Category Archives: Cybersecurity

Sea-Air-Space 2025: Top 6 Insights on AI, Readiness and More

Posted on by
Reply

Sea-Air-Space, the premier maritime exposition of the United States, is an educational hub for defense industry leaders, Government leaders and top military decision-makers to network and discuss the latest insights and advancements in the maritime and space domains.  

Joined by over 40 of our technology partners, Carahsoft showcased solutions on cybersecurity, cloud computing, artificial intelligence (AI) and more at Sea-Air-Space 2025, providing customers the opportunity to engage with and explore technologies designed to enhance the efficiency of mission objectives.  

This year’s conference featured six key themes for attendees to explore. 

1. Integrating Artificial Intelligence into Maritime Missions 

The efficiency of AI enhances the speed and accuracy of decision-making, providing real-time insights for Sea Service personnel. Integrating AI and other autonomous systems into military operations can satisfy the critical need for close collaboration between the technology industry and the defense sector. Speakers at Sea-Air-Space discussed the importance of finding practical applications of AI, machine learning (ML) and automation across warfighting, business processes, logistics and readiness.  

Major General of the United States Marine Corps, Matthew Glavy, spoke about the Marine Corps’ strategic use of AI. Presently, there is a “campaign of learning” aimed at aligning training and acquisition with AI capabilities. One goal is integrating algorithm management and scalability into AI training. Another is finding AI that functions in harsh maritime environments to improve warfighter’s abilities. Speakers stressed that AI is not just a tool for the future, but a present-day necessity that enables the Sea Services to significantly enhance the effectiveness, precision and longevity of their platforms and operations. With AI’s ability to detect and respond to cyber threats, the nation can better maintain its strategic defense edge.   

2. Preparing Data for Mission Readiness  

Currently available technology, assets and resources can be used to prepare data for future missions. As data can be used to enhance awareness amongst combat environments, sourcing data from diverse sources is vital to developing logistics systems for operations.  

Autonomous systems can be used to collect and translate data into actionable insights, enabling the Sea Services to improve operational readiness, extend lethality and respond swiftly at the tactical edge. The usability of data is just as important as having a diverse source.  

Technology with visualization tools, such as user-friendly dashboards, make data more accessible and predictive. This readability enables forces to anticipate failures, identify vulnerabilities and make data-driven decisions that impact mission readiness, ensuring personnel are equipped to outpace evolving threats.   

3. Maintenance for Operational Readiness  

Readiness is critical to maintaining a competitive edge. The United States Navy’s aims to achieve and sustain 80 percent combat surge ready posture for ships, submarines and aircraft by 2027. To accomplish this, platforms must be maintained and enhanced with the newest technology to ensure they are up-to-date and at their best capacity. Novel approaches to training, manning, and sustainment can all improve force readiness.   

In the session “Ready Our Platforms,” panelists discussed tips on the path to maintain pace with this goal.  

Sea Service personnel should:  

  • Engage with maintenance initiatives to strengthen planning, execution and partnerships to improve on-time delivery  
  • Take boats out of public shipyards in a timely fashion to ensure combat readiness  
  • Invest in original equipment manufacturing for maintenance work and quality assurance  
  • Review and update the Navy’s acquisition strategy to better acquire services for systems with diminishing subject matter expertise  
  • Increase the number of structural engineers embedded with maintenance teams to enable faster technical resolution of issues  
  • Create a dedicated force to focus on material ordering and provisioning for major maintenance efforts  

By embracing a proactive approach to training, manning, modernization and sustainment, the U.S. Navy can ready and bolster its force to improve combat readiness. 

4. Enhancing Security Through Space Systems  

To maintain its competitive edge, the Sea Services must strategically utilize all available assets, including space. In the session “The Critical Role of Industrial Space Assets in Maritime Security,” speaker John Hill, the assistant Secretary of Defense for Space Policy and the Deputy Assistant Secretary of Defense for Space and Missile Defense (PTDO) at the Department of Defense (DoD), discussed the five foundational space mission areas: generating, processing, storing, transporting and protecting data. By aligning mission objectives across the Space Force, Space Command and other relevant forces, the Sea Services can maintain pace with industry goals. Affordable, proliferated space systems and high-value technology can enhance maritime security by providing resilience and durability against emerging threats. By taking a proactive approach to innovation, the defense sector can leverage industry momentum and accelerate capability development.   

5. Innovation With Enterprise Solutions 

To support innovation and experimentation, the Sea Services aim to move from traditional procurement models towards modern, iterative approaches that empower operational commands and developers to co-create solutions in real time.  

The key strategies in this shift include:  

  • Using agile methodologies and continuous delivery pipelines  
  • Giving operational teams authority to drive mission-specific solutions  
  • Building open, modular systems with interoperability standards that allow for adaptable integration that maintains pace with threats and mission priorities  
  • Involving end users throughout the process, ensuring that the burden of integration at scale does not fall to combatants  
  • Providing consistent funding that supports innovation and experimentation  
  • Fostering a culture that accepts measured risk and supports transformation 
     

By decentralizing development and giving operational teams the authority to drive mission-specific solutions, the Navy aims to collapse development timelines, remove bureaucratic friction and deliver high-impact capabilities faster. The initiative provides persistent, mission-aligned funding streams that support innovation and experimentation without excessive risk aversion, creating pathways for scalable solutions at the pace of technological advancement.  

6. A Dive into Maritime Initiatives with Francis Rose 

A special Sea-Air-Space 2025 edition of Francis Rose’s Fed Gov Today explores the critical convergence of maritime security, technology and strategy in today’s evolving global environment. An interview with Vice Admiral Andrew Tiongson, Commander of the U.S. Coast Guard Pacific Area, discussed how the Sea Services have increased presence and coordination along the West Coast to counter maritime border incursions. Melissa Carson, Vice President and General Manager at Iron Mountain Government Solutions, highlights the critical need for structured data governance to enable effective AI-driven defense operations. Dr. Abbie Tingstad, Research Professor at the U.S. Coast Guard Academy, underscores the strategic importance of maintaining multi-domain presence in the Arctic through international partnerships, as environmental shifts and great power competition reshape polar governance. These insights collectively demonstrate how technological modernization, AI literacy, data readiness and strategic partnerships are essential for securing maritime domains against complex threats.  

Reliable, adaptable and verifiable technology enables the Sea Services to fulfill mission objectives. By leveraging today’s technologies to meet resource needs, extend the lifecycle of critical assets and enhance mission readiness, the Sea Services continue to outpace evolving threats and uphold its promise to protect the nation.  

To learn more about innovations amongst the Sea Services, visit Carahsoft’s defense portfolio to explore solutions showcased at Sea-Air-Space. For additional research into the key takeaways that industry and Government leaders presented at Sea-Air-Space, view Carahsoft’s full synopsis of key sessions from the tradeshow.  

Healthcare Program Executive: HIMSS 2025: Top 5 Insights

Posted on by
Reply

At the Healthcare Information and Management Systems Society (HIMSS) Global Health Conference and Exhibition 2025, health IT professionals, healthcare personnel and Government leaders joined to connect on the latest trends in the healthcare industry. As a provider and distributor of health IT solutions, Carahsoft and its partners are equipped to communicate recent trends and connect care providers, agencies and companies with the technology they need to embrace the future of healthcare. 

Here are the top 5 insights for the technology industry and Government from this year’s conference.  


1. Utilizing Artificial Intelligence in Healthcare  

Healthcare must ensure all provided tools are safe, effective and ethical to ensure the best outcomes for patients. As the widespread adoption of artificial intelligence in the healthcare industry is relatively new, providers and public health officials should employ risk management practices, strong governance and transparency with their usage of the tool.  

Providers should employ best practices for AI usage:  

  • Understand AI’s risk profile 
  • Ensure that data is representative of patients 
  • Address potential biases  

With continuous monitoring, providers can mitigate any potential model drifts and gain better oversight of the dynamic nature of AI systems. By highlighting the areas of risk, the healthcare system can make informed decisions on which tools, solutions and personnel to deploy to mitigate risk.  

Carahsoft HIMSS AI Interoperability Tradeshow Recap Blog Embedded Image 2025

There are many opportunities for AI in Healthcare. In the session “HL’s Ride on the AI Train,” the Chief Executive Officer of HL7 International, Charles Jaffe, discussed how AI can enable healthcare providers to promote interoperability. AI can also help providers address industry concerns, such as data provenance and data lineage. In the session “Shaping the Future of healthcare: A Collaborative Care Journey Where Technology and Humanity Coexist,” speakers Seung Woo Park and Meong Hi Son, respectively the President and Chief Medical Information Officer and Associate Professor at Samsung Medical Center (SMC), mentioned that SMC reduced the nurse turnover rate from 9.3% to 5.9% by assisting their workflow with AI and automation. In the session “Disruptive Technologies: Examining the Challenges and Opportunities of Cyber, AI and Beyond,” the Former Commander and U.S. Cyber Command and Former Director at the National Security Agency, Paul Nakasone, noted that AI-driven behavior changes could transform healthcare and prevent chronic diseases. Using AI to get suggestions on sleep, meditation, diet and stress management can all help in between doctor visits to chip away at chronic diseases. Through the collaboration of providers and technology, service in healthcare can be reshaped for the better, providing a gateway into personal medicine. 


2. Improving Healthcare Quality through Interoperability  

Another point of discussion at HIMSS was the role of digital technology and standards in improving healthcare quality. The National Committee for Quality Assurance (NCQA) has several initiatives, such as the Healthcare Effectiveness Data and Information Set (HEDIS) Fast Healthcare Interoperability Resources (FHIR) data model and the Bulk FHIR Quality Coalition, aimed at enhancing digital quality measurement by enabling end-to-end FHIR data exchanges. Quality measurement has evolved, and standardized clinical data helps accelerate that evolution. With modern computing platforms and technologies, such as Bulk FHIR, healthcare institutions can utilize real-time, continuous data processing, improving data encryption, data security and quality measurement. With comprehensive and timely data sharing among healthcare stakeholders, patients can get results from labs and pharmacies quicker, and can share their data across different healthcare offices, improving the affordability and quality of services.   


3. Addressing Veteran Needs in Collaboration with CMS 

On average, patients have their medical data located at 5.6 different locations, making interoperability, the ability of information to be exchanged between different health systems or technology systems, instrumental in helping patients and providers alike to improve the healthcare experience. 

In the session “A Discussion: Transforming Care Through Interoperability,” members of the Department of Veteran Affairs (VA) and University of Oklahoma discussed the benefits of interoperability for veterans. Data sharing between the VA and the Center for Medicare and Medicaid Services (CMS) can address healthcare challenges, such as dementia, suicidal ideation, traumatic brain injury (TBI) and oncology by enabling the two agencies to collaborate to achieve actionable approaches for real-world cases. For example, improving care coordination, optimizing resource utilization and driving better outcomes for veterans and other patients. 

Data sharing and collaboration is key to achieving efficient and effective healthcare delivery in the modernized health data infrastructure. In modernizing the infrastructure of the healthcare industry through interoperability, providers and patients can alleviate the work burden and work towards finding solutions at an expedited and swifter rate. The need for remote patient monitoring tools (RPM) is key to assist physicians and clinicians with increased data collection to support real-time treatment of these chronic illnesses for our veterans. 

HIMSS_Day 1_Case Study - Missouri Mission to Transform Digital Health


4. Leveraging Data to Improve Service 

Digital health increases the speed of learning, helps patients and providers overcome health inequity and increases the effectiveness of virtual care. In the session “Case Study: Missouri’s Mission to Transform Digital Health,” speakers Joshua Wymer, the Chief Health Information and Data Strategy Officer of the Missouri Department of Health and Senior Services (DHSS), and Natasha Ramontal, the Digital Health Strategist in Community Outcomes for HIMSS, discussed the DHSS’ journey to transform digital health. To address the needs of businesses, HIMSS and the DHSS teamed up, eliminating duplicate data sets, reducing volumes of data entry and improving regulatory oversight. Through their collaboration in improving the handling of data, the Missouri Department of Health and Senior Services became the first state level organization to successfully implement HIMSS’ Digital Health Indicator model.  


5. Bolstering Cybersecurity Mitigation with OCR and HIPAA 

In the session “Preparing for OCR’s Revived HIPAA Security Audits,” speaker Nadia Faheem Coster, the Executive Vice President of Permit Intelligence Services, discussed the Department of Health and Human Services’ Office of Civil Rights (OCR) 2025 audit program, which applies to fifty entities and business associates. The audit focuses on decreasing hacking and ransomware attacks.  

HIMSS_Day 1_Preparing for OCR Revived HIPAA Security Audits

To combat bad actors, Coster recommends:  

  1. Maintaining a risk management plan 
  1. Conducting annual secure risk assessments 
  1. Ensuring all policies and procedures are up to date 

Coster also emphasized the need for segmentation and asset inventory under the proposed Health Insurance Portability and Accountability Act (HIPAA) Security 2.0 rule. All related health systems and the IT industry should ensure their software and hardware are compliant under the proposed ruling. System resiliency is the gold standard for health systems looking to comply with the HIPAA Security 2.0 ruling. 


Data sharing, cybersecurity awareness, interoperability and artificial intelligence all enable cheaper and quicker work, whether it is sharing information between healthcare providers or on internal day-to-day operations, while ensuring quality care. By enabling the latest solutions in healthcare technology, health systems can create a better work environment for providers and a seamless experience for patients.  


To learn more about interoperability, legislation, cybersecurity and AI in healthcare, visit Carahsoft’s Healthcare Technology solutions portfolio to explore solutions showcased at HIMSS. For additional research into the key takeaways thought, industry and Government leaders presented at HIMSS, view Carahsoft’s extensive market research brief for a deeper dive.

Strengthening Cybersecurity in the Age of Low-Code and AI: Addressing Emerging Risks

Posted on by
Reply

As new technologies like low-code/no-code development and generative AI (GenAI) revolutionize how we build and interact with software, they also bring about new security challenges—especially for the public sector. Protecting sensitive information and online accounts is more critical than ever, as cybercriminals look to exploit gaps in these emerging systems. Ensuring robust security and threat visibility is now essential for safeguarding against the risks associated with these advancements, especially as traditional safeguards become less effective in the face of evolving threats.


Low-code Development Exposes New Risk

One of the unintended consequences of our shift to a low-code/no-code development paradigm is the delegation of complex development tasks to Large Language Models (LLMs) and GenAI systems, often bypassing seasoned developers and architects. This opens new opportunities for cybercriminals. These systems excel at functional requirements—‘Build me a website that accepts customer checkout requests’—but they rarely infer non-functional needs, like security, unless explicitly instructed.

In traditional software development, security considerations are often implicit, stemming from the experience of developers and architects who’ve spent years learning from real-world failures. GenAI, however, lacks this depth of experience and focuses narrowly on the task at hand. The result? Incomplete or inadequate security measures in software developed through these systems. As organizations lean more heavily on GenAI, we risk creating an insecure software ecosystem ripe for exploitation by threat actors.


The Proliferation of Knowledge-Based Verification Attacks

We’re on the brink of a surge in automated attacks exploiting vulnerabilities in Knowledge-Based Verification (KBV) systems. Large-scale data breaches, like the one that exposed millions of Social Security numbers last year, are eroding the effectiveness of this approach at confirming identity when creating an account or supporting a password reset. These processes often rely on KBV—such as answering questions about your mother’s maiden name or the street you grew up on—but this information is increasingly accessible to malicious actors.

Human Security GenAI Low Code Blog Embedded Image 2025

As these personal details become more widely available through data breaches and online marketplaces, attackers can easily bypass KBV systems. Worse yet, threat actors can now leverage LLMs to develop sophisticated tools to mine personal data at scale and orchestrate automated attacks against these KBV systems. Organizations face an urgent challenge: how to protect accounts in a world where traditional KBV methods are no longer secure or reliable while still offering users a legitimate path to create an account or regain access when needed.


LLM Safeguards Can Be Overridden or Bypassed by Running Models Locally

With the proliferation of local LLM instances and tools like Ollama, we’ll see safeguards embedded in commercial LLMs eroded or bypassed entirely. Running models locally can allow threat actors to fine-tune them, removing restrictions on malicious activity and enabling custom models optimized for cybercrime. This creates a new frontier for scaled attacks that are faster, more targeted, and harder to detect until it’s too late.

Imagine a threat actor fine-tuning a model to craft phishing campaigns, identify vulnerabilities in software, or automate account takeovers. The ability to localize and modify these models fundamentally shifts the balance, empowering attackers with tools tailored to their malicious intent. The guardrails built into commercial LLMs are no match for this growing trend, amplifying the need for robust detection and defense strategies at every level.

As the public sector continues to adopt innovative technologies, staying ahead of emerging cyber threats is crucial. The increasing sophistication of attacks, such as those targeting KBV systems and leveraging GenAI, highlights the need for stronger protections. By prioritizing comprehensive security measures and threat detection, organizations can mitigate the risks of these evolving vulnerabilities and safeguard their sensitive data and online accounts against malicious actors. It is essential to build and maintain resilient security strategies to ensure the integrity of digital infrastructures in this rapidly changing environment.


To learn more about how HUMAN Security helps the public sector protect citizen accounts, sensitive information, and critical infrastructure, click here.


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Protecting Government Benefit Programs from Automated Fraud

Posted on by
Reply

Nation-states, ransomware gangs, and cyber criminals have a new weapon of choice: AI-powered bots. These systems, which mimic human behavior to automate tasks, have already helped fraudsters siphon hundreds of billions of dollars from federal programs. If left unchecked, this problem will cause taxpayers severe financial harm. The incoming administration will need to move quickly to guard against this rapidly growing threat.

The need to better defend the nation’s technology infrastructure against AI-powered attacks is not a partisan issue, and it is likely our new cyber leaders can build upon some actions taken by the last administration, including the final cybersecurity EO, issued in January 2025, that highlighted the role that stolen or synthetic identities play in defrauding our government programs. While the focus on instituting modernized digital identity methods may be appropriate, we’d like to offer a few additional considerations for our incoming cyber leaders on how to attack this problem.


The Bots Are Here

HUMAN Security NightDragon Protecting Government Benefit Programs Automated Fraud Blog Embedded Image 2025

Bots are increasingly being used by malicious actors to hack into systems, scrape personal data, or submit fake claims for benefits. At its simplest, they can use credentials and identification information purchased or stolen on the dark web to perpetrate fraud against benefit websites. From overwhelming public benefit portals with credential stuffing attacks to manipulating identity verification systems with precision-targeted scams, bots exploit gaps in digital identity systems at a speed, precision, and scale that is incredibly hard to defend against. And with the advancements in AI, they can increasingly mimic legitimate users to bypass security measures faster than most institutions can adapt.

In fact, in 2021, the Department of Labor found that at least $87 billion of the nearly $900 billion in unemployment insurance awarded under the CARES Act in the aftermath of the COVID pandemic were paid improperly, with a significant, but indeterminable portion attributable to fraud. However, in 2023 alone, bots were responsible for 352 billion attacks targeting login portals, credential verification systems, and transaction flows across industries, according to HUMAN’s Quadrillion report.

With 20 percent of login attempts across observed systems linked to account takeover attacks, and 150 million new compromised credential pairs discovered last year, bots are evolving into the ultimate enablers of fraud. If left unchecked, they could amplify the scale of fraud exponentially.


How do we prevent this problem from evolving from merely headline-grabbing to system-crippling?

Our incoming cyber leaders must recognize bots as the major root cause of the fraud problem and refocus attention on deploying cutting-edge new tools on U.S. federal systems to defend the thousands of .gov websites the government administers. This includes deploying applications that can help protect from automated credential stuffing and brute force attempts, block bots from manipulating web applications, prevent data contamination in which bots disseminate fake information to skew metrics, and prevent the unauthorized data harvesting of public websites. 

The government must also take the lead in helping private sector entities adopt these tools. The federal government can serve as a catalyst, pushing hold-out organizations to invest in their own fraud defenses. Private businesses are looking for guidance on this issue. Bot detection and counter bot solutions deserve the same level of attention as endpoint detection, patch management, and other fundamental security controls. Proactively embedding bot mitigation into NIST frameworks, for example, will ensure government systems are prepared to defend against automated fraud at scale. Following on this, government guidance relating to how agencies establish Zero Trust architectures should also incorporate bot detection and mitigation.

Finally, we must foster stronger public-private collaboration to advance bot mitigation. Existing bodies for public-private cooperation on cybersecurity must more deliberately include bot intelligence and insight-sharing. We must evolve outdated conceptions of what constitutes cyber threat intelligence (CTI), and endeavor to collect, analyze and report bot intelligence as its own distinct, but highly important category of CTI.

As our incoming cyber leaders in the new administration plan their agenda, it is critical they understand that the root cause of large-scale fraud is not just weak digital identity management methods but AI-powered bots. Bots that undermine the delivery of services and benefits to millions. Combating fraud perpetrated by and with them is a national priority.


To learn more about how HUMAN Security and NightDragon work better together to support Government agencies in their mission to defend against bots, visit our website!


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security and NightDragon, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Navy Customer Executive: WEST 2025: Top 10 Insights on AI, Cybersecurity and More

Posted on by
Reply

Government leaders, military officials and industry professionals gathered at AFCEA’s WEST 2025 conference to discuss the newest technologies, modern networking capabilities and cybersecurity initiatives that enhance operations within the Sea Services. As a technology provider for the Department of Defense (DoD) and industry experts affiliated with the Navy, Carahsoft and its partners are deeply aligned with the goals of the Navy and Sea Services and is committed to providing mission-critical technologies to keep the country safe. Carahsoft and over 90 of our partners, including Adobe, Appgate, Crowdstrike, Docusign, HashiCorp, Hitachi, Qualys and WIZ joined at WEST 2025 to showcase solutions in artificial intelligence (AI), cybersecurity, DevSecOps, Zero Trust and more.  

Check out the action from San Diego, California in our West 2025 recap video!

Here are the top ten insights for the technology industry and Government from this year’s conference.  

1. Artificial Intelligence (AI) in the U.S. Navy

There are many opportunities for AI in the Navy, such as the OpenShip Tool and its usage of OpenAI’s Whisper model to translate incoming communications through the Navy’s Very High Frequency (VHF) radios. Remote monitoring can detect issues with technology and support rapid troubleshooting. AI can also be used to predict turnaround time, helping the workforce choose when to prioritize projects and deliver items on time.  

AI can simplify operations. PMS 406 unmanned Maritime Systems runs the Unmanned Maritime Autonomy Architecture (UMAA), whose architecture creates a low barrier of entry for operation. With AI, update 6.0 of the UMAA and the Navy’s “Replicator initiative,” which works to field hundreds of autonomous systems by August 2025,” every soldier could operate a drone.  

In the session “Fleet AI Deployment,” Lieutenant Artem Sherbinin, the Chief Technology Officer for the U.S. Navy ‘s Task Force Hopper, reviewed the three priority areas for the Navy’s AI usage, which are to: 

  • Outthink adversaries 
  • Enhance administrative work 
  • Maintain goal of keeping 80% of combat surge-ready fleet 

By using AI capabilities, the Navy can empower its acquisition force to act efficiently and quickly. Lieutenant Sherbinin also discussed two upcoming projects. Navy warships produce 150TB of data per warship per day. To manage this massive volume of data, the Navy is building a Warfighting Data and AI Ecosystem. This tool’s requirements are being drafted and will be submitted in the upcoming fiscal year, but currently include components such as data extraction, data processing and sensor updates to ships underway. Vendors should keep an eye out for pre-RFPs and RFI opportunities surrounding this capability.  The second project is a new Commercial Solutions Offering (CSO), the Surface Lethality CSO. This soon to be released solution will be released through the Defense Innovation Unit on AI for Surface Lethality, and will expedite decision-making and enable the Navy to keep ahead of adversaries.  

2. Red Teaming to Improve Cybersecurity

In the session “Leveraging Cloud to Accelerate Unmanned and Autonomous System (UAS) Mission Critical Capabilities,” Allen Mcafee, CTO of Fuse Integration, discussed the desire to increase red teaming—a process for testing cybersecurity by having allied hackers conduct non-threatening breaches—amongst autonomous systems to increase the robust quality of existing programs, especially in the electronic and kinetic fields. Vendors that specialize in cybersecurity solutions for autonomous systems should offer red team services to help solidify UAS security.  

3. The Importance of Maritime Trade to Cybersecurity

In the session “Office of Naval Intelligence Brief,” Rear Admiral Mike Brooks, Commander of the Office of Naval Intelligence (ONI), spoke heavily on the criticality of maritime trade and the effect it has on the posture of the Navy. Chokeholds on shipping ports can hinder the economy, and so ONI is placing further emphasis on gathering intelligence in this area to preserve supply chains.   

4. DISA’s New Cloud-Based Mission Partner Environment

To address logistic challenges, the Defense Information Systems Agency (DISA) developed a mission partner environment within the cloud. This tool acts as a joint sustainment decision tool and will feature an application hosting platform. DISA will initially host this environment, but is looking for commercial partners to host the platform and ensure its accessibility to all allies and partners. 

5. Business Initiatives

The Navy has upgraded its approach to doing business, releasing its Information Superiority Vision (ISV) 2.0. In the initial version, the Navy’s framework for business was “Modernize, Innovate and Defend.” The 2.0 System is: 

Optimize – IT teams can integrate new systems and turn off outdated ones 

Secure – Personnel should think proactively in the design phase, rather than the more reactive “defend” 

Decide – Staff places data into the hands of people who need it 

This new system focuses on being proactive and innovative, integrating a focus on the workforce. Vendors should determine how their solutions fit into one or more of these pillars when marketing their technology and solutions. 

Carahsoft WEST 2025 Blog Embedded Image 2025

The Navy can learn from all types of industries and technology. Former Commander of the U.S. Pacific Command and Former Ambassador to the Republic of South Korea Admiral Harry B. Harris Jr. recounts an example from the 1930s where the Marine Corps struggled to field a landing craft. The solution came from examining a small civilian craft in the local area, showcasing a “Higgins Boat Moment” where the Marine Corps were able to learn from civilian technologies, highlighting the importance of dual-use technology that is prioritized by the DoD. 

Business is fulfilled when employees have bandwidth. In the session “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain Kevin White of the PEO C4I PMW/A 170 Navy Communications and GPS Navigation Program discussed how bandwidth can fall into three different categories: morale, business applications and tactical services. When sailors have excellent bandwidth for morale and business applications, they are more efficient tactically.  

The DoD is working on a portal that provides information and education on Small Business Innovation Research (SBIR) and Small Business Technology Transfer (SBTT) programs. This portal assists in creating effective proposals and understanding language and resources. This page, while accessible, is still in development and will continue to be fleshed out in the upcoming weeks.   

6. Renewing Technology

In the session “I’m charged with Putting a Flux Capacitor in a 1995 Mazda,” Brigadier General of the U.S. Marine Corps and Commanding General of the Marine Corps Installations West Nick I. Brown mentions that whether it is power systems or IT, infrastructure needs to be in place to accept new technology. Much of the DoD’s infrastructure is build on legacy systems or is out of date and needs to be replaced or upgraded before advanced solutions can be put in place. The U.S. Marine Corps is looking for vendors to help with new technology instillations and upgrading existing infrastructure, especially on the West coast. The U.S. Navy is allocating funds to achieve similar goals.  It aims to improve its outdated infrastructure and systems to carry out technology initiatives by the Program Executive Office Digital and support the Navy’s culture of excellence.  

In the session “Why Have a Lambo if You Don’t Have the Road?”, Col. Jared Voneida discussed five major areas that DISA is working on: 

  • Building commercial and Government data centers 
  • Improving theater transport and host nation infrastructure 
  • Fortifying existing cybersecurity infrastructure and Defensive Cyberspace Operations-Internal Defensive Measures (DCO-IDM) 
  • Maintaining command and control of the network 
  • Completing initiatives by 2027 

The Colonel also emphasized the need to divest from legacy time division multiplexing (TDM) infrastructure. While AI and machine learning (ML) has a plethora of uses, until AI/ML software divests from TDM infrastructure, DISA cannot utilize it effectively to assist with their network and data. With updated networks and hardware in place, the Navy and DoD can utilize the newest advanced solutions.  

7. IT at the Center of the Workforce 

To meet the rising demand in recruitment, the Navy has released its new enlisting agent, Robotics Warfare Specialist. With cybersecurity being more at the center of safety, the Navy aims to train more sailors in IT. Additionally, the Navy has released a new enlisted rating, Robotics Warfare Specialist, a new job that helps ensure effective planning and control of autonomous systems.  

8. Improving Productivity by Decreasing Troubleshooting

IT and software issues can lead to lost productivity. RAND Corporation, a research and development nonprofit, recently released a report regarding the viral LinkedIn post “Fix Our Computers” that highlighted user experience challenges with IT systems in the DoD. Their report estimated, on the conservative side, $2.5 billion in lost productivity due to IT and software difficulties.  The Sea Services aim to increase the user friendliness of software to decrease the time lost to troubleshooting. In the sessions “Bringing Enterprise IT to the Edge to Accelerate Innovation,” Captain White of the U.S. Navy attributed the largest productivity gaps to IT teams relying on command line programing. Captain White encourages industries to develop more user-friendly systems that do not rely on command lines.   

9. Compliance is No Longer Enough

In the session “DON CIO Perspective,” Navy CIO Jane Rathbun states that while Authority to Operate (ATO) tells you how secure a system is at that point in time, it does not encourage the readiness mindset that is optimal for protecting cybersecurity. Rathbun encourages switching to continuous monitoring and authorizations of systems, rather than stopping at ATO compliance. Rathbun specifically noted threat analysis and continuous monitoring as areas vendors might be assessed on in the future.  

10. DevSecOps Products that Improve Marine Corps Productivity 

The Marine Corps showcased 11 different products manufactured by the software factory product line related to development, security and operations (DevSecOps).  

Check out details on the products below: 

  • MyCareer – Supports the Manpower Management Enlisted Assignments (MMEA) and aids Marines by monitoring conversations, providing a virtual queue and matching partners based on data on marine preferences 
  • ItemEyes – Provides marine units with a digitized inventory 
  • Sensor Processing Analysis Radar Translation Application (SPARTA) – Hosts data from radar, automatic identification system (AIS) and unmanned systems all in one user-friendly interface 
  • CRUSADER – Controls, processes and detects radar information in one easy to use library 
  • Real-time Alerting, Interference Detection & Electromagnetic Reporting (RAIDER) – Provides real-time alerts for anomalies detected in the electromagnetic spectrum 
  • All-domain Electromagnetic and Radio Organic Trainer (AeroT) Helps Marines simulate and visualize their electromagnetic signature 
  • EXODUS – Provides evacuees located abroad with personal services, such as mobile passport processing 
  • TAK Design System – Helps Marines navigate and build plugins for Tactical Assault Kit (TAK) 
  • ReserveHub Enables Marines to find ideal areas when relocating, boosting retention rates 
  • SnapDB Analyzes pictures taken by unmanned aerial systems (UAS) 
  • J-Series Message Library, Government Open-Source (JSML) – Translates code into J-Series 

Through the developing partnerships between the technology industry and Government as well as Carahsoft and our partners, the DoD can streamline in areas such as artificial intelligence, cybersecurity, DevSecOps, compliance and more. These insights from West 2025 illustrate the Navy and Sea Service’s commitment to continual innovation and maintaining the safety of the nation.  

To learn more about cybersecurity and the defense industry, visit Carahsoft’s defense portfolio to explore solutions showcased at AFCEA’s WEST 2025. For additional research into the key takeaways industry and Government leaders presented at WEST, view Carahsoft’s extensive market research brief for a recap.  

Better Together: How HPE, AMD and Nutanix Empower Modern Enterprises

Posted on by
Reply

The rapid evolution of enterprise technology has made modernization an urgent priority. Businesses today face challenges ranging from complex infrastructure and escalating costs to the rising demands of artificial intelligence (AI) and hybrid cloud environments. Together, Hewlett Packard Enterprise (HPE), Advanced Micro Devices (AMD) and Nutanix provide unified solutions that simplify operations, strengthen security and deliver unmatched performance, empowering organizations to navigate current demands and prepare for the future.


Addressing Market Challenges with Innovation

In a dynamic market where infrastructure complexity and cost pressures are top concerns, the combined expertise of HPE, AMD and Nutanix is driving transformative solutions. Nutanix’s hyperconverged infrastructure (HCI) simplifies multicloud management, enabling organizations to run workloads across on-premises, public and private clouds or colocation sites. With intuitive tools like Prism, Nutanix delivers flexibility, cost efficiency and robust security.

On the hardware side, AMD’s EPYC Central Processing Units (CPUs) have revolutionized the data center market, achieving a 34% market share through scalability (i.e. higher core count options that help reduce server footprint). Designed for diverse workloads, including analytics and hybrid workforce applications, AMD solutions like the 4th Gen EPYC CPUs provide outstanding performance while optimizing total cost of ownership (TCO).

Meanwhile, HPE’s ProLiant DX Gen 11 servers offer fast deployment, tailored configurations and scalable options for diverse business needs. Supported by OpEx models like GreenLake, HPE ensures financial flexibility, making modernization accessible for organizations of all sizes.


Unlocking the Potential of AI

HPE AMD Nutanix Better Together Modern Enterprises Blog Embedded Image 2025

AI is reshaping industries, and the HPE, AMD and Nutanix partnership enables enterprises to meet these infrastructure demands. Nutanix’s HCI platform, paired with AMD’s EPYC CPUs, deliver optimized performance for AI and machine learning (ML) workloads. The Nutanix DX 385 model supports up to four double-wide Graphics Processing Units (GPUs), providing accelerated compute for AI-driven environments. With features like network microsegmentation and automated lifecycle management, Nutanix ensures secure, optimized environments for AI applications.

AMD’s EPYC processors are tailored for AI applications, from small-scale enterprise large language models (LLMs) to large-scale generative AI. High core density and features like Secure Encrypted Virtualization (SEV) ensure robust performance and security. HPE complements this with ProLiant DX servers designed for AI workloads, including their “GPU in a Box” model, which simplifies deployment and scales with demand, making it easier for businesses to meet the demands of AI-driven applications. Together, these technologies provide enterprises with the computational power and flexibility to unlock AI’s potential within hybrid cloud environments.


Simplifying Modernization Across Infrastructure

Modernization is no longer optional—it is a necessity for businesses navigating an evolving IT landscape. Businesses face the dual challenge of balancing legacy infrastructure needs with the demands of the future. HPE, AMD and Nutanix simplify this transition by addressing performance, security, management and integration, ensuring organizations modernize effectively while maintaining operational continuity.

Performance

Nutanix software on AMD EPYC-powered HPE ProLiant DX servers handles workloads like virtualization, analytics, big data and AI/ML with exceptional performance. The 4th Gen EPYC CPUs deliver high performance across metrics including per core and per server, reducing infrastructure costs. High-frequency CPU options enable the provisioning of more virtual machines and workloads without increasing physical cores, ensuring businesses can scale seamlessly as demands evolve. HPE delivers two high-performance NVMe storage options, designed to boost data center performance while ensuring reliability and security. HPE NVMe Mixed Use (MU) SSDs use Peripheral Component Interconnect Express (PCIe) Gen4 to boost performance for Big Data, high-performance computing (HPC) and virtualization with fast transfers and low latency. HPE NVMe Read Intensive (RI) SSDs optimize read-heavy workloads like web servers, storage and caching with high-speed PCIe Gen3 and Gen4.

Security

Nutanix integrates features like automatic auditing, encryption and network microsegmentation to ensure compliance and safeguard IT environments. AMD EPYC processors add another layer of protection with SEV, isolating virtual machines with memory encryption for silicon-level protection. HPE’s Silicon Root of Trust protects firmware from the boot process and continuously monitors the Basic Input/Output System (BIOS), ensuring server integrity and preventing breaches​.

Management

Managing modern IT environments is simplified with Nutanix’s one-click updates and lifecycle management capabilities, which integrate seamlessly with HPE’s Service Pack for ProLiant. Nutanix Prism offers a unified management plane, enabling centralized control for clusters, applications and data. The intuitive management interface reduces complexity, empowering IT teams to handle hybrid cloud environments with ease and efficiency.

Integration

Pre-installed with Nutanix Acropolis OS (AOS), HPE ProLiant DX servers offer out-of-the-box solutions optimized for AMD EPYC processors. These systems support diverse hypervisors, including Nutanix Acropolis Hypervisor (AHV) and third-party options, giving businesses the flexibility to tailor infrastructure setups to specific needs. This collaboration ensures workload-specific performance and seamless integration across various deployment environments, helping businesses modernize without disruption.


HPE, AMD and Nutanix demonstrate the power of collaboration by offering a unified approach to modernization. By combining high performance, robust security, streamlined management and flexible integration, their solutions provide businesses with the tools they need to meet today’s challenges and prepare for tomorrow’s demands. Collectively, they simplify the journey to modernization, proving that they truly are better together.


Discover how HPE, AMD and Nutanix are better together in delivering powerful, secure and scalable solutions for modern enterprises. Watch our webinar, “Modernize Your Infrastructure with HPE & Nutanix – Powered by AMD,” to explore cutting-edge innovations and actionable strategies that transform IT environments.


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HPE, AMD and Nutanix, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Top 10 Cybersecurity Events for Government in 2025

Posted on by
Reply

In 2025, assessment, adaptation and agility are key for Government agencies and the tech industry to successfully navigate the growing landscape of cybersecurity. As part of the recently released White House Executive Order, “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” Government agencies are tasked with modernizing polices to meet today’s cyber security challenges which include an emphasis on Zero Trust Architectures, Endpoint Detection and Response, Network Segmentation and advancing Phishing Resistant MFA protocols. Carahsoft is prepared to support and guide the Federal, State and Local Government, as well as Education and Healthcare organizations through this new year in collaboration with our robust network of cybersecurity partners and solutions. Check out these top events to learn more about what to expect in cybersecurity throughout this year. 

Public Sector Day at RSA Conference 

April 28 | San Francisco, CA | In-Person Event 

Carahsoft Top 10 Cybersecurity Events Carahsoft Blog Embedded Image 2025

Join us for the 12th Annual RSA Public Sector Day at RSA Conference! This year’s program will examine key areas such as developing a strong cybersecurity workforce, understanding the impact of AI on both offensive and defensive cyber operations, and improving the exchange of information among Government entities. Hear directly from top Government leaders and industry professionals as they discuss their perspectives and strategies for enhancing cybersecurity across all levels of Government and healthcare. 

Stay connected with Carahsoft as we prepare for another great presence at this year’s event and stay tuned to our RSA Public Sector Day 2025 website for more information on our agenda. 

AFCEA TechNet Cyber 

May 6-8 | Baltimore, MD | In-Person Event 

This flagship event will feature conversations led by national defense professionals, tech industry experts and academia partners discussing topics focused on policy, strategic architecture, C2 and joint capabilities. Explore global security challenges and solutions with IT professionals and learn about new ways to combat sophisticated cybersecurity threats.  

Carahsoft’s pavilion will feature more than 50 partners showcasing a full range of cybersecurity, artificial intelligence, DevSecOps and cloud solutions. Fed Gov Today with Francis Rose will also be in the Carahsoft booth taping a broadcast TV episode showcasing Government and industry thought leaders at the event. In addition to our pavilion, Carahsoft will be hosting a networking reception on May 7 at Power Plant Live. 

Educause Cybersecurity and Privacy Professionals Conference 

May 19-21 | Baltimore, MD | In-Person Event 

Student safety and security are consistently at the forefront of educator’s minds and discovering innovative and modern ways to ensure those basic requirements are met is imperative. This premier Educause forum connects you with higher education information security and privacy professionals to do just that. Attendees will have the chance to network and discuss the latest cybersecurity trends and current events with peers and solution providers to make a meaningful impact on their individual communities and the education sector as a whole.  

Program tracks to look out for: 

  • Privacy 
  • Risk, Compliance and Policy 
  • Awareness and Education 
  • Technologies and Operations 
  • Leadership and Professional Development 

We are excited to confirm that we will be attending this year’s conference! Carahsoft has100+ vendors who are dedicated to supporting cybersecurity in education and we, along with our partners, are looking forward to connecting during this premier event. For updates, please email EDUMarketing@carahsoft.com 

 

EDGE25 Security Summit

July 10-12 | San Diego, CA | Hybrid Event

The Government Business Executive Forum (GBEF) is hosting the annual EDGE25 Security Summit to join 400 senior security professionals across multiple industry sectors in three full days discussing the latest global and emerging security threats, strategies and technologies. This is an exclusive, invite-only, event for GBEF members, Government and Carahsoft partners. The summit’s highly interactive, off-the-record executive roundtable agenda offers attendees and participants the opportunity to make connections, share perspectives and speak candidly on technology and mission issues. Additional impactful multimedia presentations will be live and broadcast for virtual attendees, allowing for even more interaction and insight into the progression of world-wide security innovation.

As a Carahsoft partner, you will have the opportunity to join us at GBEF’s leading event, participate in engaging receptions and attend pre- and post-conference activities that encourage building professional relationships across the industry. Additionally, join us as Carahsoft will be sponsoring the welcome reception for attendees aboard the USS Midway on July 10!

 

SANS Government Security Solutions Forum

July 22 | Virtual Event 

The SANS Institute stands on a mission of empowering cybersecurity professionals and honoring the highest standard in cybersecurity education to make the world a safer place. The Government Security Solutions Forum will delve into the latest trends in network protection, AI and cyber defense, supply chain, workforce development and more to help attendees understand how to combat modern threats effectively. At last year’s event, participants engaged with technology experts and listened to unique panel discussions with audience Q&As surrounding invaluable security initiatives across the Public Sector in areas such as Zero Trust implementation, achieving CMMC compliance and harnessing AI. Join us at this year’s event for all this and more! 

Carahsoft looks forward to partnering with the SANS Institute for the fifth year in a row to bring this event to life.  Carahsoft has over 800 employees focused on cybersecurity and partnerships with over 150 vendors. To learn more about the topics discussed at the forum and what to expect in July, read out highlights from last year’s event. 

GovForward ATO and Cloud Security Summit 

July 24 | In-Person Event 

The GovForward ATO and Cloud Security Summit will be back for its 7th year on Thursday, July 24, 2025, at the Waldorf Astoria in Washington D.C. The event will explore the Federal Risk and Authorization Management Program (FedRAMP) changes, and how advancements at the Federal level are impacting the broader Public Sector market. 

With over 1000 registered attendees, more than 30 speakers and 10+ engaging sessions and panels at the 2024 event, Carahsoft is excited to join forces with Government Executive again in 2025 delivering even more valuable insights, expert discussions, and networking opportunities for attendees. View highlights from the 2024 event and check back soon for more information on joining us at the 2025 ATO and Cloud Security Summit.  

Black Hat USA 2025 

August 2-7 | Las Vegas, NV | In-Person Event 

Returning to the Mandalay Bay Convention Center this year, the Black Hat USA 2025 program is packed with cybersecurity excellence in research, development and exploration of trends. Get involved with immersive and interactive trainings, live-in person sessions and demos, on-demand briefings, dynamic networking opportunities in the business hall, as well as the Black Hat Certified Pentester (BCPen) certification program. Join Carahsoft and uncover new ways to support your agency’s or organization’s cybersecurity mission. 

This year, we are exploring the possibility of hosting a breakfast briefing tailored for the Public Sector—stay tuned for updates as plans develop! Additionally, we are excited to announce that we will be hosting a networking reception again this year, providing a great opportunity to connect with industry peers. Check out the events tab on our website for more details closer to the event! 

Billington Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

A long standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions and interactive breakouts for attendees to truly immerse in the world of today’s emerging cybersecurity solutions and trends. In its 16th year running, this leading Government cybersecurity summit promises an exceptional line up of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos. 

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:  

  • Zero Trust 
  • Ransomware 
  • Advancing cyber diplomacy 
  • Learning how to use proactive defenses 
  • Engineering AI into cybersecurity platforms 
  • Implementing an effective risk management approach 
  • Protecting critical infrastructure 

Stay tuned to the website for announcements around the speaker lineup and further summit information. 

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website for more details closer to the event! 

StateRAMP Cyber Summit 

October 2-3 | Chicago, IL | In-Person Event 

Carahsoft is excited to be the presenting sponsor of the 2nd annual StateRAMP Cyber Summit this year. For Public and Private Sector leaders, this is the leading event to come together and examine today’s crucial cybersecurity, risk management and compliance topics.  

Here is an overview of what attendees can expect this fall: 

  • Future-focused insights on framework harmonization & AI 
  • Best practices in supplier risk management & procurement 
  • Real-world case studies from top cybersecurity leaders 
  • Discussions on emerging technologies and their compliance impact 

With over 350 registered attendees, more than 30 esteemed speakers and 10+ engaging sessions and panels, Carahsoft is honored to have been a presenting sponsor at last year’s inaugural summit. Check out highlights from the 2024 event and check back soon for more information on joining us at the 2025 StateRAMP Cyber Summit. 

Carahsoft Cyber Leaders Exchange 

October | Virtual Event 

Presented by Carahsoft in collaboration with Federal News Network, The Cyber Leaders Exchange will dive into how the Government is building cyber resilience, including showcasing tips, tactics and tools to support your organization’s mission-critical cybersecurity efforts. Look forward to sessions about cybersecurity strategy-building, workforce challenges, AI within cybersecurity and informative speakers from trusted technology vendors as well as Government experts. 

Stay tuned for event announcements and more information to be released. Curious about what to expect? Check out highlights from our 2024 Cyber Leaders Exchange. View the events tab on our website for more details closer to the event! 

Previous Event Highlights:

Rocky Mountain Cyberspace Symposium

February 10-13 | Colorado Springs, CO | In-Person Event 

Connecting people and ideas, RMCS25 is an annual forum for the tech industry, academia and Government to discuss and propose solutions to the challenges of cybersecurity, community cyber readiness and homeland defense facing our nation. The theme of this year was “Securing the Future: Cyber Capabilities, All-Domain Superiority, and Strategic Advantage.” This event explored how cyber capabilities and multi-domain strategies are pivotal in achieving and maintaining strategic advantage in the modern landscape. 

Topics highlighted: 

  • Innovation and Rapid Acquisitions 
  • CJADC2 Strategic Opportunities 
  • Modern Deterrence and Special Ops 
  • Securing Space Through Cyberspace 
  • AI Across the Spectrum of Operations 
  • Posturing and Developing Forces 

Carahsoft exhibited at the event hosting a small pavilion featuring demos from several of our partners and held a successful networking session at this year’s event!

While the Government and cybersecurity community face a great deal of change over the next year, join Carahsoft at one of these immersive events and be a part of modernization and finding solutions to today’s cyber challenges. 

— 

As technology and the Public Sector’s adoption of Cybersecurity tools advance, the topic remains at the forefront. Our partners are making significant strides in Cybersecurity, and you are invited to join the conversation. Attend these revolutionary events and help shape the future of cybersecurity. 

Fal.con Gov 

February 27, Washington, D.C., In-Person  

Zscaler Public Sector Summit 

March 24 – 25, Washington, D.C., In-Person Event 

Okta Government Identity Summit 

March 5, Washington, D.C., In-Person Event 

Palo Alto Ignite  

April 1, Tysons, VA, In-Person Event 

F5 Public Sector Symposium  

April 8 – 10, Tysons, VA, In-Person Event 

AWS re:Inforce 2025 

June 16 – 18, Philadelphia, PA, In-Person Event 

To learn more or get involved in any of the above events please contact us atcybersecurity@carahsoft.com. For more information on Carahsoft and our industry leading Cyber technology partners’ events, visit our Cybersecurity solutions portfolio and Cybersecurity Events page. 

Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

Posted on by
Reply

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.


Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

  • Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
  • Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
  • Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image
  • Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
  • Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
  • Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
  • Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
  • Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

  • Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
  • Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
  • Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

  • Enhanced security through continuous evaluation and dynamic risk mitigation.
  • Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
  • Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.


To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

Posted on by
Reply

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

  • Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
  • Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

  • Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
  • Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

  • Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
  • Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
  • Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

  • Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
  • Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

  • Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
  • Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
  • Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

  • Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
  • Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
  • Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

  • Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
  • Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
  • Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Cyberattack Trends Impacting Local Government and Education Sectors

Posted on by
Reply

Today’s cybercriminals are no longer driven solely by financial gain, the geopolitical impact of attacks has shifted with nation-state actors now targeting critical infrastructure. While Local Governments have long been a part of this, schools have also become key targets, especially after COVID-19. The pandemic’s disruption to education has left a lasting impact, making attacks on schools and Local Governments both physically and psychologically significant. These institutions, essential to society, are under siege not just for their sensitive data but for their societal importance. With advanced capabilities and financial backing, nation-state actors are accelerating their efforts, heightening the urgency for robust cybersecurity.

Why Threat Actors Target Local Government and Education

Local Governments are frequent cyberattack targets due to their political significance and the essential services they provide. When one city is attacked, neighboring cities often become hyper-vigilant, particularly smaller municipalities managing critical services like water supply. These vital functions make them high-value targets. While financial institutions are seen as obvious targets for their direct connection to money, Government agencies hold more financial value than many realize. The stakes are even higher when political positions are involved, making Local Governments attractive to financially motivated attackers and nation-state actors seeking leverage.

Lumu Technologies SLED Cyberattack Trends Blog Embedded Image 2024

Education has also become increasingly vulnerable. Schools were initially targeted for geopolitical reasons, with attackers seeking to influence the “hearts and minds” of society by disrupting education. However, cybercriminals discovered the financial value of student records, which are worth more on the dark web than credit card or healthcare information due to students not checking their credit scores. This extended window for identity theft, combined with the vast amount of data schools hold, makes educational institutions prime targets for cybercriminals.

Both Local Governments and schools face shared challenges in defending their systems. For Governments, Supervisory Control and Data Acquisition (SCADA) networks that manage infrastructure are often isolated but still present large attack surfaces due to their distributed nature. Schools, on the other hand, struggle with the complexity of students bringing their own devices, which introduces uncontrolled entry points into the network. These vulnerabilities make Local Government and education uniquely attractive and susceptible targets in the cyber landscape.

Two Main Attack Vectors: Phishing and Infostealers

Cybercriminals use various tactics to infiltrate Local Governments and schools, exploiting both technological weaknesses and human behavior. People are often the weakest link, making them prime targets for attackers. The rise of artificial intelligence (AI) has further advanced these attacks, making them more difficult to detect. While agencies and schools cannot fully eliminate the risk through training alone, understanding these evolving threats can significantly reduce the chances of successful attacks.

Phishing and information stealing are two of the most prevalent methods used by cybercriminals. Research from Lumu Technologies shows that phishing accounts for 52% of attacks, while information stealing makes up 48%, illustrating their near-equal presence as cyber threats.

Phishing

Phishing is often used to gain initial access into a network, accounting for approximately 90% of attacks. By tricking users into clicking malicious links or downloading malware, attackers establish a presence in the system. The preliminary malware allows them to move laterally, escalate privileges and locate sensitive data. Attackers either sell the data or use it to launch ransomware attacks. In ransomware scenarios, the attacker takes control of the network, encrypts critical data and issues a ransom demand. Phishing is thus the starting point for a larger chain of events leading to data theft and/or financial extortion.

Information Stealing

Infostealers are designed to capture sensitive information, often to sell on the dark web or to facilitate ransomware attacks. Like intelligence operations, they collect data to spread through an environment or identify new attack points. Keyloggers record keystrokes to capture usernames and passwords for unauthorized access. Other methods include form grabbers, which intercept forms and alter them, and browser hijackers, which mimic legitimate sites to bypass multi-factor authentication. Sensitive data from Local Government and education sectors is highly valuable, with threat actors intensifying efforts to exploit it for profit.

In addition to phishing and infostealers, cybercriminals continually find new ways to exploit technology and human behavior, such as man-in-the-middle (MITM) attacks, credential stuffing and supply chain attacks. These often-overlooked attack vectors can cause significant damage to agencies and schools. Recognizing these methods is crucial for developing comprehensive defenses.

Why These Attack Methods are Successful

These attack methods succeed against Local Governments and schools due to the constantly evolving nature of cyber warfare. Like traditional warfare, attackers adapt, finding new ways in after one vulnerability is closed. Defenders must be equally dynamic.

Even with security measures like Endpoint Detection and Response (EDR), attackers find ways to bypass them. EDR relies on behavior analysis, which takes time, while attackers use advanced AI to quickly develop new methods. Local Governments and schools are often slower to adapt, giving attackers an advantage. The challenge is not just implementing security measures but continuously evolving defenses to keep up with new threats.

AI Versus AI

In the battle against evolving cyberattacks, Local Governments and schools must leverage advanced technologies like AI and automation. As attackers adopt AI to improve the sophistication and speed of attacks, defenders need equally powerful tools. Cybercriminals use AI to bypass traditional defenses, identifying weaknesses faster than humans can.

To keep up, Local Government and education sectors must deploy AI-driven systems to detect threats in real time. AI helps identify vulnerabilities, enabling proactive defense, while automation blocks threats at machine speed. For smaller institutions with limited resources, automation is especially crucial to defend against attacks effectively.

In a landscape where cyber threats continually evolve, matching the speed and sophistication of attackers is crucial for a strong cyber defense. Government agencies and educational institutions must stay vigilant, leveraging AI and automation to outpace attackers and protect the critical infrastructure and data that comprise the foundation of society.

Discover the latest trends in cyberattacks and learn how AI and automation are reshaping the fight against modern cybercriminals in Lumu Technologies’ webinar, “Emerging Cyber Attack Trends Targeting Local Government & Education.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Lumu Technologies, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.