The Sunny Side of Cloud Migration

Support for Server products on Atlassian ended in February of 2024 – that means no bug fixes, updates, or technical support for issues now or in the future.

While this seems like pretty dour news, the upside is that it’s never been easier to migrate your workflows to the cloud. With the cloud, you get enhanced security, flexibility, and scalability – so what is stopping business leaders from making the move?

According to research from Foundry, over the past year, 90% of organizations have faced challenges in their cloud adoption journey. The top obstacle has been budget and cost concerns, affecting 48% of companies.

Despite that – the same report found that 63% of IT decision-makers agree that their organization has accelerated its migration to the cloud over the past 12 months.

Why This is the Year to Consider the Cloud

Atlassian Tempo Cloud Migration Blog Embedded Image 2024

Last year, the number of Tempo customers moving to the cloud surged due to Atlassian’s news. Companies were also motivated by improvements in cloud technology that make the longstanding benefits of moving to the cloud even more appealing:

1. Scalability
Cloud infrastructure is flexible, allowing businesses to scale operations up or down based on growth or seasonality. Project managers and product owners can adjust resources around product launches or deprecations – without needing to invest in infrastructure or sell off old hardware.

For Tempo, because we invested in the cloud and gained the security and compliance that came with it – we began seeing a serious uptick in enterprise-level customers and we could handle that spike in demand thanks to our new systems.

2. Cost Effectiveness
A transition to the cloud can lead to significant savings. Companies only pay for what they use: Farewell outdated hardware, goodbye IT staffing issues – hello predictable IT budgets and realistic capital expenses.

3. Collaboration and Streamlining
For enterprises, cloud-based tools allow teams from anywhere to collaborate in real time. With teams working seamlessly, and procurement simplified, they can run an airtight operation, see real-time data more consistently across departments, and enable better decision making.

4. Business Continuity
Cloud-based businesses can back up data and systems to avoid downtime in any given region. Companies that still rely on on-premise systems have a much harder time keeping the lights on and recovering data if a disaster strikes.

5. Quicker Deployment
Cloud services and applications are perfect for quick deployment. You can deliver new products and services, roll out bug fixes, and respond to the market immediately with cloud-based deployment.

6. Automatic Updates
Cloud providers handle software updates to ensure your team has the latest features and security updates. They also take care of server upkeep so systems keep running smoothly.

How Tempo Did It

In 2016, we made the decision to begin transitioning our own tools and our company to the cloud – but moving to cloud isn’t a sprint. It’s a marathon that requires careful preparation, management, and shouldn’t be done recklessly.

We wanted:
● Faster builds compared to pre-cloud (under 15 minutes)
● Faster cycle time (24 hours or or less)
● Better logging, monitoring, and alerting
● A mono repository for our cloud modules
● Using feature flags to have more control over when and how a change is made available to customers

We broke the process down into three parts. Phase one was prepping the pipeline and merging our product repositories and the sub-module repositories into a single mono repository. That meant forking that into two codebases (Cloud and On Premise), and improving those builds. We didn’t set an expectation of feature parity between on-premise and cloud. Instead we focused on solution parity.

Phase two was making development and production logs available to devs, checking nothing was broken, and getting an on-call team to respond to any issues when to do (inevitably) arise).

The final phase was continuous delivery. This is effectively the step that never ends as we always make incremental changes, test our builds, and deploy more often. Because of the benefits of the cloud, that meant going from monthly to weekly to daily releases.

A More Secure Future

When it comes to cloud transformation – it is more than just trying to improve your builds.
In the realm of enterprise software, trust and security are non-negotiable and an effective migration means making major steps to ensure the integrity and confidentiality of your customers’ data.

That means for companies wanting to move to the cloud, you need to consider things like setting up a robust trust center, adhering to GDPR, SOC 2, and ISO 27001 standards, and investing continuously in your security infrastructure to stay ahead of the curve.

We helped almost 1,000 companies with their own cloud migrations because we believed the payoff of cloud was so great – and it only improves as more companies make the move.

Thanks to the investments we made in the cloud, Tempo was awarded Atlassian’s 2023 Partner of the Year for Enterprise Apps. We simply wouldn’t be the same company without becoming cloud-first.

Join our January 21, 2025 webinar, “New Year, New Beginnings: Why 2025 is the Year to Move to Atlassian Cloud.” For more about Tempo, visit www.tempo.io or book a demo.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Unveiling the Power of Atlassian Government Cloud

In today’s rapidly evolving digital landscape, government agencies face unique challenges in maintaining security, efficiency, and collaboration while adhering to stringent regulations. Atlassian Government Cloud is designed to meet these distinct requirements, as it is currently “in process” to become FedRAMP Moderate authorized on the FedRAMP Marketplace. This secure and compliant platform ensures government agencies can operate confidently while benefiting from a feature-rich environment tailored specifically for the public sector. With Atlassian Government Cloud, agencies can streamline operations and achieve new levels of success.

A Platform Built for Government Needs

Introducing-the-Atlassian-Government-Cloud-Blog-Lightening-Bolt-Image-2024

Atlassian Government Cloud offers a comprehensive suite of tools tailored to government agencies’ unique needs. The platform will initially include Jira, Confluence, and Jira Service Management (JSM). These tools empower government teams to efficiently manage projects, track tasks, handle service requests, and collaborate on documentation within a secure cloud environment. This capability is crucial for agencies that require robust project management and seamless collaboration to achieve their objectives.

Empowering Collaboration and Innovation

Atlassian Government Cloud is not just about compliance; it’s about unlocking new levels of collaboration and innovation for government agencies. By moving to the cloud, agencies can leverage advanced capabilities, including automation and analytics, to improve productivity and make data-driven decisions. In fact, over 80% of surveyed customers who migrated to Atlassian Cloud have realized benefits from cloud-only features within just six months. This demonstrates the platform’s potential to transform government operations by enhancing efficiency and fostering a culture of continuous improvement.

Looking Ahead

Atlassian Government Cloud represents a transformative solution for government agencies seeking to modernize their operations in a secure and compliant environment. With the U.S. General Services Administration (GSA) as its sponsor, Atlassian is on the path to obtaining FedRAMP Moderate Authority to Operate (ATO), positioning itself to help government teams fully leverage the power of the cloud. And Atlassian is doubling down on our commitment to public sector customers as we’re also working to achieve FedRAMP High and U.S. Department of Defense (DoD) Impact Level 5 (IL5) compliance. These efforts further demonstrate Atlassian’s commitment to cloud security and meeting the stringent requirements of federal agencies.

In the meantime, as we approach FedRAMP Moderate ATO, we invite you to sign up for updates to learn about our upcoming FedRAMP solutions and how Atlassian is working to enhance our offerings to meet your evolving needs and safeguard mission-critical data.

Speak to an Atlassian representative today and gain access to Atlassian Government resources and information.

Socure, Okta, and Carahsoft: Pioneering a New Era in Government Identity Verification

Digital-first experiences are a top priority across every level of government to improve service delivery, simplify user experiences, and rebuild trust with the American public. At the same time, agencies must defend against ever-present threats of identity theft, fraudulent accounts, and account takeovers. That’s why advanced digital Identity verification and strong authentication are essential for modern government services.

At Socure, we are excited to announce a transformative partnership with Okta and Carahsoft Technology Corp., which marks a significant advancement in our mission to enhance digital identity verification across the public sector. This collaboration aims to deliver a FedRAMP & StateRAMP compliant identity solution, ushering in a new era of security and efficiency for federal, state, and local government agencies.

Socure Okta Partnership Identity Management Blog Embedded Image 2024

The integration of Socure’s cutting-edge artificial intelligence and machine learning-enabled ID+ platform with Okta’s adaptive multi-factor authentication, best-in-class compliance and security features, and modern, frictionless cloud infrastructure creates a powerhouse capable of addressing some of the most pressing challenges faced by government agencies today—especially in its efforts to combat sophisticated identity fraud. Our joint solutions now offer government agencies at all levels scalable, simple, and secure identity solutions built for the modern era. Achieving accurate and inclusive digital identity verification is critical to accelerating government service delivery for vital programs.

Digital transformation in government services is not just about upgrading technology—it’s about ensuring that these technologies offer secure, seamless, and inclusive access to the public. This is where our partnership becomes crucial. Socure’s ID+ platform, recognized for its high accuracy and inclusivity in identity verification, complements Okta’s expertise in secure access and adaptive multi-factor authentication. Together, we are setting new standards for what digital interactions in the public sector should look like.

Our joint solution provides government agencies with tools that are not only top-notch in security but also designed to enhance the user experience. By reducing friction and simplifying processes, we make it easier for the public to access vital services, from social benefits to healthcare, without compromising on security. This approach helps to build a stronger, more trusting relationship between the government and the public, which is essential in today’s digital age. We recently produced a joint webinar in which you can listen to the recording here.

For example, Socure’s predictive analytics platform goes beyond traditional identity checks by analyzing a broad range of data points, from physical documents to digital footprints. This allows for real-time verification that is both thorough and efficient. Okta’s Universal Directory and Adaptive Multi-Factor Authentication add another layer of security, ensuring that only legitimate users can access sensitive information.

At a time when digitizing benefits delivery is needed to reach large subsets of the population and bolstering public trust in government services is paramount, these solutions work together to provide key benefits, including:

  • Auto-approval of more eligible individuals (98% for mainstream populations and up to 94% for hard-to-identify populations, including Gen Z, millennial and new-to-country individuals)
  • More effective fraud prevention, capturing 90% of third-party identity fraud in the riskiest 3% of users
  • Reduction of manual reviews with fully automated identity verification and fraud prevention, with a response in milliseconds
  • Fast time-to-value with easy, secure connections across a variety of applications and on the cloud
  • Comprehensive approach to security with audited infrastructure and process
  • Reduction of the burden of password management with simple, passwordless MFA options
  • A variety of flexible authentication options that nearly everyone can use

By pooling our capabilities, we will help reduce the cost, burden, and friction generated by today’s pervasive attacks and deliver a better consumer experience without making it harder for people to interact with government services.

Watch our webinar to learn more about how successfully verifying identity requires a multi-layered approach.

Google and Okta Partner to Modernize Identity Management in Higher Education

Online collaboration is an essential part of the workplace and the educational sphere. To ensure this collaboration is done securely, Okta and Google have partnered to enhance and automate identity management at scale.

Okta is a neutral, AI powered, extensive platform that puts identity at the heart of any IT stack. No matter the industry, use case or level of support needed, Okta facilitates Identity Access Management (IAM) while keeping security at the core of the integration. Google Workspace is a collection of collaboration tools, and with more than three billion users, it aims to meaningfully connect users to facilitate partnerships and growth. While identity management can be complex, it does not need to be. Together, this partnership makes the path towards modern identity management as neutral, simple, secure and straightforward as possible.

With their recent partnership, customers can now:

  • Automate identity processes at scale
  • Unlock productivity with optimal security
  • Collaborate with each other, seamlessly and securely
  • Use their Google credentials across over 7,500 different apps
  • Gain cross-platform login privileges across Google Workspace and Okta
  • Access accounts with new, simplified user permissions and automated access management

Every organization strives to modernize and adopt cloud technology. This is also true within the higher education market, which is continuing to refine the trend of remote and hybrid learning following the pandemic. The applications and resource solutions that Google provides to higher education, along with the integration of Okta’s IAM capabilities, is immensely beneficial to the agency’s journey in adapting modern cloud technology and security.

Leading the Modernization of Identity Management in Education

Okat Google Higher Education Partnership Blog Embedded Image 2024

With the influx of hybrid and online learning, higher educational institutions are still learning how to orient solutions towards online learning and teaching. From an IAM perspective, higher education is one of the most complex environments with regards to the vast array of users. Within one network, an institution has faculty, staff, professors and a yearly lifecycle of students that range from applicants to alumni. The process of onboarding and offboarding students and faculty can be time consuming and requires multiple digital programs to facilitate. Okta provides a frictionless onboarding and offboarding experience for administrations that deal with changes in the student body. There are also external users such as partners, contractors and subcontractors, such as medical centers and food providers, that universities must consider. Okta’s open, neutral and independent identity platform can integrate with technologies commonly used by institutions, such as Enterprise Resource Planning (ERP) and Student Information System (SIS), allowing universities to build off of software they are already using. Depending on the role of the individual accessing the software, the identity gains access to personalized experiences.

Okta offers the capability to combine and manage various groups and processes in a single, secure platform. The partnership between Okta and Google enhances the student experience from their perspective, too. Okta’s single platform can solve student-specific challenges, such as managing multiple accounts and logins across an array of learning tools, enabling smoother daily operations and access. With cross platform log in, students can securely access Google Chatroom and Classroom features with IAM capabilities. By implementing Google Cloud capabilities into daily functions, higher education institutions can create a more modern experience for students while reducing costs. For example, artificial intelligence (AI) virtual agents are used to answer student questions and direct them to services, and mobile apps are utilized for mental health check-ins and other well-being services.

How Okta and Google uphold Zero Trust and Cybersecurity

Identity is one of the key pillars within the Cybersecurity and Infrastructure Security Agency (CISA)’s Zero Trust Architecture (ZTA). Okta upholds Zero Trust principles by ensuring that through methods such as multi factor authentication, the person gaining access is who they say they are. By only allowing access to devices that are up to date, Okta prevents bad actors from hacking older systems with commonly known security vulnerabilities. By sustaining a strong ZTA baseline, Google and Okta establish a secure experience for students, staff and faculty.

Okta gives customers a neutral, powerful and extensible platform that puts identity at the heart of information technology (IT) stacks. No matter what industry, use case or level of support is needed, Okta has customers covered. Okta and Google integrate with technology partners, alliance partners and vendors to uphold and exemplify security principles. In doing so, they ensure that every user on campus networks are safe and secure.

To learn more about Okta and Google’s partnership and the benefits to cloud and IAM security, visit the Carahsoft-hosted webinar on the company’s newfound partnership: Securing Productivity with Google Workspace + Okta.

Contact our Okta solutions experts today to discover the power of Okta and Google together, and how these industry leading organizations can support your higher education initiatives.

Enhancing Government Creative Teams with Adobe Creative Cloud

As government agencies continue to modernize their workflows, the need for advanced creative tools becomes increasingly paramount. Adobe Creative Cloud (CC) offers a suite of applications that can revolutionize how government creative teams operate. This blog will delve into the latest features in Adobe CC applications and how they can benefit government creative teams, enhancing productivity, creativity, and collaboration.

Adobe Photoshop: Elevating Image Editing

Adobe Photoshop remains the cornerstone of digital image editing. The latest updates introduce a revamped user interface that is more intuitive, making it easier for new users to navigate while providing seasoned professionals with a more streamlined experience.

Enhanced color adjustment tools allow for more precise control over color grading, crucial for producing high-quality images that meet stringent government standards. The improved selection tools enable users to refine selections with unprecedented accuracy, ensuring that every detail in a project is meticulously handled.

One of the standout features is the integration with Adobe Firefly AI. This includes AI Expand, AI Fill, AI Text Generation, and AI Object Selections, which significantly reduce the time spent on repetitive tasks. Government teams can leverage these AI-powered tools to accelerate their workflow, focusing more on creativity and less on mundane tasks.

Adobe Lightroom: Seamless Photo Management and Editing

Adobe Creative Cloud for Gov Creative Teams Blog Embedded Image 2024

Adobe Lightroom offers robust tools for photo management and editing, making it ideal for government agencies that handle large volumes of photographic content. The new importing options, including cloud and local drive features, provide greater flexibility in managing assets.

The user interface enhancements facilitate smoother navigation, allowing teams to work more efficiently. Tools like exposure and color balance are crucial for maintaining consistency across projects. The addition of Blur tools and Lens Blur features further enhance the creative possibilities, enabling users to achieve professional-grade edits effortlessly.

Moreover, the seamless integration with Adobe Photoshop means that assets edited in Lightroom can be transitioned to Photoshop for further refinement, ensuring a cohesive workflow.

Adobe Illustrator: Vector Graphics Excellence

Adobe Illustrator is essential for creating high-quality vector graphics. The application’s core tools, such as the Pen tool and Shape tool, have been refined for better usability. Whether starting with the Banana tool or Pen tool, users can quickly determine the best approach for their project.

Adobe Firefly AI’s capabilities in Illustrator are transformative. From generating backgrounds and icons to utilizing color editing tools, Firefly AI enhances creative efficiency. Features like Generative Recolor and vector artwork generation allow government teams to produce sophisticated graphics with ease, ensuring their visual communications are both impactful and professional.

Adobe InDesign: Streamlined Document Design

Adobe InDesign is a powerful tool for creating polished documents. Efficient document setup and the use of the Pages panel streamline the design process, making it easier to organize and navigate projects.

Importing text and ensuring proper formatting are crucial for maintaining consistency in government documents. Standardized character and paragraph styles save time and ensure a professional look. The Link panel and its embedding features simplify file management, reducing the risk of broken links and ensuring all assets are properly integrated.

Adobe Premiere Rush and Premiere Pro: Video Editing Mastery

Adobe Premiere Rush provides a comprehensive tutorial and tool layout for learning the user interface, making it accessible for all skill levels. Loading video files and constructing a well-organized timeline are straightforward, and the shortcut windows enhance editing workflows.

Premiere Rush’s layout and formatting options enhance the visual appeal of projects, while the export feature simplifies the finalization process. For more advanced video editing needs, Adobe Premiere Pro offers a user-friendly design with enhanced Sequence Preset options and a redesigned Motion Graphics Template Workspace.

Firefly AI integration in Premiere Pro, with features like removing filler text and “Edit by text” functionality, streamlines the editing process. Enhanced trimming and multiple camera improvements ensure a smoother and more polished video editing experience, ideal for government projects requiring high-quality visual content.

Adobe Stock and Adobe Express: Access to Extensive Creative Assets

Adobe Stock serves as a versatile reservoir for licensed images, audio, video, templates, and more. Its extensive filters allow users to fine-tune searches, ensuring they find exactly what they need. The license file history feature simplifies tracking and managing licensed items.

Integration with Adobe Express demonstrates the ease of creating posts and utilizing Adobe Stock’s library for customization. Firefly AI capabilities, such as Text-to-Image and Generative Fill, bring AI-powered magic to users’ fingertips. Adobe Express enables quick video edits with preset transitions and royalty-free video options, perfect for government agencies looking to produce engaging content efficiently.

Adobe Experience Manager: Efficient Digital Asset Management

Adobe Experience Manager (AEM) Assets offers powerful digital asset management, essential for government teams managing extensive content. Asset tagging and folder organization maximize productivity, while seamless collaboration facilitates effective content creation and distribution.

The tight integration between AEM and Adobe Creative Cloud enhances asset lifecycle management, ensuring all digital assets are efficiently managed and utilized across projects.

Adobe Creative Cloud’s latest features provide government creative teams with advanced tools to enhance their productivity and creativity. From image editing and photo management to vector graphics, document design, video editing, and digital asset management, Adobe CC applications cater to diverse needs, ensuring government agencies can deliver high-quality content with efficiency and precision. Embracing these tools can significantly elevate the capabilities of government creative teams, fostering innovation and excellence in their work.

Additionally, if you or anyone you know would like to dive deeper into Adobe creative applications and how they can be applied to current government projects, watch the on-demand recordings from our 8-part webinar series, Elevate Creative Workflows with AI-Enhanced Digital Designs, to discover how Adobe Creative Cloud solutions play a pivotal role in accelerating creative workflows and leverages AI to facilitate the efficient development of digital experiences.

Contact our Adobe solutions experts today for a experts demonstration on how to utilize the newest tools, upgrades, features, and integration capabilities that teams across all fields can leverage for compelling and exciting digital designs.

The Evolution of Technology in the Defense Industry at DoDIIS

Innovation in Government benefits the changing and growing needs of the nation, and the Department of Defense (DoD) leads the way in both innovation and security. The Department of Defense Intelligence Information System (DoDIIS) is a conference for the nation’s top military and technology specialists to share insights revolving around the show’s theme – ‘Chaos to Clarity: Leveraging Emerging Technologies.’ Fed Gov Today joined Carahsoft on the show floor to discuss IT and OT updates, artificial intelligence (AI) and machine learning (ML) and priority technology updates with military thought leaders.

Departmental Shift to Information Technology

Carahsoft DoDIIS Defense Recap Blog 2023 Embedded Image 2024The DoD aims to refresh technology and standardize user experience across the department as a response to employee feedback. These standards are partially inspired by Zero Trust models and codifying existing standards. Through the implementation of office management and hiring defense digital service experts, agencies will update hardware and endpoints, refresh outdated technology and enhance overall IT capabilities. Executing these standards will require time and financial resources, and to properly utilize all acquired resources, a new generation of industry professionals will need to be onboarded. By building off effective processes from previous initiatives and hiring new talent that is optimally suited for these processes, the department can make strides in software such as cloud computing, generative AI and Zero Trust. The introduction of the Joint Operational Edge Cloud (JOEC) is also critical in accelerating cloud computing for combat tactical edge usage during the interim shifts in technology. At record speeds, the DoD must move from hardware defined enterprise towards modifying software.

AI Evolution

While AI is in its infancy, prototypes show a promising and interesting future where machines are trained to complete work. With more than 1,200 AI applications across civilian agencies, and various similarities and differences in the way AI is used by Government and commercial agencies, there is a lot the Federal sphere can learn from commercial agencies. In the private sector, companies tend to build back-end architecture for AI, providing fast access to all data. The Federal Government can optimize this plan by automating AI/ML to gain tactical advantage against machine adversaries. AI can also aid in predicting component failure. This helps agencies get hardware and software back on track as soon as possible, as well as help with mission planning. The private sector offers a myriad of ideas the Government can leverage for efficiency, such as AI in healthcare, sustainable energy and creative component and finance management.

DIA Initiatives

The Defense Intelligence Agency (DIA), a service provider on behalf of the defense industry, has a comprehensive IT strategy made up of five key priorities:

  1. Among both classified and unclassified networks, the DoD should implement top secret connection.
  2. With the transition to working from home, employers must enable workplace inclusivity through technology, especially for employees with disabilities.
  3. Enable workers to access data applications from one fully integrated place by consolidating network systems, such as desktop environments.
  4. As internally shared information becomes more complex, the DIA must update technology to strengthen intelligence sharing.
  5. Authorize worldwide connectivity for the Joint Worldwide Intelligence Communications System (JWICS), the DoD’s house for sensitive information. This means a reliable and secure connection regardless of environment and its proximity to data centers.

By maintaining pace with world class technology such as the cloud and AI, the DoD will lead the nation in secure communication and strategies.

Check our more resources, interviews and highlights from the event floor at DoDIIS at FedGovToday.com.

Patching in Federal Government Networks

Ivanti is committed to our customers who uphold the Nation’s highest commitments. To this end Ivanti believes that the mission our customers fulfill should not be impeded or constrained by the security stance they take. In these security conscious situations, it’s considered both mandatory and best practice for nodes within these networks to be either disconnected or entirely air-gapped.

(Context: A disconnected network can traverse its own internal network/intranet but is disconnected from the broader internet. Conversely – an air gapped environment is even further isolated – being entirely independent with no connectivity to either a larger intranet or internet.)

Despite these efforts – the risk of exploitation is not absolved simply by disconnecting or placing nodes into an air-gapped state. Network isolation of these servers & endpoints is only one aspect within a zero-trust security paradigm that these Sys-Admins have to contend with.

Technical administrators of these environments are still responsible for maintaining their systems against on-going vulnerabilities. The patching of these systems acts as a counter measure against insider threats within these systems. These vulnerabilities are more than the standard Patch Tuesday Windows OS vulnerabilities. A significant majority of these vulnerabilities exist in the 3rd party Application Eco-System. According to The U.S. National Vulnerability Database – Microsoft exploits only account for 15% of total vulnerabilities today.

Ivanti Patching in Federal Gov Networks Blog Embedded Image 2024

Patching these systems can be extremely tedious and time-consuming, but also manually intensive. This time could be better spent performing strategic security measures, or not spent at all. As a result of this lengthy process critical systems can be impacted and left open to vulnerabilities. A report from the GAO (As detailed in Pg. 46 of the GAO Report 16-501: Agencies Need to Improve Controls over Selected High-Impact Systems) shows that this has historically left even critical vulnerabilities unpatched after a significant time period (In the report – several years). To address these issues, Ivanti assists our customers by automating the remediation of the vulnerabilities found within their system, while also providing a record of truth, and reporting to these workflows.

Ivanti’s Disconnected Patching Capability

Ivanti’s product portfolio not only includes its flagship cloud-based Product Suite, and also a strong array of On-Premise based products. Two products worth highlighting for this are Ivanti Security Controls (ISEC), and Ivanti Endpoint Manager (EPM). Both products have On-Premise deployment options which extend into Disconnected and Air-Gapped Use-Cases.

At a high-level, Ivanti services disconnected / airgapped environments via the use of servers placed within those environments. Those servers then act as a repository for OS patches (Incl. Windows, Linux, and Mac), along with 3rd Party Application Patches. Reference this example diagram of a disconnected instance of Ivanti ISEC. In this example, a central environment is used to download and prepare patches for the environment. Then, one-to-many disconnected environment can then be stood up with patches and management provided via a ‘File Transfer Service’. This service can mean two things: either an approved Media Devices to enable transfers when no connectivity can exist, or a staged approach in which connectivity for a Centralized console is alternated between the Internet and a Disconnected Environment. Where approved, this prevents a direct link between the internet and the disconnected environment.

One additional note with this diagram is that both the Central Rollup Console and Connected Environment can also be connected on temporarily, even if only to update definitions in support the disconnected portions of the deployment.

Ivanti Endpoint Manager (EPM)

On the flipside, we can take the disconnected / connected philosophy we mentioned in ISEC and apply it to our EPM product. Like with ISEC an admin can create multiple EPM consoles, or cores without any additional charges. Those cores can be deployed as disconnected or ‘dark’ cores. Vulnerability Definitions and Patches can then be copied from a connected environment into the disconnected environment via the same preferred ‘File Transfer Client’ of choice. This methodology has been proven amongst our customer base who have effectively deployed this into disconnected and airgapped instances for both ISEC and EPM.

Modernized & Automated Patching Workflows

Modernizing the patching process means reducing the Mean Time to Patch, and strategically securing against vulnerabilities. To that end, Ivanti provides Neurons for Risk Based Vulnerability Management – a Vulnerability Management system that provides contextualization around threats (Ex. ‘Trending’ Vulnerabilities or Vulnerabilities could be executed without physical access to the target).

RBVM also provides the necessary patches and remediation for those vulnerabilities. By integrating our Patching and RBVM we modernize patching into a strategic and automated process. Files containing the vulnerabilities deemed most risky can be loaded into solutions like EPM to determine and provide patches. This workflow can still apply even in disconnected and airgapped use cases. RBVM could connect to the Rollup Core while disseminating patches via the process mentioned above.

How Ivanti can Help

Between Ivanti’s EPM & ISEC products, a System Administrator would have full range to patch the Windows, MacOS, and Linux Servers and Workstations within their environments. Patches also extend to 3rd Party Applications in which a significant portion of vulnerabilities originate. Ivanti also has a team of QA testers that validate the patches within its 3rd Party Patch Catalog to ensure no patches will cause a crash to the system. This patching can apply to both connected, and disconnected environments without any additional charges for scaling your Console Server Deployments.

In the case of ISEC – ISEC can discover and patch endpoints both with an agent and agentlessly. ISEC can also integrate with On-Premise VMware ESXi environments and patch ESXi hosts, as well as images and offline VM’s, thus further centralizing and reducing time to patch across the environment. Conversely – EPM provides users with a full suite of Endpoint Management capabilities in addition to patching including Discovery and Data Normalization, OS Provisioning, Software Distribution, User Profile Management, Remote Control, and Integrated Patching and Endpoint Security.

Additional Resources

For further reading, please consider Ivanti’s Product documentation around this subject. These references can provide additional documentation around how to establish:

About Ivanti

Ivanti was created in 2017 with the merger of Landesk and HEAT software. We are a powerhouse IT solution with over 30 years of combined experience. Ivanti finds, heals and protects every device, everywhere – automatically. Whether your team is down the hall or spread around the globe, Ivanti makes it easy and secure for them to do what they do best.

Ivanti is committed to supporting our customers requiring either Cloud or On-Premise deployment requirements. In both of those deployment paths Ivanti’s Portfolio contains accredited solutions including the following certifications: DoD ATO, Army CoN, Common Criteria, DoDIN APL, DISA STIG, DoD IL2 & IL5 Private Cloud, DoD ATO, NIAP MDM PP v4, NIAP Common Criteria, NSA CSFC, FIPS 140-2, FedRAMP Moderate, & SOC 2 Compliances.

Connect with an Ivanti representative today and learn more about how Ivanti can support your MultiCloud initiatives.

Revitalizing FedRAMP: Navigating the Shift to a Modernized Cloud Security Framework

The Federal Risk and Authorization Management Program (FedRAMP) was created over a decade ago to provide a standardized approach to security assessment, authorization and continuous monitoring for cloud products and service used by Federal agencies. Embracing the dynamic advancements in cloud technology, FedRAMP has recognized the importance of modernizing to keep pace with the rapid developments in the cloud landscape. The Office of Management and Budget (OMB) released a draft memorandum in October 2023 that outlined a comprehensive FedRAMP framework, emphasizing adaptability, automation and cooperation to address evolving cloud service requirements. 

An Opportunity for Modernization 

As technology continues to evolve, so do the advancement opportunities in the realm of cloud security for Federal agencies. With the expansion of cloud offerings and the increasing demand for cloud-based services, FedRAMP is undergoing a significant overhaul to meet the changing landscape. The new OMB FedRAMP guidance will replace the original guidance published in 2011, a year in which the cloud security climate looked drastically different and less complex than today. Changes to address the evolving threat landscape include tools for enterprise collaboration, product development and improving an enterprise’s own cybersecurity. Having already authorized more than 300 authorized services in the FedRAMP Marketplace, FedRAMP recognizes the need to add more solutions for agencies to have all the required capabilities to deliver on their missions.[1]

OMB aims to address these challenges by establishing a plan to scale the program, bolster security reviews of cloud solutions and accelerate Federal adoption. Drew Myklegard, the Deputy Federal CIO, said during CyberTalks, a gathering of the most influential leaders in cybersecurity and digital privacy, “There’s a lot of room in the FedRAMP process with friction and [manual] steps that are causing too long of times from when people identify a product that they need until they can employ it.” [2] 

The New FedRAMP Guidance 

Carahsoft FedRAMP General Overview Blog Embedded Image 2024Automation and Continuous Monitoring (ConMon) stand at the forefront of FedRAMP modernization as the memo underscores the significance of automation and the use of machine-readable formats for authorization and ConMon artifacts. The new guidance will create a system for automating security assessments and reviews, as well as expand on the initiative to obtain FedRAMP security artifacts solely through automated, machine-readable processes. The General Services Administration (GSA) also plans to update ConMon processes within 180 days and exclusively accepting machine-readable artifacts within 18 months.  

By automating security assessments and reviews, FedRAMP is looking to streamline the authorization process, reduce the time and cost of compliance, and improve the accuracy and consistency of security assessments. An added benefit is that automation will help identify and mitigate security risks more quickly and effectively, improving the overall security posture of cloud-based services used by the Federal Government.  

The key changes proposed in the new guidance will: 

  • Reaffirm the presumption of adequacy established in the FedRAMP Authorization Act. This provision establishes that once a CSO achieves FedRAMP Authorization, Federal agencies must presume the offering has adequate security measures for a streamlined reauthorization.  
  • Recognize the transformation of the cloud marketplace and the need for FedRAMP to adjust its processes, originally tailored to a limited number of Infrastructure as a Service (IaaS) solutions, to now accommodate a vast and growing amount of Software as a Service (SaaS) solutions. 
  • Introduce a fast-track authorization program for agencies that have demonstrated mature authorization processes and frequently provide the PMO with high-quality authorization packages. 
  • Propose new authorization types: Joint-Agency and Program authorizations. The Joint Authorization Board (JAB) authorization option is evolving, with all existing JAB authorizations automatically transitioning to Joint-Agency authorizations upon the memorandum’s issuance. Joint-Agency authorizations can pool the resources of any Federal agency to review an authorization package, expanding beyond the DoD, DHS and GSA to include all relevant agencies. 
  • Define the roles and responsibilities of the newly established FedRAMP Board. The FedRAMP Authorization Act empowered OMB to assume a more active and leading role in FedRAMP, and this memo serves as a notable illustration of that increased involvement. 
  • Establish a preliminary “pilot” authorization category allowing agencies to test new cloud services for up to twelve months. This authorization pathway would provide agencies and CSPs with an expedited route to market, accelerating the availability of CSOs. 
  • Streamline authorizations for products that leverage FedRAMP-authorized Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions and for products which have obtained external security frameworks that evaluate relevant risks.  
  • Establish the Technical Advisory Group (TAG) to act as an independent source of Federal Government employees for best practices to enhance the efficiency of FedRAMP’s operations.  

Benefits for Federal Agencies 

By scaling the program, more cloud service providers will be able to obtain FedRAMP authorization, increasing the availability of authorized cloud services for Federal agencies to use. This will enable agencies to more easily and quickly adopt cloud-based services that meet their specific needs. 

Through enhanced security reviews of cloud service offerings, Federal agencies can gain increased confidence in the adherence of the cloud services they utilize to rigorous security standards. Therefore, improving the overall security posture of Federal agencies and reducing the risk of data breaches. 

Streamlining the authorization process and offering a broader range of authorized cloud services can help Federal agencies alleviate the costs and administrative burden linked to duplicative security assessments. Overall, agencies will be able to more efficiently and effectively leverage cloud-based services to support their mission and better serve its citizens.  

The Future of FedRAMP 

Stakeholders are optimistic the new OMB guidance will pave a future for the program that will be more comprehensive, efficient and tailored to the current security environment. As more commercial providers become incentivized to pursue FedRAMP authorization, Federal agencies will have more options when it comes to cloud, and technology vendors will be more suited to achieve FedRAMP authorization success. 

To explore more in-depth insights into the OMB Memo view the Carahsoft Guide to Modernizing the Federal Risk Authorization Management Program (FedRAMP). To learn more about Carahsoft’s partner marketplace for FedRAMP certified cloud solutions visit our FedRAMP portfolio and speak to a member of our team today.  

 

Resources: 

[1] “Office of Management and Budget Releases Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP).” The White House, https://www.whitehouse.gov/omb/briefing-room/2023/10/27/office-of-management-and-budget-releases-draft-memorandum-for-modernizing-the-federal-risk-and-authorization-management-program-fedramp/. 

[2] “OMB extends comment period for new FedRAMP guidance.” FedScoop, https://fedscoop.com/omb-extends-comment-period-for-new-fedramp-guidance/ 

Empowering Education: Nutanix and the E-Rate Program

The U.S. Telecommunications Act of 1996 established the E-rate program to ensure affordable access to telecommunications and internet services, particularly for schools and libraries in low-income and rural areas. E-Rate consists of two categories:

  • Category One: This covers data transmission and internet access services, including broadband connectivity and data links connecting multiple points.
  • Category Two: This category focuses on eligible equipment, such as wireless access points, controller systems, routers, switches, and essential software-defined networking (SDN) and firewalls. Nutanix is a recognized provider of Category Two services under E-Rate, enhancing digital learning, IT security, and affordability.

During 2023, the third year of the 5 year E-Rate budget cycle, Nutanix and Carahsoft worked with a handful of customers across the country, and successfully funded and implemented multiple projects through USAC and the E-Rate program.

As we enter the fourth year of the 5 year E-Rate budget cycle, schools and libraries have 2 years left to utilize the E-Rate funds available to them. Schools and Libraries have an opportunity to fast track their digital modernization efforts with E-Rate funding. Let’s delve into the Nutanix E-Rate Solution.

Nutanix on E-Rate Education Blog Embedded Image 2023

Nutanix’s Integrated Solution: Nutanix offers an integrated software-defined solution based on hyperconverged infrastructure. This solution streamlines networking, physical security, diagnostics, and firewalling, eliminating the need for separate legacy systems. It can be consolidated onto the Nutanix Cloud Infrastructure (NCI), reducing physical device footprint, costs, and management workload. It also integrates seamlessly with Nutanix and third-party products to create a robust infrastructure stack.

Unified Management: Nutanix provides a single pane management interface for all physical and virtual resources. This simplifies the management of diverse IT environments, allowing educational IT leaders to oversee data services, workload security, uptime, SLAs, virtual networking, and governance from a centralized dashboard.

Security and Compliance: Nutanix’s software incorporates robust security measures, automating compliance and providing self-healing capabilities. NCI centralizes network and security services, ensuring efficient functionality and effective incident response. It offers advanced network security, application-centric protection, and monitoring for security and compliance.

Software-Defined LAN: Nutanix’s software-defined LAN technology extends Layer 2 networks across sites using virtual extensible LAN (VXLAN) technology. This enables the delivery of broadband IPv4 services without additional hardware, improving uptime and adaptability.

Accelerate IT Modernization: Nutanix accelerates IT modernization at any stage, and E-Rate qualification allows schools and libraries to save up to 68% on eligible solutions through Category Two funding.

For more information, visit www.nutanix.com/E-Rate or contact Nutanix at NutanixSLED@Carahsoft.com or E-Rate@Nutanix.com to explore how their solutions can meet your specific needs.

View our webinar and dive deeper into how Nutanix can support your institutions education journey through the E-Rate program.

*Information in this blog was updated on November 7, 2023 to reflect more up-to-date, accurate information.

Okta and ServiceNow: Modernizing Public Sector Operations

Federal, state, and local agencies and educational institutions are facing a surge in targeted cyberattacks. With increasing return-to-office mandates, they face further challenges balancing security with the need to deliver frictionless experiences for users and systems, both within and beyond the premises of agencies and campuses. Public sector organizations can lean further on industry partners to help them modernize operations to improve cybersecurity, support distributed workforces and users, remain compliant with audit and policy mandates, and, ultimately, better serve the public.

Roadblocks to Modernization

To modernize operations, agencies and institutions need to transition from legacy systems to cloud-based tools. Creating collaborative, seamless, and secure work environments that not only attract and retain top talent but also comply with key audit and policy mandates is necessary.

But building this kind of robust environment that can securely support mission-critical work isn’t easy.

Okta ServiceNow Modernizing Public Sector Operations Blog Embedded Image 2023

For one, as the public sector implements cloud-based tools that deliver modern, continuous digital services, they must also ensure the new technology works seamlessly alongside existing processes. And securing work environments both in-office and remotely has never been more challenging, with a 40% increase in cyberattacks against government and public service organizations from Q2 2023 to Q3 2023. Unfortunately, busy IT teams’ resources are too often spent completing manual work instead of implementing changes needed to focus on the high-value work that propels their missions.

How Okta and ServiceNow Solutions Help With Modernization and Automation

Okta and ServiceNow solutions enable agencies and institutions to overcome these obstacles by providing tools that enhance security, modernize operations, comply with strategic policies, and improve service delivery to meet critical mission goals.

Together, Okta and ServiceNow help with:

  • Identity and access management: A centralized Identity solution offers a complete view of users and phishing-resistant authentication to protect accounts from cyberattacks and least-privilege access. This gives users just the right access at the right time for the right purposes.
  • User lifecycle and workflow automation: Advanced algorithms and customizable templates streamline onboarding and offboarding for IT teams, reducing time-consuming work, eliminating manual, repetitive tasks, and increasing productivity.
  • Compliance and policy oversight: Detailed logs and refined reporting capabilities perform automated compliance checks, and policy enforcement mechanisms help reduce the risk of non-compliance.
  • No-code automation: No-code/low-code automation enables IT teams to quickly launch modern services while still adhering to Zero Trust integrations.
  • Risk management and monitoring: Advanced analytics and real-time reporting enable continuous visibility of all systems, improving service availability and accelerating incident response that can better protect the sensitive information of public sector organizations.
  • System integration: API management and middleware tools enable seamless integration with automated data exchange to improve communication and reduce errors.

Why Okta and ServiceNow are Better Together

These solutions combine ServiceNow’s expertise in policy and compliance management and internal and vendor risk management with Okta’s expertise in Identity and access management, such as single sign-on (SSO) and multi-factor authentication (MFA).

More specifically, with a rich, bidirectional integration, Okta and ServiceNow work seamlessly together, empowering public sector organizations to modernize and automate their services to support their evolving missions with:

  • Okta Integration Network (OIN)
  • ServiceNow Security Incident Module
  • StateRAMP Ready authorization
  • FedRAMP High authorization
  • Department of Defense Impact Level (IL) 4 and IL5 workloads

Contact our team today to learn more about about how, together, Okta and ServiceNow provide the public sector with an open, future-ready platform to automate, secure, orchestrate, and simplify their workflows.