices. Attendees can engage with leading experts, participate in technical workshops, explore the latest open source security tools and collaborate with peers on addressing critical application security challenges.

Carahsoft highlights OWASP Global AppSec USA 2026 as a must-attend event for Government DevSecOps and secure development teams because it brings together the leading community, open source project maintainers and solution providers shaping modern application security practices. With an active roster of Carahsoft partners sponsoring and exhibiting on the expo floor, Government attendees can explore hands-on demos, engage in technical discussions and discover tools that help integrate security throughout the software delivery lifecycle. Through Carahsoft’s ecosystem and Government contract vehicles, agencies can more easily adopt and operationalize the innovative AppSec solutions and insights featured at Global AppSec.

KubeCon + CloudNativeCon North America

November 9-12 | Salt Lake City, UT | In-Person Event

This event remains the premier gathering for Kubernetes and cloud-native practitioners across the global open source ecosystem. Hosted by the Cloud Native Computing Foundation (CNCF), this multi-day conference brings together thousands of developers, Site Reliability Engineers (SREs), platform engineers and DevSecOps professionals to share real-world learnings, explore emerging technologies and collaborate on advancing secure, scalable cloud-native application delivery and operations. Attendees will benefit from deep-dive technical talks, maintainer-led breakout sessions, lightning talks, co-located project days and hands-on workshops focused on Kubernetes, microservices, observability, CI/CD, automation and cloud-native security. Last year’s highlights included hands-on trainings and workshops providing practical, instructor-led learning opportunities focused on Kubernetes operations, technical breakouts and maintainer-led talks showcasing the latest advancements across the CNCF ecosystem and the Project Pavilion and Expo Hall serving as a central hub for collaboration.

Carahsoft encourages Government DevSecOps and cloud engineering teams to engage with our extensive ecosystem of cloud-native and DevSecOps partners exhibiting and sponsoring KubeCon + CloudNativeCon North America 2026. Across the expo floor, Carahsoft partners will showcase solutions that support Kubernetes security, containerized application delivery, observability, CI/CD automation and platform engineering. By connecting with these partners onsite, Public Sector attendees can explore how trusted, Government-ready technologies within the CNCF ecosystem can help modernize and secure cloud-native environments.

As DevSecOps continues to mature across the Public Sector, these events represent essential opportunities for Government IT leaders, developers, security professionals and acquisition teams to stay at the forefront of secure software delivery innovation. From hands-on technical workshops to strategic executive briefings, each gathering offers unique value tailored to different aspects of the DevSecOps journey. Whether you are just beginning to build out your software factory, refining CI/CD pipelines or leading enterprise-wide DevSecOps transformation, these events provide the insights, connections and solutions needed to advance your agency’s mission. Carahsoft is committed to supporting the Government DevSecOps community through our extensive partner ecosystem, Government contract vehicles and active participation at each of these events. We encourage you to attend, engage and leverage these opportunities to accelerate your secure delivery capabilities.

To learn more or get involved in any of the above events, please contact us at DevSecOpsMarketing@Carahsoft.com.

For more information on Carahsoft and our industry-leading DevSecOps technology partners and events, visit our DevSecOps solutions portfolio.

Smart Guarding: How AI can be Used to Enhance Vacant Building Security

Posted on by Uday Kiran Chaka

After 2020, the landscape of corporate real estate changed dramatically. Companies across multiple sectors, including technology, transitioned from working in office to either hybrid or totally remote models. Vacancy rates on corporate campuses increased to 15-20%, opening companies up to a multitude of liabilities and operational challenges. Artificial intelligence (AI) has brought a new edge to vacant building security. Smart guarding and solar guards elevate the security posture of vacant buildings, defend corporate assets and subsequently deliver a Return on Investment (ROI) through effective security measures.

Risks of Vacant Building Stewardship

Vacant buildings come with a series of unique risks to the company that either owns or leases the building. These locations are particularly attractive for criminal activity, especially trespassing and vandalism. Companies also face other risks such as copper theft and squatting that result in higher insurance claims, causing rising premiums. Further challenges come from the range in potential responses from law enforcement. The crime rate in the area will greatly affect how quickly police respond to the call, or whether they will respond at all if there is not an active incident.

Traditional security models for vacant buildings rely heavily on human patrols and come with their own operational drawbacks. A commonly used term in security, “warm bodyguards,” describes guards that are physically present but only do the bare minimum required to complete the job; in other words, these guards are just a warm body whose physical presence alone is deemed to be enough to deter criminal activity. Depending on the size and scope of the campus, these security measures can cost up to $25,000 per month. The ROI is negligible at best, and companies are often left with an expensive yet ineffective security protocol.

With property vacancy on the rise, companies need a solution that is cost effective but does not sacrifice protection or increase their risk profile. That solution lies in the integration of cutting-edge technology with human security.

The Modern Security Guard: Smart Guarding and Solar Guard

Prior to the existence of AI, the Silicon Valley Model sought to enhance building security by combining electronic access control in a building with a fleshed out in-person security protocol. This gives companies the opportunity to employ security guards with relevant prior experience, such as ex-law enforcement and ex-military members, who have effective communication and customer support skills. The key to success is a combination of the right people on site and the proper technological processes in place.

Sentry AI’s Smart Guarding takes this approach a step further by integrating AI agents into the security protocols. A various range of sensors are installed across the building. These can include:

Cameras
Microphones
Motion sensors
Turnstiles
Fire detection (smoke detectors, heat detectors, etc.)

With the number of sensors that exist in a singular building, a Security Operations Center (SOC) analyst can get easily overwhelmed by the sheer volume of alerts. An AI agent established at the core of this alert system can absorb the information, interpret the incoming data and pass on the relevant security alerts to the SOC analysts.

The AI agent itself can also be proactive and mitigate ongoing security risks. The AI can impersonate a human guard, using any language, tone of voice or even slang if required. By voicing details such as the intruder’s clothing or appearance, the agent creates the impression of an on-site security guard without actually engaging physically with the intruder. After announcing a security presence, the agent will tell the intruder to leave and threaten police intervention if they do not. The agent can also activate sirens and lights to trigger a flight response from the intruder. This is all managed without human intervention.

Periodically, companies need to install a security solution that does not rely on the network, property owner or landlord. Sentry AI has the Solar Guard solution for these exact situations. The Solar Guard is a self-contained mobile unit with a tall mast and several solar panels. Energy collected throughout the day is stored in batteries contained within the unit to power it throughout the night or in adverse weather conditions. At the top of the mast, the Solar Guard has lights, speakers, a cellular modem and dual lens cameras that give a 360-degree field of vision.

As vacancy rates in corporate buildings continue to climb, companies continue to search for new impactful and cost-effective ways to improve their security posture in their buildings. AI-powered security protocols such as Solar Guard and Smart Guarding decrease the risk to personnel and cut through alert fatigue. By combining modern technological advancements with knowledgeable SOC analysts, companies gain ROI and protect their assets when personnel are not present.

To discover how Smart Guarding can elevate security in your vacant facilities, watch Sentry AI’s webinar, “Using AI to Protect Vacant Facilities.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Sentry AI, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Federal 100 Signals Optimization in Federal IT

Posted on by Craig Abod

The Federal 100 reflects more than individual achievement; it reveals how technology is fueling great things in Federal Government. Serving as a judge this cycle provided a front-row view of the work happening across agencies and the priorities shaping it.

Optimization had been a stated priority for years. Over the past cycle, it became visible in day-to-day decisions. Leaders were recognized for tightening how technology environments operate: setting clearer enterprise direction, reinforcing shared standards and embedding modernization into routine governance.

That shift showed up across security, acquisition, data strategy and workforce systems. Programs moved beyond isolated efforts and began operating with greater cohesion across components.

That pattern was especially visible in national security organizations.

Many of this year’s honorees came from Defense, DHS and Energy. When agencies responsible for the nation’s most demanding missions lead in enterprise alignment, platform standardization and structured governance, it signals that these practices are no longer experimental. They are operational. They are institutional. And they are delivering measurable mission impact.

Enterprise Leadership Drove Alignment

The leaders who stood out had enterprise reach. They worked across organizational boundaries and aligned components around shared priorities.

That leadership showed up in measurable ways: faster ATO approvals, stronger FedRAMP execution and authorization built into delivery rather than added at the end. Identity now anchors security strategy, reinforcing Zero Trust and allowing bureaus to operate on common foundations.

What this means for the vendor community:
Agencies are aligning at the enterprise level and across organizations. Solutions that integrate across components and scale cleanly will move more easily.

Optimization Became the Operating Model

Optimization is now part of how agencies operate. Leaders are simplifying architectures, cutting duplicated data and strengthening shared platforms so systems connect without unnecessary friction. Unnecessary data movement and storage are being designed out of the system rather than absorbed as the cost of doing business.

The impact was measurable:

Identity consolidation lowered integration complexity
Multi-cloud strategies improved resilience
Enterprise data fabrics reduced duplication
Shared platforms supported multiple bureaus

What this means for the vendor community:
Agencies need solutions built to integrate cleanly and minimize unnecessary data movement.

AI Moves from Pilot to Program

AI is no longer confined to experimentation. Programs that began as pilots are gaining executive ownership and defined accountability.

For the first time, Chief AI Officer roles were recognized, reflecting formal accountability for the deployment and governance of AI. That shows AI is maturing into the same category as cybersecurity and cloud: a capability that requires strategy, standards and sustained leadership.

What this means for the vendor community:
Fast Proof-of-concepts with a plan to move into production is important. Solutions must support enterprise integration and sustained use.

The Rules of Government Buying Are Changing

Several of this year’s leaders are literally rewriting the rules of Government buying. The FAR rewrite reshapes the governing framework, and OneGov pushes a long-promised goal into practice: aligning agencies around shared buying strategies instead of fragmented procurements. Expanded use of OTAs and CSOs rounds out the shift by speeding access to new technology.

The combined effect is a more coordinated, more flexible acquisition environment.

What this means for the vendor community:
Vendors who understand enterprise procurement strategies, regulatory shifts and alternative purchasing pathways will be best positioned to support their customers effectively.

Workforce Modernization Is Delivering Results

Workforce systems are undergoing substantive modernization. Agencies are eliminating long-standing backlogs and delivering near real-time workforce data to leadership.

Modernization is extending into core business operations and strengthening how agencies hire, manage and support their people.

What this means for the vendor community
Demand is strong for secure, scalable workforce platforms that integrate with enterprise systems and deliver timely insight.

Emerging Technologies Are Strengthening the Mission Edge

Advanced capabilities are being deployed with clear mission impact. Autonomous systems are extending operational reach. Operational technology security efforts are hardening critical infrastructure. Post-quantum planning is addressing future cryptographic risk. High-performance computing is accelerating analysis and modeling tied directly to national priorities.

These efforts reflect growing confidence in deploying advanced technology within demanding mission environments.

What this means for the vendor community:
Government is embracing new and emerging technologies. This shift creates significant opportunities for vendors prepared to innovate and adapt to changing procurement models.

What This Signals for the Year Ahead

Federal IT is operating with greater urgency and focus, with speed and mission impact as top priorities.

Enterprise leadership coordinates large organizations. Optimization shapes architecture decisions. AI has named accountability. Acquisition frameworks are being revised. Workforce and emerging technologies are delivering measurable outcomes.

The leaders recognized this year are shaping how Government will function over the next decade, not just how it will deploy the next tool. Congratulations to all the winners.