Patching in Federal Government Networks

Posted on by Tyler Jaeger

Ivanti is committed to our customers who uphold the Nation’s highest commitments. To this end Ivanti believes that the mission our customers fulfill should not be impeded or constrained by the security stance they take. In these security conscious situations, it’s considered both mandatory and best practice for nodes within these networks to be either disconnected or entirely air-gapped.

(Context: A disconnected network can traverse its own internal network/intranet but is disconnected from the broader internet. Conversely – an air gapped environment is even further isolated – being entirely independent with no connectivity to either a larger intranet or internet.)

Despite these efforts – the risk of exploitation is not absolved simply by disconnecting or placing nodes into an air-gapped state. Network isolation of these servers & endpoints is only one aspect within a zero-trust security paradigm that these Sys-Admins have to contend with.

Technical administrators of these environments are still responsible for maintaining their systems against on-going vulnerabilities. The patching of these systems acts as a counter measure against insider threats within these systems. These vulnerabilities are more than the standard Patch Tuesday Windows OS vulnerabilities. A significant majority of these vulnerabilities exist in the 3rd party Application Eco-System. According to The U.S. National Vulnerability Database – Microsoft exploits only account for 15% of total vulnerabilities today.

Ivanti Patching in Federal Gov Networks Blog Embedded Image 2024

Patching these systems can be extremely tedious and time-consuming, but also manually intensive. This time could be better spent performing strategic security measures, or not spent at all. As a result of this lengthy process critical systems can be impacted and left open to vulnerabilities. A report from the GAO (As detailed in Pg. 46 of the GAO Report 16-501: Agencies Need to Improve Controls over Selected High-Impact Systems) shows that this has historically left even critical vulnerabilities unpatched after a significant time period (In the report – several years). To address these issues, Ivanti assists our customers by automating the remediation of the vulnerabilities found within their system, while also providing a record of truth, and reporting to these workflows.

Ivanti’s Disconnected Patching Capability

Ivanti’s product portfolio not only includes its flagship cloud-based Product Suite, and also a strong array of On-Premise based products. Two products worth highlighting for this are Ivanti Security Controls (ISEC), and Ivanti Endpoint Manager (EPM). Both products have On-Premise deployment options which extend into Disconnected and Air-Gapped Use-Cases.

At a high-level, Ivanti services disconnected / airgapped environments via the use of servers placed within those environments. Those servers then act as a repository for OS patches (Incl. Windows, Linux, and Mac), along with 3rd Party Application Patches. Reference this example diagram of a disconnected instance of Ivanti ISEC. In this example, a central environment is used to download and prepare patches for the environment. Then, one-to-many disconnected environment can then be stood up with patches and management provided via a ‘File Transfer Service’. This service can mean two things: either an approved Media Devices to enable transfers when no connectivity can exist, or a staged approach in which connectivity for a Centralized console is alternated between the Internet and a Disconnected Environment. Where approved, this prevents a direct link between the internet and the disconnected environment.

One additional note with this diagram is that both the Central Rollup Console and Connected Environment can also be connected on temporarily, even if only to update definitions in support the disconnected portions of the deployment.

Ivanti Endpoint Manager (EPM)

On the flipside, we can take the disconnected / connected philosophy we mentioned in ISEC and apply it to our EPM product. Like with ISEC an admin can create multiple EPM consoles, or cores without any additional charges. Those cores can be deployed as disconnected or ‘dark’ cores. Vulnerability Definitions and Patches can then be copied from a connected environment into the disconnected environment via the same preferred ‘File Transfer Client’ of choice. This methodology has been proven amongst our customer base who have effectively deployed this into disconnected and airgapped instances for both ISEC and EPM.

Modernized & Automated Patching Workflows

Modernizing the patching process means reducing the Mean Time to Patch, and strategically securing against vulnerabilities. To that end, Ivanti provides Neurons for Risk Based Vulnerability Management – a Vulnerability Management system that provides contextualization around threats (Ex. ‘Trending’ Vulnerabilities or Vulnerabilities could be executed without physical access to the target).

RBVM also provides the necessary patches and remediation for those vulnerabilities. By integrating our Patching and RBVM we modernize patching into a strategic and automated process. Files containing the vulnerabilities deemed most risky can be loaded into solutions like EPM to determine and provide patches. This workflow can still apply even in disconnected and airgapped use cases. RBVM could connect to the Rollup Core while disseminating patches via the process mentioned above.

How Ivanti can Help

Between Ivanti’s EPM & ISEC products, a System Administrator would have full range to patch the Windows, MacOS, and Linux Servers and Workstations within their environments. Patches also extend to 3rd Party Applications in which a significant portion of vulnerabilities originate. Ivanti also has a team of QA testers that validate the patches within its 3rd Party Patch Catalog to ensure no patches will cause a crash to the system. This patching can apply to both connected, and disconnected environments without any additional charges for scaling your Console Server Deployments.

In the case of ISEC – ISEC can discover and patch endpoints both with an agent and agentlessly. ISEC can also integrate with On-Premise VMware ESXi environments and patch ESXi hosts, as well as images and offline VM’s, thus further centralizing and reducing time to patch across the environment. Conversely – EPM provides users with a full suite of Endpoint Management capabilities in addition to patching including Discovery and Data Normalization, OS Provisioning, Software Distribution, User Profile Management, Remote Control, and Integrated Patching and Endpoint Security.

Additional Resources

For further reading, please consider Ivanti’s Product documentation around this subject. These references can provide additional documentation around how to establish:

About Ivanti

Ivanti was created in 2017 with the merger of Landesk and HEAT software. We are a powerhouse IT solution with over 30 years of combined experience. Ivanti finds, heals and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best.

Ivanti is committed to supporting our customers requiring either Cloud or On-Premise deployment requirements. In both of those deployment paths Ivanti’s Portfolio contains accredited solutions including the following certifications: DoD ATO, Army CoN, Common Criteria, DoDIN APL, DISA STIG, DoD IL2 & IL5 Private Cloud, DoD ATO, NIAP MDM PP v4, NIAP Common Criteria, NSA CSFC, FIPS 140-2, FedRAMP Moderate, & SOC 2 Compliances.

Connect with an Ivanti representative today and learn more about how Ivanti can support your MultiCloud initiatives.

The 12 Artificial Intelligence Events for Government in 2024

Posted on by Mike Adams

Last year set a landmark standard for innovation in artificial intelligence (AI). Federal, State, and Local Governments and Federal Systems Integrators are eager to learn how they can implement AI technology within their agencies. With the recent Presidential Executive Order for AI, many Public Sector-focused events in 2024 will explore AI modernizations, from accelerated computing in cloud to the data center, secure generative AI, cybersecurity, workforce planning and more.

We have compiled the top AI events for Government for 2024 that you will not want to miss.

1. AI for Government Summit

May 2, 2024, Reston, VA | In-Person Event

The AI for Government Summit is a half-day event designed to bring together Government officials, AI experts and industry leaders to explore the transformative potential of AI in the public sector. As Governments worldwide increasingly adopt AI technologies to enhance efficiency, improve services and address complex challenges, this summit will serve as a platform for collaboration, discussion and sharing knowledge on the latest advancements and best practices in AI deployment within Government organizations.

Sessions to look out for: Cybersecurity & AI – Safeguarding the Government and Generative AI Government Use Case Panel

Carahsoft is proud to host this inaugural event alongside FedInsider. Join us and over 100 of our AI & machine learning technology and solution providers as they speak towards AI adoption in our Public Sector and how they are using AI to solve our government’s most critical challenges. Attendees will also hear from top government decision-makers as they share unique insights into their current AI projects.

2. NVIDIA GTC

March 18 – 21, 2024, San Jose, CA | Hybrid Event

Come connect with a dream team of industry luminaries, developers, researchers, and business strategists helping shape what’s next in AI and accelerated computing. From the highly anticipated keynote by NVIDIA CEO Jensen Huang to over 600 inspiring sessions, 200+ exhibits, and tons of unique networking events, GTC delivers something for every technical level and interest area. Whether you join us in person or virtually, you are in for an incredible experience at the conference for the era of AI.

Sessions to look out for: What’s Next in Generative AI and Robotics in the Age of Generative AI

Carahsoft serves as NVIDIA’s Master Aggregator working with resellers, systems integrators, and consultants. Our team provides NVIDIA products, services, and training through hundreds of contract vehicles.

Carahsoft is proud to be the host of the GTC Public Sector Reception on Tuesday, March 19^th.

Please visit Carahsoft and our partners at the following booths:

Government IT Solutions: Carahsoft (#1726), Government Acquisitions (#1820), World Wide Technology (#929)
AI/ML & Data Analytics: Anaconda (#1701), Dataiku (#1704), Datadog (#1033), DataRobot (#1603), Deepgram (#1719), Domino Data Labs (#1612), Gretel.AI (G130), H2O.AI (G124), HEAVY.AI (#1803), Kinetica (I132), Lilt (I123), Primer.AI (I126), Red Hat (#1605), Run:AI (#1408), Snowflake (#930), Weights & Biases (#1505 & G115)
AI Infrastructure: Dell (#1216), DDN (#1521), Edge Impulse (#434), Lambda Data Lab (#616), Lenovo (#1740), Liqid (#1525), Pure Storage (#1529), Rescale (#1804), Rendered.AI (#330), Supermicro (#1016), Weka (#1517)
Industry Leaders: AWS (#708), Google Cloud (#808), HPE (#408), Hitachi Vantara (#308), IBM (#1324), Microsoft (#1108), VAST Data (#1424), VMware (#1604)

3. 5th Annual Artificial Intelligence Summit

March 21, 2024, Falls Church, VA | In-Person Event

Join the Potomac Officers Club’s 5th Annual AI Summit, where federal leaders and industry experts converge to explore the transformative power of artificial intelligence. Discover innovative AI advancements, engage in dynamic discussions, and forge strategic collaborations with key partners at this annual gathering of the movers and shakers in the AI field. Hosted by Executive Mosaic, this summit will be held in Falls Church, Virginia.

Sessions to look out for: Leveraging Collaboration to Accelerate AI Adoption in the DoD and Operationalizing AI in Government: Getting Things Done with Automation

Carahsoft is the master aggregator for Percipient AI, a Silver Sponsor, and Primer AI, the Platinum Sponsor. Mark Brunner, President of Federal at Primer AI, will also be speaking at the event.

4. INSA Spring Symposium: How AI is Transforming the IC

April, 4, 2024, Arlington, VA | In-Person Event

Join 300+ intelligence and national security professionals at INSA’s Spring Symposium, How Artificial Intelligence is Transforming the IC, on Thursday, April 4, from 8:00 am-4:30 pm at the INSA/NRECA Conference Center in Arlington, VA. Key leaders from government, academia, and industry will discuss cutting-edge AI innovations transforming intelligence analysis, top priorities and concerns from government stakeholders, developments in ethics and oversight, challenges and opportunities facing the public and private sector and more!

Session to look out for: AI Ready? Challenges from a Data-Centric Viewpoint

Meet with Carahsoft partners AWS, Google Cloud, Intel, and Primer.

5. Google Next ‘24

April 9 – 11, Las Vegas, NV | In-Person Event

Explore new horizons in AI at Google Cloud Next ’24 in Las Vegas, April 9–11 at Mandalay Bay Convention Center. Dive into AI use cases, learn how to stay ahead of cyberthreats with frontline intelligence and AI powered security and boost data and thrive in a new era of AI. Plus, see our latest in AI, productivity and collaboration, and security from Google Public Sector.

Carahsoft will be a sponsor of Google Next ‘24 with a significant public sector presence and plans to host a reception as well.

6. SC24

November 17 – 22, 2024, Atlanta, GA | Hybrid Event

Supercomputing (SC) is the longest running and largest high performance computing conference. SC is an unparalleled mix of thousands of scientists, engineers, researchers, educators, programmers, and developers. Hosted by The Association for Computing Machinery & IEEE Computer Society, SC24 is hosted in Atlanta, Georgia.

Carahsoft is proud to attend SC24 for a fourth year as the master aggregator serving the public sector. Carahsoft will be hosting an extensive partner pavilion showcasing daily demos of our technology and solution partners, demonstrating use-cases in AI and HPC intended for higher-ed organizations, research institutions, government agencies, and more.

Join us at our public sector reception for a night of networking with leading decision-makers and solution experts on November 20.

7. Elastic Public Sector Summit ‘24

March 13, 2024, Pentagon City, VA | In-Person Event

Join top Federal program executives and IT leaders to learn firsthand how advances in data management, search and analytics capabilities are helping agencies turn data into mission value faster and more productively for citizens and Government employees. Learn how agencies are leveraging these capabilities for cybersecurity, operational resilience, and preparing for the new era of generative AI. FedScoop, Elastic and Carahsoft will co-host this summit in Pentagon City, Virginia.

As a top-level sponsor of Elastic’s Public Sector Summit, Carahsoft will host a pavilion on the exhibit floor that features Elastic’s foremost technology partners for the hundreds of projected government attendees.

8. CDAO Government

September 17 – 19, 2024, Washington DC | In-Person Event

This event brings together the latest technological advancements and practical examples to apply key data-driven strategies to solve challenges in Government and greater society. Join a unique mix of academia, industry and Government thought leaders at the forefront of research and explore real-world case studies to discover the value of data and analytics. Located in Washington, D.C., CDAO Government will be hosted by Corinium Intelligence.

Carahsoft was proud to be a Premier Sponsor at the 2023 CDAO Government, involving numerous of our vendor partners, Cloudera, and HP, Alation, Informatica, Progress|MarkLogic, Snowflake, and Tyler Technologies, Alteryx, Coursera, DataRobot, Databricks, Elastic, Immuta, Primer AI, and Qlik.

Carahsoft looks forward to participating as a leading sponsor again at the 2024 CDAO Government.

9. OODACON

November 5 – 6, Reston, VA | In-Person Event

The world is at a transition point where technology is enabling rapid changes that can drive both positive and negative outcomes for humanity. It is also empowering many bad actors and poses new threats. The essence of OODAcon lies in its capacity to forge a robust community of leaders, experts, and practitioners that serve as a collective force that can propel us towards a brighter future.

Join us at the Carahsoft Conference and Collaboration Center to discuss how disruptive technology can solve the most pressing issues of today.

10. AWS Public Sector Summit

June 26-27, 2024, Washington DC | In-Person Event

Join Carahsoft and our partners for two days on innovation, collaboration and global representation. Designed to unite the global cloud computing community, AWS Summits are designed to educate customers about AWS products and services, providing them with the skills they’ll need in order to build, deploy, and operate their infrastructure and applications.

As a top-level sponsor of AWS’ Public Sector Summit, Carahsoft will host a pavilion on the exhibit floor that features AWS’ foremost technology partners for the thousands of projected government attendees.

Learn More About Previously Held Events

11. CDAO Advantage DoD24 Defense Data & AI Symposium

Carahsoft was at CDAO’s inaugural Advantage DoD 2024: Defense Data & AI Symposium from February 20th to 22nd at the Washington Hilton in Washington, DC. The symposium provided a platform for over 1000 government officials, industry leaders, academia, and partners to converge and explore the latest advancements in data, analytics, and artificial intelligence in support of the U.S. Department of Defense mission. Carahsoft had a small tabletop partner pavilion, featuring our vendor partners Alteryx, DataRobot, Collibra, Elastic, Databricks, PTFS, EDB, Weights & Biases, and Clarifai.

Throughout the symposium, attendees from diverse backgrounds, including technical programmers, policymakers, and human resources professionals, gained valuable insights into emerging technologies and best practices for integrating data-driven strategies into organizational frameworks. Attendees also enjoyed two networking receptions hosted by Booz Allen Hamilton and C3.ai.

The agenda featured compelling speaking sessions including topics such as:

Task Force Lima – The Way Forward (Goals and Progress)
LLMs and Cybersecurity: Practical Examples and a Look Ahead
DoD GenAI Use Cases and Acceptability Criterias

12. Using Generative AI & Machine Learning in the Enterprise

This intimate one-day 500-person conference curated data science sessions to bring industry leaders and specialists face-to-face to educate one another on innovative solutions in generative AI, machine learning, predictive analytics, and best practices. Attendees saw a mix of use-cases, technical talks, and workshops, and walked away with actionable insights from those working on the frontlines of machine learning in the enterprise. Hosted by Data Science Salon, the event was held in Austin, Texas.

Carahsoft partners NVIDIA and John Snow Labs were in attendance; two leading AI and Machine Learning solution providers. Carahsoft serves as the master aggregator for both NVIDIA and John Snow Labs to provide government agencies with solutions that fulfill mission needs from trustworthy technology and industry partners.

While the landscape of government events has always been in flux, the pace of change in 2024 feels downright dizzying. From navigating hybrid gatherings to crafting data-driven experiences, the pressure is on to connect, inform, and engage. This is where the power of AI steps in, not as a silver bullet, but as a toolbox brimming with innovative solutions. Carahsoft’s curated list of Top 12 AI for Government Events is just the starting point. So, do not let the future intimidate you; embrace it. Dive into the possibilities, explore these AI tools, and get ready to redefine what a government event can be. Your citizens—and your data—will thank you.

To learn more or get involved in any of the above events please contact us at AITeam@carahsoft.com. For more information on Carahsoft and our industry leading AI technology partners’ events, visit our AI solutions portfolio and events page.

5G: Powering the Government’s Digital Transformation

Posted on by Mark DeMerse

5G technology has the capacity to speed data transfers and connect billions of devices at a time when mission success hinges on fast, secure access to data and people. 5G’s potential to enhance all government activities makes it an indispensable component of efforts to modernize IT systems and service delivery. Because of its low latency and capacity to carry vast amounts of data quickly and efficiently, 5G enables real-time access to information. As a result, it is facilitating the growth of smart cities, the use of artificial intelligence to improve government operations and the adoption of edge computing. The implications are profound for activities as varied as battlefield communications, military logistics and preparedness, and emergency response in situations where critical infrastructure is unavailable. Learn how government agencies can leverage all the resources in play to achieve the goal of open, interoperable and secure 5G networks Carahsoft’s Innovation in Government® report.

The Unifying Nature of 5G Technology

“5G technology is the first telecommunications standard that is cloud-native, making it critical for the government’s digital transformation. We now have a transport medium that aligns with and supports the flexibility, scalability and efficiency of cloud operating models and containerized functions and services. In addition, all aspects of a digital transformation strategy — including edge computing, artificial intelligence, cloud migration and application rationalization — center on data. With everything level-set architecturally to be cloud-native and containerized, 5G networks enable a common approach to managing data, and they also bring in a new capability for data sovereignty.”

Read more insights from Chris D. Thomas, technical strategist at Dell Technologies.

Why 5G Is Indispensable for Frontline Agencies

“Private 5G networks have distinct benefits for government, which is why DOD has stated that it is a strategic direction for the department. At Federated Wireless, we custom-build networks for high performance, scale and unlimited capacity using best-of-breed technology from a large ecosystem of suppliers. Private wireless networks provide strong security and control over where the data resides. Unlike a traditional cellular carrier that sends data through an off-site central core, private 5G networks are secure enclaves that are governed by zero trust architectures.”

Read more insights from Paul Battaglia, vice president of public sector at Federated Wireless.

The Key to Creating More Flexible 5G Networks

“JMA Wireless embarked on a project a couple of years ago to help bring 5G to the Marine Corps Logistics Base in Albany, GA. We were part of a team that deployed a 5G network and added applications to enable officials to modernize warehousing and logistics at the base. As a result of those improvements, the base has reduced labor costs by 61%. Additionally, it used to take three to five days for items to move from the dock to the shelf. That timeline has been slashed to about 36 minutes as the combination of the 5G network and updated application environment drives major efficiencies in logistics operations.”

Read more insights from Rishi Bhaskar, senior vice president and general manager at JMA Wireless.

Sharing Critical Information in Real Time

“The deployment of 5G for government agencies requires a security approach that is independent from the underlying transport network. For our public safety and defense customers, we offer a security architecture based on Blackned’s TacticalCORE, which provides an over-the-top multidomain security layer, enabling authentication in contested environments and separate classified information spaces across the same infrastructure. All transport is considered untrusted with the ability to implement agency-specific encryption on the 5G network. This state-of-the-art security approach has already been accredited by the German BSI as NATO-restricted and enhanced security classifications are planned.”

Read more insights from Richie Obermayer, VP of technical sales at GuardSTACK Technologies.

How Agencies Can Reap the Benefits of 5G

“5G’s reliability and availability make it possible to build dedicated wireless networks that can be sliced so mission-critical applications run in separate areas while the government maintains full control over that network. Last but certainly not least, 5G networks have carrier-grade, built-in security standards, including SIM cards that are provisioned and activated for a specific network. Users cannot connect to the network without inserting a highly secure SIM into their devices.”

Read more insights from Derrick Frost, senior vice president of operations and general manager of private wireless at Kajeet.

Private Networks and the Evolving 5G Ecosystem

“Private networks are well-suited to agency use cases for a number of reasons. First and foremost is security, which is the bedrock of every cellular network. Beyond the built-in security private 5G networks bring, they also have the capacity to add extra layers of security. The other components of a robust network include radio frequency technology and the latest 5G devices and radios. Once that foundation is in place, agencies can explore the wide range of use cases that a private 5G network can address. Deployments include standalone networks for first responders, border patrol agents and tactical response units, as well as secure, reliable networks for telemedicine providers.”

Read more insights from Derek Gallagher, CTO at Druid Software.

Download the full Innovation in Government® report for more insights from 5G thought leaders and additional industry research from FCW.

Drones Revolutionize First Response: Search & Rescue and Accident Investigations

Posted on by Lacey Wean

In the fast-evolving landscape of public safety, a silent revolution has emerged with the concept of drones as first responders (DFR), search and rescue (SAR) life-savers and accident investigation accelerators. Incidents can happen anytime, anywhere. Whether it is a 911 call to the police, a missing person case or a traffic collision, time is of the essence. DFRs improve traditional response and investigation methods to save resources and time as well as reduce risk for first responders. With the emergence of drones as a public safety tool for initial response, DFR, SAR and accident investigations, a new era of efficiency and effectiveness has dawned.

Utilizing Drones as First Responders

In the past, arriving at the scene after any 911 call required precious minutes to mobilize personnel and equipment. The DFR model has changed this by significantly cutting response times. Equipped with high-resolution cameras, thermal imaging or other advanced sensors, drones can swiftly survey any scene from the skies and provide crucial data to first responders.

In December 2015, the Chula Vista Police Department (CVPD) established the Unmanned Aircraft Systems (UAS) Committee with the primary aim of evaluating the integration of UAS into its public safety operations.^[1] The subsequent drone program represents a groundbreaking milestone, as the nation’s first instance of employing drones as first responders. Since then, the initiative has reached a total of 16,736 calls responded to, 2,273 assisted arrests and an average response time of 96.66 seconds from dispatch to on-scene arrival.^[2]

In addition to speed, drones offer a unique aerial perspective and allow public safety professionals to understand the extent of the incident, identify potential hazards and allocate resources more effectively. This improved situational awareness helps first responders make informed decisions, while enhancing the safety of both citizens and personnel.

Enabling Search and Rescue Missions

SAR operations often involve difficult terrains and adverse weather conditions. These challenges have seen a remarkable transformation with the integration of drones. Drones can cover vast areas quickly and efficiently, greatly improving the chances of locating missing persons or survivors.

For example, the Weber County Search and Rescue (WCSAR) has taken a significant stride towards augmenting safety and efficiency through the establishment of a Small Unmanned Aircraft Systems (sUAS) program which provides invaluable aerial support to ground personnel. Prior to the sUAS program, the average search time for a person in distress was 4 hours and 35 minutes. Since the program’s inception, this time has been drastically reduced to 58 minutes.^[3] These statistics underscore the impact of UAS technology on SAR operations, greatly enhancing response times and ultimately increasing the chances of successful outcomes.

Offering More Efficient and Effective Investigations

Accident investigations play a crucial role in determining the causes and contributing factors behind incidents, especially for traffic-related mishaps. Drones equipped with 3D mapping technology have revolutionized manual measurements and reconstructions by creating accurate digital reconstructions of accident scenes in record time. With a drone, a process that sometimes can take 6-8 hours by investigators can be accomplished in 3-4.^[4]

What sets this modern approach apart is its data-driven essence. Drones, armed with their high-resolution cameras and advanced sensors, facilitate the collection of intricate data from accident scenes. This wealth of information serves as the bedrock for constructing precise digital reconstructions, offering investigators unprecedented insights into the unfolding of events. The Tippecanoe County Sheriff’s Office in Indiana reported a 60% reduction in overall scene time thanks to UAS deployment, allowing them to efficiently measure an 800-foot scene in just 22 minutes.^[5]

Similarly, the Oro Valley Police Department in Arizona and the Houston Fire Department in Texas witnessed significant improvements in incident response times, with the former achieving a 32% reduction in roadway and incident clearance times, and the latter experiencing a 40% reduction in scene time, ultimately enhancing safety and efficiency in their operations.^[6]

Looking Ahead

The journey of drones from being mere recreational gadgets to becoming indispensable tools for the public safety community has been truly remarkable. With advancements in technology, it can be expected that drones will become even more sophisticated and versatile in the future. The potential for integrating Artificial Intelligence (AI) to enhance drone capabilities, such as real-time object recognition or predictive analytics, holds exciting possibilities for improving emergency response, SAR and accident investigations.

In the near future, industry can anticipate drones with enhanced autonomy to work in coordinated swarms, learn from past missions and employ advanced object recognition. Fully autonomous drones will include on-demand deployment, emergency alert response, target tracking, obstacle avoidance, indoor flight, AI capabilities, GPS connectivity, voice commands, patrol vehicle integration, advanced threat detection and real-time situational awareness through live feeds.^[7]

The concept of DFR and drones utilized in SAR and accident investigations is no longer a distant dream but a reality reshaping the landscape of public safety. These flying machines have proven to be first responders’ best allies, aiding them in saving lives, conducting efficient accident investigations and navigating challenging rescue missions. As regulations evolve and technology continues to advance, drones will play an even more pivotal role in protecting and defending the public.

To learn more about how Carahsoft can support your drones technology initiatives, visit our Autonomy and Robotics technology solutions portfolio.

References:

[1] “Chula Vista Police Department Drone Program,” Chula Vista Police Department, https://www.chulavistaca.gov/departments/police-department/programs/uas-drone-program

[2] “Dawn of Drones Podcast,” Dawn Zoldi, https://www.auvsi.org/dawn-drones-episode-81-miriam-foxx-captain-chula-vista-police-department

[3] Credit: Captain Kyle Nordfors, Mountain Rescue Association (MRA) UAS Chairman Weber County Sheriff’s Office (Utah) Captain – Alaska Airlines B737

[4] “Drones For Good: Saving Time And Lives With Faster Crash Scene Reconstruction,” DJI, https://www.dji.com/newsroom/news/drones-for-good-planting-crash-scene-reconstruction-photogrammetry-purdue

[5] “UNMANNED AIRCRAFT SYSTEMS FOR TRAFFIC INCIDENT MANAGEMENT,” U.S. Department of Transportation Federal Highway Administration, https://ops.fhwa.dot.gov/tim/docs/EDC-6_Factsheet_TIM_UnmannedAircraft_v2_508.pdf

[6] “Next-Generation TIM: Integrating Technology, Data, and Training,” U.S. Department of Transportation Federal Highway Administration, https://www.fhwa.dot.gov/innovation/everydaycounts/edc_6/nextgen_tim.cfm

[7] “Can AI drones help protect officers in these dangerous times?,” Police 1, https://www.police1.com/officer-survival-guide/articles/can-ai-drones-help-protect-officers-in-these-dangerous-times-Ii9BujqaIeEB0hkZ/

Building a Foundation for an AI Future

Posted on by Mike Adams

It might seem like agencies are hesitant to adopt artificial intelligence. But really, it is quite the opposite. As Lori Wade, the Intelligence Community’s chief data officer, put it: “It is no longer just about the volume of data, it is about who can collect, access, exploit and gain actionable insight the fastest.” The realization is clear: Humans alone cannot keep pace. They need AI so they can make decisions based on the most relevant and most current information — and make those decisions in a timely manner. It is really as simple as that. Download the guide, “Building the Foundation for Your AI Future,” to pick up pointers on data management and AI, plus take a glimpse at the latest technology developments, tips for best practices and an explanation of the early value that AI is delivering to agencies across government.

How to Revolutionize Government Translation with Generative AI

“In situations where accurate and timely translations are crucial, the shortage of qualified and vetted linguists poses significant challenges. Equally, non-linguist analysts are not equipped with secure, at-desk tools to translate foreign language material at the speed of relevance. For example, during the ongoing war in Ukraine, there has been a scarcity of linguists available to provide real-time updates on the ground. This shortage not only has affected the ability to gather vital intelligence but also hindered the timely dissemination of information to national security and defense agencies in the U.S. and abroad.”

Read more insights from Jesse Rosenbaum, Vice President of Business Development and National Security at Lilt.

How Graph Databases Drive a Paradigm Shift in Data Platform Technology

“Federal agencies are awash in data. With recent modernization efforts, including the wide-scale adoption of cloud platforms and applications, it is easier than ever for agencies to receive streaming data on everything from logistics to finances to cybersecurity. But that volume of data requires new solutions to process and analyze it. Older methods like SQL and NoSQL simply are not up to the task of analyzing all of the connections between the government’s many massive databases. That is where the new graph paradigm of data platform technology comes in.”

Read more insights from Michael Moore, Principal for Partner Solutions and Technology at Neo4j.

How Agencies Can Upskill in AI to Achieve a Data Mesh Model

“Data mesh behavior actually goes a step further. AI has become so easy to use, business owners can actually join in the development alongside the data scientists. Therein lies the challenge: Upskilling subject matter experts across an entire organization is a big lift. The way it works best is to start with a center of excellence, a small group of people who begin working with business owners across the enterprise, office by office. They can then prove the value and evangelize it, and then the agency can move to a hub-and-spoke model, where the data scientists are co-developing alongside business owners. As successes pile up, the data scientists can take a step back and allow frontline workers to do the development, governing the new data products on their own.”

Read more insights from Doug Bryan, Field Chief Data Officer at Dataiku.

How Agencies Can Build a Data Foundation for Generative AI

“Generative artificial intelligence tools are making waves in the technology world, most famously ChatGPT. Although the code of these tools is significant, their real power stems from the data they are trained on. Gathering and correctly formatting the data, then transforming it to yield accurate predictions, often represents the most challenging aspect of developing these tools. Federal agencies that want to start leveraging generative AI already have massive amounts of data on which to train the technology. But to successfully implement these tools, they need to ensure the quality of their data before trusting any decisions they might make.”

Read more insights from Nasheb Ismaily, Principal Solutions Engineer at Cloudera.

How to Democratize Data as a Catalyst for Effective Decision-Making

“One of the key best practices in the Office of Management and Budget’s Federal Data Strategy calls for using data to guide decision-making. But that is easier said than done when the ability to analyze the data, much less access it, is limited to an agency’s often overworked and understaffed data science specialists. But now that every line of federal business has their own data silo and a mandate to use that data to guide decisions, agencies need a way to democratize access to that data and empower every federal employee to become an analyst.”

Read more insights from Kevin Woo, Director of Federal Sales at Alteryx.

Download the full Expert Edition for more insights from these artificial intelligence leaders, additional government interviews, historical perspectives and industry research.

Innovation in Government: How to Change Things Up (and Make it Stick)

Posted on by Mike Adams

In government, we could say that innovation is invention that solves a problem or meets a need — in the community or within an organization undertaking the work. Big changes make government agencies more effective, prepared and useful, and they touch all aspects of agency operations — from IT to employee morale to digital services and more. In recent years, federal agencies such as the Census Bureau, General Services Administration, Department of Homeland Security, Department of Housing and Urban Development, and Office of Personnel Management have launched innovations labs, innovation libraries, and other innovation-focused resources and programs. Cities and states have as well, such as through Philadelphia’s Technology and Innovation group within the city’s Office of Innovation and Technology (OIT). Being innovative is not easy, of course: It requires a little bravery and lots of planning. But local and federal agencies are creating the space and resources to launch innovations that will, in the future, become standard operations. In this guide, we share case studies and best practices regarding some of government’s most pressing issues — workforce, customer experience and data use, to name a few — and we hear from government experts who know a thing or two about helping innovative initiatives succeed.

Analytics Innovations Draw a Complete Data Picture

“Spreadsheets are structured things: They have clearly defined lines, cleanly labelled columns, and rules that govern what goes where. Government analytic programs have become skilled at working within those parameters, even if it means spending hours manually manipulating data to fit. Spreadsheets are 30-year-old desktop technology. But other data exists, doesn’t it? The world is full of PDF documents, audio and video files, social media posts and other ‘messy’ data sources — the unstructured data that most agencies overlook. And most agency analytics programs are fragmented and overly manual. Recent innovations seek to change this.”

Read more insights from Alteryx’s Solutions Marketing Director for the Public Sector, Andy MacIsaac.

Driving Innovation to the Edge

“Across government, innovation is happening at the edge. By leveraging cloud, artificial intelligence (AI), machine learning (ML) and related technologies, agencies can deliver services more quickly and effectively at the far reaches of operations, whether that’s in the battlefield or on the International Space Station (ISS). At the Red Hat Government Symposium held in late 2022, government and industry leaders discussed how agencies were leveraging these technologies to accelerate mission delivery. Their discussions and examples help illuminate how agencies are adapting to make the most of modern technological opportunities.”

Read more insights from Red Hat’s Government Symposium.

Build an Innovative Ecosystem Through Cloud Architecture

“In data transformation and innovation, it helps to view things through a different lens. Within the data ecosystem are three core pillars for transformation: people, processes and technology. Simple, singular data platforms should work with an architecture that breaks down information silos rather than creates them. That facility comes through in qualities such as data mesh or a decentralized data architecture that’s organized by business domain and operates through self-service. The architectural design also must help strengthen system security. That’s enormously important for federal data.”

Read more insights from Snowflake’s Chief Technology Officer for the Global Public Sector, Winston Chang.

Overcoming Challenges With Observability

“As agencies take steps to innovate — such as expanding reliance on the cloud and adding new apps, integrations, and automations — their IT ecosystems become more complex. There are more places where things can go wrong and more pressure to fix them quickly. The task of monitoring these complex systems gets more complicated, too. ‘The question is, how do I know there’s an issue?’ said Brian Mikkelsen of Datadog. ‘Is it when the tickets start flowing, when complaints increase, when your leadership team asks why something isn’t working?’ None of those options are ideal. Datadog’s application performance management platform provides a real-time window into the digital environment, identifying performance and security issues quickly. Its ‘full stack’ hybrid infrastructure capability means everything from the back end to the front end is monitored and reported via infrastructure metrics, application performance traces, and correlated logs.”

Read more insights from Datadog’s Vice President and General Manager, Brian Mikkelsen.

Download the full GovLoop Guide for more insights from these digital transformation leaders and additional government interviews, historical perspectives and industry research.

DevSecOps: Achieving Efficiency and Scale with Automation and Software Factories

Posted on by Rich Savage

In today’s rapidly evolving digital landscape, Government agencies face many challenges in delivering modern, secure software applications to the end-user. DevSecOps is a methodology that combines development, security and operations to create a more streamlined and secure software development process. This concept has emerged as a transformative approach that integrates security practices, automation and software factories into the software development lifecycles from its inception. At the Carahsoft DevSecOps Conference, industry experts and innovators shared their knowledge of emerging tools, effective strategies and methodologies in software engineering through several educational sessions.

Unlocking Efficiency: The Power of Automation and AI/ML

Automation helps developers improve the efficiency and quality of code, reduce risk and combat security vulnerabilities. As a key component of DevSecOps, automation allows developers to simplify many of the tasks involved in software development, such as testing, deployment and monitoring. Once automated, developers can focus on writing high-quality code and addressing security vulnerabilities, rather than spending time on redundant manual tasks.

The use of AI has transformed the way developers work, compared to 20 years ago when code was primarily written from scratch. Today, external libraries — software code written by a third-party source — are used frequently which introduces a new set of risks and benefits. The benefits include making software development faster and more efficient as developers use pre-existing code to build their applications. However, if a third-party library has a security vulnerability, it can be exploited by malicious actors to gain access to sensitive data. If not maintained properly, the third-party library can become outdated and incompatible with other software components.

Software Factories

Software development has become an essential part of today’s business operations, and Government agencies are constantly seeking ways to improve their processes. Recently, the concept of the software factory—a structured approach to software development that emphasizes standardization, automation and collaboration—has gained popularity. It establishes a set of tools, processes and best practices that enable teams to develop software more efficiently and effectively. The goal of a software factory is to create a repeatable and scalable process for software development that can be applied across different projects and teams. By implementing this strategy, agencies can improve the quality, speed and consistency of their software development efforts.

One of those best practices, Continuous Integration and Continuous Deployment, are combined in a single process known as CI/CD. CI is the practice of frequently merging code changes from multiple developers into a shared repository, where automated tests are run to address integration issues early in the development cycle. This ensures the code is always in a releasable state and reduces the risk of conflicts and errors when changes are merged. CD, on the other hand, is the practice of automatically deploying code changes to production as soon as they pass the necessary tests and checks. Thus, enabling teams to release software changes quickly and frequently. By utilizing CI/CD, teams can achieve a continuous flow of code changes from development to production, which is imperative for modern software development.

Elevating DevSecOps: A Blueprint for Integrating Early Software Security Measures

Securing software in a containerized environment presents unique challenges due to the dynamic nature of containers and the distributed nature of container orchestration platforms like Kubernetes. Government agencies must ensure that containers are properly configured and secured, as misconfigurations can lead to vulnerabilities that can be exploited by attackers. Another difficulty is detecting and responding to security incidents in a timely manner, as containers can be spun up and down quickly and may be spread across multiple nodes in a cluster. Securing software early can help agencies reduce risk, lower costs, deliver software faster and improve collaboration between development and security teams.

Another crucial component of DevSecOps—continuous delivery—enables teams to deliver software changes quickly, safely and sustainably. This means that teams can release software changes frequently and with confidence, knowing that the changes have been thoroughly tested and are ready for production. Through a combination of automation, collaboration and feedback loops, continuous delivery helps reduce the time and effort required to release software changes.

Agencies can adopt a DevSecOps approach that integrates security into the software development lifecycle from the beginning. This involves using tools and processes to automate security testing and validation, as well as incorporating security requirements into the development process. For instance, agencies can use tools like vulnerability scanners and security-focused container images to detect and remediate vulnerabilities in containers. They can also use automation to validate security requirements and ensure that containers are properly configured and secured.

Securing software early in the development process can lead to several benefits including:

Reduced risk of security incidents: By identifying and addressing security vulnerabilities early in the development process, agencies can minimize the risk of security incidents and data breaches.
Lower costs: Fixing security issues later in the development process is much more expensive than addressing them early on. By integrating security into the development process from the beginning, agencies can reduce the cost of fixing security issues and avoid costly rework.
Faster time to market: Adopting DevSecOps approach can help agencies to deliver software faster by automating security testing and validation. This decreases the time for manual testing and enables faster release cycles.
Improved collaboration: Agencies can strengthen collaboration between development and security teams to ensure requirements are properly understood and incorporated into the development process. This proactive initiative can help foster a culture of security throughout the agency.

The adoption of DevSecOps, along with its fundamental principles, empowers Government agencies to establish a more efficient and secure software development process. This is achieved through the implementation of automation, the adoption of a software factory approach and the early integration of security measures.

To learn more about DevSecOps best practices and trending innovations, visit Carahsoft’s DevSecOps vertical solutions portfolio.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s annual DevSecOps Conference.*

Critical Infrastructure in Cybersecurity: Innovation for the Transportation Sector

Posted on by Alex Whitworth

In 2021, the presidential administration passed the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, aiming to bolster the cybersecurity posture of critical infrastructure in the United States. Various agencies, such as the Transportation Security Administration (TSA), Department of Transportation (DOT) and the Cybersecurity Infrastructure Security Agency (CISA), have been working to continuously improve the security of the transportation sector, which oversees the movement of people and goods across the country.

The Transportation Sector

Within the transportation sector, initiatives have been taken to help fund cybersecurity improvements in an array of subsectors. The transportation sector includes:

Aviation: Approximately 450 commercial airports, 19,000 airfields, air traffic control systems, heliports, landing strips, joint-use military airports, sea plane bases, manned and unmanned recreational aircraft and flight schools^[1]
Highway and motor carriers: Managing roadways, bridges, tunnels and commercial vehicles such as motorcoaches and school buses traffic management systems
The maritime transportation system: Approximately 95,000 miles of coastline, 361 ports and over 10,000 miles of navigable waterways
Mass transit and passenger rail: Terminals, operational systems, transit buses, monorails, trolleys and rideshares
Pipeline systems: Carriers of natural gas, hazardous liquids and various chemicals
Freight rail: Major carriers, smaller, active railroads, freight cars and locomotives
Postal and shipping: Regional and local couriers, mail management firms, charters and delivery services^[2]

Security Directives

Due to persistent threats to the cybersecurity of critical infrastructure, including the transportation sector, the TSA issued multiple security directives for various transportation types, including railways and pipelines. These new directives require agencies to develop approved implementation plans that will help improve cybersecurity resilience, proactively assess the effectiveness of cybersecurity measures and prevent the deterioration of infrastructure.

The directive also requires that entities regulated by the TSA proactively work to implement amendments in the directive, including to:

Develop network segmentation policies so that Operational Technology (OT) can continue working, even when compromised
Prevent unauthorized access to critical infrastructure systems by enabling control access measures
Identify vulnerabilities and implement security patches for operating systems, applications, drivers and firmware to reduce the risk of exploitation
Detect malicious software and unauthorized access on Information Technology (IT) or OT systems and report designated incidents to CISA
Isolate infected systems from uninfected systems to limit the spread of malware, deny further access and to preserve evidence of compromise^[3]

A similar initiative, introduced by the DOT in 2022, aims to improve security awareness amongst employees. All DOT network users are required to complete the DOT’s Security Awareness Training, which is inspired by various federal requirements and the DOT Order on Department Cybersecurity Policy. The training measures employees’ knowledge in cybersecurity, including password and PIN protection and basic security for information systems.^[4]

By striving to improve the security posture of the transportation sector, the TSA, DOT and CISA endeavor to protect the safety of the nation.

Cybersecurity Funding for the Future

The DOT has also introduced measures to improve the national security posture. To leverage funding from bipartisan infrastructure, the U.S. Transportation Secretary Pete Buttigieg announced up to $45 million in grants for various University Transportation Centers (UTC). These grants will be utilized to improve the cybersecurity resilience of agencies affiliated with roads, bridges, rail, shipping and airspace. One of these grants will go to Clemson University to lead a consortium focused on cybersecurity research and development. Another of these grants will go to Prairie View A&M University to improve technology in the transportation system, including data related to artificial intelligence and environmental resilience.^[5]

Ever since the Colonial Pipeline attack of 2021, as well as other attacks on the cybersecurity of critical infrastructure of the United States, various agencies have done their part to improve the nation’s security. Through CISA’s hard work to create cybersecurity guidelines and cross-sector performance goals and the Federal Government’s generous grants, the nation’s critical infrastructure is postured to increase security and resolve potential crises.

This blog is the final installment in our four-part series, which examines cybersecurity initiatives inspired by The White House’s National Security Memorandum. The first three parts covered the basics of critical infrastructure cybersecurity, an overview of the Water and Wastewater Sector, and an overview of the Electric and Utility Sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Resources:

[1] “National Infrastructure Protection Plan,” Transportation Systems Sector, https://www.dhs.gov/xlibrary/assets/nipp_transport.pdf

[2] “Transportation Systems Sector,” Cybersecurity and Infrastructure Security Agency, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector

[3] “Security Directives and Emergency Amendments,” Transportation Security Administration, https://www.tsa.gov/sd-and-ea

[4] “FY 2022 Department of Transportation Security Awareness Training,” Federal Motor Carrier Safety Administration, https://www.fmcsa.dot.gov/safety/fy-2022-department-transportation-security-awareness-training

[5] “U.S. Department of Transportation Funds Innovative Research Providing Vital Training for Next Generation of Transportation Leaders,” U.S. Department of Transportation, https://www.transportation.gov/briefing-room/us-department-transportation-funds-innovative-research-providing-vital-training-next

Building a DevSecOps Culture

Posted on by Rich Savage

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in Carahsoft’s Innovation in Government® report.

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

How Generative AI Improves Software Security

“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

Join us in-person for our must-attend DevSecOps Conference—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Diversity, Equity and Inclusion as a Pillar of CX Service Delivery

Posted on by Tiffany Goddard

Integrating DEIA Into the Larger CX Picture

The Whitehouse Executive Order on Diversity, Equity, Inclusion and Accessibility (DEIA) in the Federal Workforce promotes standards that can be applied to improving Government customer experience (CX). These include strengthening the ability to recruit, hire, develop, promote and retain the nation’s talent, removing barriers to equal opportunity and creating a space where all employees and customers are treated with dignity and respect. The standards offer Federal and State and Local Government agencies the opportunity to move toward equitable service delivery.

Developing a DEIA strategy involves a multitude of moving pieces like analyzing data, enforcing requirements, measuring effectiveness and ensuring progress. All of these areas culminate in sustainable cultural intelligence for organizations. Starting the conversation around DEIA in the context of CX begins with the on-going theme of communication rooted in trust—especially employee and customer trust in the Government. During Carahsoft’s 2023 Customer Experience and Engagement Summit, panelists examined how their organizations are creating more trusting, inclusive and resilient workplace environments which translates to improved services for customers.

A Focus on Human-Centered Design

In the realm of CX, trust is one of the most important aspects of customer, employee and leadership interactions. One panelist found that previously coming from a background in the user experience (UX) transformation space, all human-centered design exclusively existed within UX. In furthering their understanding of the broader CX spectrum, they discovered that UX is only a small part of the CX journey. While UX refers to the way users interact with an organization’s specific products, CX is how users view an organization’s brand and experiences with the business. The critical missing component to elevate CX is communication and transparency to build trust. Much of the progress made through DEIA initiatives aims to rebuild trust with undervalued communities so they feel secure receiving assistance both personally and virtually.

To truly develop more equitable service delivery models, organizations must be able to manage workplace tension by building both internal and external progress. For example, the National Science Foundation (NSF) has worked to provide tools for success in both areas through various touchpoints. Externally, NSF teams launched a redesign of the agency’s website that allowed them to collect information from several demographic communities. In doing so, the NSF was able to redesign language inputs and outputs to better serve their website visitors. Internally, the NSF has implemented a call-listening program that analyzes empathy, psychological safety and compassion to protect not only customers, but employees as well. The NSF has also designed a DEIA maturity model, which helps to measure the efficacy of DEIA capabilities, identify critical barriers and benefits to employee advancement and operationalize a sense of inclusion and belonging across the foundation.

Moderating Workforce Development for the Future

Recruiting, hiring and retaining employees is successful when an organization considers a wide range of talent representation. Also, being data-informed is critical for an agency’s mission. Collecting data via methods like staff surveys to identify members’ interests and strengths as well as understand where that talent can best serve the agency is imperative for progress. Baking this into daily processes by working with human resources counterparts ensures the DNA of the organization is varied. Ultimately, diversity within CX talent can positively set one organization and the way its employees interact with customers apart from another.

Read the previous blog and check back soon to read the rest of Carahsoft’s insights from CX industry thought leaders at the summit.

To learn more about the latest in the CX landscape and how Carahsoft’s industry-leading partners can support your Customer Experience initiatives, please visit our resource hub to access all on demand recordings and information from the 2023 Government Customer Experience and Engagement Summit.