Category Archives: MultiCloud

Okta and ServiceNow: Modernizing Public Sector Operations

Posted on by
Reply

Federal, state, and local agencies and educational institutions are facing a surge in targeted cyberattacks. With increasing return-to-office mandates, they face further challenges balancing security with the need to deliver frictionless experiences for users and systems, both within and beyond the premises of agencies and campuses. Public sector organizations can lean further on industry partners to help them modernize operations to improve cybersecurity, support distributed workforces and users, remain compliant with audit and policy mandates, and, ultimately, better serve the public.

Roadblocks to Modernization

To modernize operations, agencies and institutions need to transition from legacy systems to cloud-based tools. Creating collaborative, seamless, and secure work environments that not only attract and retain top talent but also comply with key audit and policy mandates is necessary.

But building this kind of robust environment that can securely support mission-critical work isn’t easy.

Okta ServiceNow Modernizing Public Sector Operations Blog Embedded Image 2023

For one, as the public sector implements cloud-based tools that deliver modern, continuous digital services, they must also ensure the new technology works seamlessly alongside existing processes. And securing work environments both in-office and remotely has never been more challenging, with a 40% increase in cyberattacks against government and public service organizations from Q2 2023 to Q3 2023. Unfortunately, busy IT teams’ resources are too often spent completing manual work instead of implementing changes needed to focus on the high-value work that propels their missions.

How Okta and ServiceNow Solutions Help With Modernization and Automation

Okta and ServiceNow solutions enable agencies and institutions to overcome these obstacles by providing tools that enhance security, modernize operations, comply with strategic policies, and improve service delivery to meet critical mission goals.

Together, Okta and ServiceNow help with:

  • Identity and access management: A centralized Identity solution offers a complete view of users and phishing-resistant authentication to protect accounts from cyberattacks and least-privilege access. This gives users just the right access at the right time for the right purposes.
  • User lifecycle and workflow automation: Advanced algorithms and customizable templates streamline onboarding and offboarding for IT teams, reducing time-consuming work, eliminating manual, repetitive tasks, and increasing productivity.
  • Compliance and policy oversight: Detailed logs and refined reporting capabilities perform automated compliance checks, and policy enforcement mechanisms help reduce the risk of non-compliance.
  • No-code automation: No-code/low-code automation enables IT teams to quickly launch modern services while still adhering to Zero Trust integrations.
  • Risk management and monitoring: Advanced analytics and real-time reporting enable continuous visibility of all systems, improving service availability and accelerating incident response that can better protect the sensitive information of public sector organizations.
  • System integration: API management and middleware tools enable seamless integration with automated data exchange to improve communication and reduce errors.

Why Okta and ServiceNow are Better Together

These solutions combine ServiceNow’s expertise in policy and compliance management and internal and vendor risk management with Okta’s expertise in Identity and access management, such as single sign-on (SSO) and multi-factor authentication (MFA).

More specifically, with a rich, bidirectional integration, Okta and ServiceNow work seamlessly together, empowering public sector organizations to modernize and automate their services to support their evolving missions with:

  • Okta Integration Network (OIN)
  • ServiceNow Security Incident Module
  • StateRAMP Ready authorization
  • FedRAMP High authorization
  • Department of Defense Impact Level (IL) 4 and IL5 workloads

Contact our team today to learn more about about how, together, Okta and ServiceNow provide the public sector with an open, future-ready platform to automate, secure, orchestrate, and simplify their workflows.

Software, AI, Cloud and Zero Trust as Top Priorities for the Army and DoD at Large at TechNet Augusta 2023

Posted on by
Reply

Many of the major cybersecurity, data, DevSecOps and other trends from the past couple of years continue to grow and be top priorities for every segment of the Department of Defense (DoD). At TechNet Augusta 2023, Government and industry experts shared the specific needs of their organizations across those areas and solutions to help achieve their goals. The main theme of the event was “Enabling a Data-Centric Army” and expanding those principles and their mobilizing technologies to the entire DoD. For the Army in particular, the shift from hardware to software, the use of artificial intelligence (AI), cloud capabilities and Zero Trust were headlining topics at the conference.

Shifting from Hardware to Software

In an effort to increase agility and expand access to resources, the Army is transitioning its equipment from hardware to software. Amending its materiel release process to decouple software from hardware allows the Army to deploy software outside of the long hardware acquisition cycle. To mobilize this endeavor, the Army Futures Command (AFC), is modifying its software requirements to focus on high-level overviews that are then refined by operators. Alongside this shift, the Army and other departments requested that technology providers ensure that their software solutions integrate with each other. Going forward, the Army also asked industry to provide software that is not tied to specific hardware. This separation will be key to establishing data-centricity. Nearly every speaker echoed the importance of this shift for their departments.

Utilizing AI

With this major transition to a software-heavy environment, Army Chief Data and Analytics Officer David Markowitz believes it will be an ideal use case for generative AI in software development. Having a controlled environment in software development would make it easier to properly govern compared to the complexity of some of the other uses. As AI usage increases across the DoD, military leaders requested industry create AI platforms with layered complexity of features enabling users of any skill level to utilize the technology effectively. In regard to AI applications for data, Army CIO Leonel Garciga stated that additional guidance on “Data Use on Public/Commercial Platforms” would be released soon to clarify its policy. Overall, officials concurred that the DoD is not looking to become 100% reliant on AI aid but instead maximize AI’s strengths to augment human critical thinking and empower commanders to make data-driven decisions.

Enabling Cloud Capabilities

Over the past year, the Army has exponentially increased its cloud migration and virtualized capabilities. Housing information in the cloud optimizes data storage and simplifies ease of access particularly with the increase in data output, and the push for AI data analytics and data-driven decisions. Hybrid cloud solutions offer the readiness, adaptability and duplication of vital information necessary for military operations to continue smoothly in any situation. Currently, DoD leaders seek industry solutions for modernizing and moving applications to the cloud simultaneously. Acquiring technology with this ability would reduce both the security risk and the work required from the military to implement it.

Expanding Zero Trust

Overarching every aspect of the DoD is the critical need for cybersecurity. Garciga plans to emphasize Zero Trust implementation heavily in conjunction with improving user experience and cyber posture. While multi-factor authentication offers a great starting point, military leaders explained that it is not enough and that they look to partner with industry to close virtualization vulnerabilities through continuous monitoring and regular red teaming. At the conference, the Army Cyber Command (ARCYBER) outlined seven principles for IT providers to follow for all capabilities they deliver:

  • Rapidly Patch Software
  • Assess All Production Code for Security Flaws
  • Improve Security of Development Networks
  • Isolate Development Environments from the Internet and from the Vendor Business Network
  • Implement Development Network Security Monitoring
  • Implement Two-Factor Authentication (2FA) on Development Network and Testing Services
  • Implement Role-based Permissions on Development Network

Empowering DoD Success

A consistent thread woven throughout the event was the vital nature of open communication and partnership between the DoD and technology companies to achieve the established goals. Within each of these areas including the shift from hardware to software, use of AI, cloud capabilities and Zero Trust, the DoD looks to innovate and explore new methods and solutions to stay ahead on the world platform. Together through collaboration, industry can have a vital role in keeping American citizens safe one technology update at a time.

 

Explore our Federal Defense Technology Solutions Portfolio to learn how Carahsoft can support your organization through innovative, agile defense resources and IT capabilities.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at TechNet Augusta 2023.*

Innovation in Government: The Future of Technology with Dell

Posted on by
Reply

Advances in communications, data analytics and cloud ecosystems are supercharging efforts to modernize government. Leaders recognize that partnerships with industry are essential to their success with emerging technologies, including groundbreaking tools and techniques that help agencies tackle a wide array of challenges. The government is facing monumental challenges, such as the economy, climate change, public health and military preparedness. These large-scale, broad impact problems require new and innovative ideas to solve. Organizations such as the Computing Technology Industry Association (CompTIA) and the National Institute of Standards and Technology (NIST) have released guidance and strategies for agencies hoping to move past existing restrictions by updated legacy systems. Carahsoft’s most recent Innovation in Government Report includes insights from industry experts at Dell Technologies on how emergent technologies can help government push past those boundaries, with deep dives on 5G, artificial intelligence, digital twins, edge computing and cloud ecosystems.

 

 A Secure Way to Use AI-Assisted Data Analytics

“Federated learning is becoming increasingly relevant given the emergence of ChatGPT and other AI-based technologies. Industry and government leaders recognize that it is essential to develop AI in an ethical, unbiased way that ensures information privacy and security. The only way to do that is to take a critical look at the technologies that are evolving and shape them in an intentional way. Right now, AI is not as secure as it could be. It is susceptible to the same vulnerabilities that affect other technologies. Therefore, agencies and their industry partners should focus on protecting data where it resides, instituting a zero trust architecture and securing AI algorithms.”

Read more insights from Ed Hicks, business development manager for federal and AI at Dell Technologies.

 

What the Evolution of 5G Means for Government  

Carahsoft IIG FCW August Future of Tech Dell Blog Embedded Image 2023 “5G is the first generation of cellular technology that’s cloud native, which means it has the flexibility to be fully virtualized and deployed in several different architectural designs, hosted on commercial servers. Agencies now have the ability to dynamically scale up or down depending on the network load at the moment. In addition, many large hyper-scaler cloud vendors are exploring ways to provide 5G as a service and combine the virtualized network function with cloud-hosted workloads, integrating the telco workload into the traditional IT stack.”

Read more insights from Greg Burrill, 5G/Networking Alliance Manager at Dell Technologies.

 

Taking Modernization to the Next Level with Digital Twins

“Digital engineering is digital transformation applied to the realm of systems engineering. It is another path to IT modernization. Digital twins require the foundations of a digitally transformed environment and its elements of data management, agile development, DevSecOps and container-based orchestration. Digital twins focus on bringing data from the physical world into the digital arena, gleaning insights through artificial intelligence and then displaying those insights visually for users. Digital twins can deploy those conclusions in the physical world, measure the results of the changes and start the loop over again by feeding that data back into the digital arena.”

Read more insights from Ken Rollins, Technology Architect for Digital Engineering/Edge at Dell Technologies.

 

How Repatriation Fits into a Broader Cloud Strategy

“When agencies simply lifted and shifted workloads into the cloud, they often experienced inefficiencies and cost overruns. Now that agencies are gaining a better understanding of cloud models and how to adapt their workloads to run efficiently in the cloud, they have begun to more carefully consider when it makes the most sense to put a workload into a public cloud and when it is better to pull it back to run on premises, known as cloud repatriation. Those decisions should be part of a larger strategy for appropriate workload placement.”

Read more insights from Manny Yusuf, Chief Cloud/Edge Architect at Dell Technologies.

 

Future-Ready Data Centers for Government Agencies

“A software-defined data center (SDDC) virtualizes all the infrastructure elements that government agencies are using and delivers them in an as-a-service model. Specifically, compute, networking, storage, security and services are abstracted and delivered as automated, policy-driven software. That virtualized, programmatic approach enables SDDCs to break down IT silos and simplify complexities. The benefits include gains in performance and availability and reductions in costs and security risks. An SDDC enables applications to be deployed more quickly and IT resources used more effectively through the use of cloud-based services.”

Read more insights from Manny Yusuf, Chief Cloud/Edge Architect at Dell Technologies.

 

A Flexible Cost Model for Cloud and Infrastructure

“Maintaining visibility into IT operations is crucial for understanding and mitigating security risks as well as for better managing costs. Agencies might need to achieve a specific return on investment, meet certain efficiencies or comply with unique mission requirements. Regardless of the goal, a simplified cost model provides a comprehensive understanding of what it costs the agency to run workloads on premises, at the edge or in any cloud location. Dell APEX also allows agencies to maintain oversight of their IT environment and expenses when they are running a software factory and pushing out new capabilities on a continuous basis. Anytime something new is put in the cloud, it’s important to have visibility into its long-term costs so that agencies can avoid inefficiencies.”

Read more insights from Manny Yusuf, Chief Cloud/Edge Architect at Dell Technologies.

 

Download the full Innovation in Government® report for more insights from emerging technology thought leaders and additional industry research from FCW.

FedRAMP Rev. 5 Baselines are Here, Now What?

Posted on by
Reply

The FedRAMP Joint Authorization Board (JAB) has given the green light to update to FedRAMP Rev. 5. With this revision, FedRAMP baselines are now updated in line with the National Institute of Standards and Technology’s (NIST) SP 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations. This transformation brings opportunities and challenges for all stakeholders involved, including Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), and Federal Agencies. But worry not – with RegScale, we have your back! Let’s dive in and understand the impact and how to prepare for the coming changes.

Decoding the Transition

The transition has been in the works for a very long time, and FedRAMP has updated many of their controls to accurately reflect updates in technology since Rev. 4 was published in 2015. FedRAMP Rev. 5 brings with it significant updates to the security controls to meet emerging threats, including new families such as supply chain risk management, and places a greater emphasis on privacy controls. FedRAMP continues to strongly encourage package submission in NIST Open Security Controls Assessment Language (OSCAL) format to accelerate review and approval processes. To aid with a clear comprehension of the updates, FedRAMP has also released a Rev. 4 to Rev. 5 Baseline Comparison Summary. There are more than 250 controls with significant changes, including several whole new families of controls.

In the coming weeks, FedRAMP plans to release a series of updated OSCAL baseline profiles, resolved profile catalogs, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plans of Action and Milestones (POA&;ampM) templates as well as supporting guides for each of these.

What is OSCAL, You Ask?

RegScale FedRAMP Rev. 5 Baselines Blog Embedded Image 2023

OSCAL is a set of standards for digitizing the authorization package through common machine-readable formats developed by NIST in conjunction with the FedRAMP PMO and industry. NIST defines it as a “set of hierarchical, formatted, XML- JSON- and YAML-based formats that provide a standardized representation for different categories of security information pertaining to the publication, implementation, and assessment of security controls.” OSCAL makes it easier to validate the quality of your FedRAMP packages and expedites the review of those packages.

The Impact on CSPs

FedRAMP has published the CSP Transition Plan, providing a comprehensive roadmap and tool for CSPs to identify the scope of the Rev. 5 controls that require testing and offering support for everyone based on their stage in the FedRAMP authorization process. Timelines for the full transition range from immediate to 12-18 months. You should find a technology partner to assist you regardless of your FedRAMP stage so that you can quickly and completely adapt from Rev. 4 to Rev. 5 baselines as well as update, review, and submit your packages in both human-readable (Word, Excel) and machine-readable (OSCAL) formats.

If you are a CSP just getting started with your FedRAMP journey…

As of May 30, 2023, CSPs in the “planning” stage of FedRAMP authorization must adopt the new Rev. 5 baseline in their controls documentation and testing and submit their packages in the updated FedRAMP templates as they become available. You are in the planning phase if you are:

  • Applying for FedRAMP or are in the readiness review process
  • Have not partnered with a federal agency prior to May 30, 2023
  • Have not contracted with a 3PAO for a Rev. 4 assessment prior to May 30, 2023
  • Have a JAB prioritization but have not begun an assessment after the release of the Rev. 5 baselines and templates

If you are a CSP in the “Initiation” phase

CSPs in the initiation phase will complete an Authority to Operate (ATO) using the Rev. 4 baseline and templates. By the latest of the issuance of your ATO or September 1, 2023, you will identify the delta between your Rev. 4 implementation and the Rev. 5 requirements, develop plans to address the differences, and document those plans in the SSP and POA&;ampM. You are in the initiation phase if any of the following apply prior to May 30, 2023:

  • Prioritized for the JAB and are under contract with a 3PAO or in 3PAO assessment
  • Have been assessed and are working toward P-ATO package submission
  • Kicked off the JAB P-ATO review process
  • Partnered with a federal agency and are:
    • Currently under contract with a 3PAO
    • Undergoing a 3PAO assessment
    • Have been assessed and have submitted the package for Agency ATO review

If you are a Fully Authorized CSP

You are in the “continuous monitoring” phase if you are a CSP with a current FedRAMP authorization. By September 1, 2023, you need to identify the delta between your current Rev. 4 implementation and the Rev. 5 requirement, develop plans to address the differences and document those plans in the SSP and POA&;ampM. By October 2, 2023; you should update plans based on any shared controls.

If your latest assessment was completed between January 2 and July 3, 2023, you have a maximum of one year from the date of the last assessment to complete all implementation and testing activities for Rev. 5. If your annual assessment is scheduled between July 3 and December 15, 2023, you will need to complete all implementation and testing activities no later than your next, scheduled annual assessment in 2023/2024.

A Complete Technology and Transition Partner

The transition to FedRAMP Rev. 5 is not just about meeting the new requirements but doing so in the most efficient and seamless manner. You should focus on your core business while technology like RegScale handles the intricacies of the compliance transition.

Beyond compliance documentation, RegScale serves as a comprehensive FedRAMP compliance technology and transition partner. Our platform assists with mapping your security controls against FedRAMP and NIST SP 800-53 baselines for Rev. 4 and Rev. 5, supports gap analysis, provides remediation support, and enables continuous monitoring and improvement. The platform currently includes FedRAMP support and tools to develop human-readable and OSCAL-formatted content for Catalogs, Profiles, SSPs, Components, SAPs, SARs, POAMs and Asset Inventory. To help eliminate the friction and confusion of where to begin with OSCAL, RegScale provides an intuitive Graphical User Interface (GUI) to build artifacts using our wizards and then easily export them as valid OSCAL. By automating the creation of audit-ready documentation and allowing direct submission to the FedRAMP Project Management Office (PMO) through OSCAL and/or Word/Excel templates, RegScale provides a seamless transition experience to Rev. 5, reducing complexities and saving you valuable time and resources.

In closing, it is crucial for all CSPs and stakeholders to review the new mandates and the CSP Transition Plan and begin planning to address the updated templates. Let RegScale help make the shift to FedRAMP Rev. 5 a streamlined, efficient, and effective process with minimum costs and business disruptions.

This post originally appeared on Regscale.com and is re-published with permission.

View our webinar to learn more about the low-cost approaches for handling the transition to Rev 5.

Ransomware Protection for Kubernetes Data in the Public Sector

Posted on by
Reply

Kubernetes is a powerful platform for deploying and managing containerized applications in the cloud. It offers many benefits such as scalability, portability, resilience and automation. However, Kubernetes also poses some challenges when it comes to data protection and security, especially in the public sector where sensitive data and compliance regulations are involved. That’s why we are excited to continue our strategic partnership with Carahsoft Technology Corp., the leading government IT solutions provider, to deliver Kasten K10 by Veeam, the market-leading Kubernetes data protection solution, to public sector customers across the U.S.

In this blog post, we will explore some of the common issues that public sector organizations face when using Kubernetes, and how Kasten K10 by Veeam can help them overcome these challenges with a simple, secure and scalable solution for Kubernetes data protection.

The challenges of Kubernetes Data Protection in the Public Sector

One of the main challenges of Kubernetes data protection in the public sector is the complexity and diversity of the Kubernetes environment. Kubernetes clusters can span multiple clouds, regions and zones, and contain hundreds or thousands of applications and microservices. Each application may have its own data sources, dependencies and configurations, which need to be backed up and restored consistently and reliably.

Veeam Ransomware Protection Blog Embedded Image 2023

Another challenge is the security and compliance of the Kubernetes data. Public sector organizations often deal with sensitive data such as personal information, health records, financial transactions or national security secrets. These data need to be protected from unauthorized access, modification or deletion, as well as from external threats such as ransomware attacks. Moreover, public sector organizations need to comply with various regulations and operate in secure environments, which requires cluster deployments in compliant hybrid environments spanning examples like AWS GovCloud and Red Hat OpenShift.

A third challenge is the scalability and performance of the Kubernetes data protection solution. As Kubernetes clusters grow in size and complexity, so does the amount of data that needs to be backed up and restored. Public sector organizations need a solution that can handle large volumes of data without compromising the availability or performance of the Kubernetes applications. They also need a solution that can scale up or down as needed, without requiring manual intervention or complex configuration changes.

The Solution: Kasten K10 by Veeam

Kasten K10 by Veeam is a purpose-built solution for Kubernetes data protection that addresses all these challenges and more. Kasten K10 is designed to simplify and automate the backup and recovery of Kubernetes applications and their data across any environment. It offers the following features and benefits for public sector organizations:

  • Application-centric approach: Kasten K10 treats each Kubernetes application as a unit of backup and recovery, rather than individual containers or volumes. This ensures that the application state and dependencies are preserved across backups and restores, regardless of where they are running or how they are configured.
  • Policy-driven automation: Kasten K10 allows public sector organizations to define backup policies based on application metadata such as labels, annotations, namespaces or clusters. These policies can specify the frequency, retention, location, encryption and compression of the backups, as well as any custom actions or hooks that need to be executed before or after the backup. Kasten K10 then automatically applies these policies to the matching applications, eliminating the need for manual backups or scripts.
  • Secure and compliant data protection: Kasten K10 encrypts all backup data at rest and in transit using AES-256 encryption keys that are stored in a secure key management system. Kasten K10 also supports role-based access control (RBAC) and audit logging to ensure that only authorized users can access or modify the backup data. Additionally, Kasten K10 provides ransomware protection by creating immutable backups that cannot be overwritten or deleted by malicious actors.
  • Scalable and performant architecture: Kasten K10 leverages a distributed architecture that scales with the Kubernetes cluster. It uses parallelism and deduplication to optimize the backup, restore performance and reduce the storage footprint. It also supports incremental backups and restores to minimize the network bandwidth and application downtime.
  • Application portability: Kasten K10 enables public sector organizations to ensure application portability across diverse Kubernetes environments by using Transform Sets. Transform Sets are a set of rules that can modify the application configuration during backup or restore, such as changing namespaces, labels, annotations, storage classes, or secrets. This allows public sector organizations to migrate their applications from one cluster to another, or from one cloud to another, without breaking their functionality or security.

Next Steps

We hope this blog post provided valuable insights into how Kasten K10 by Veeam can help you protect your Kubernetes data in the public sector. If you want to learn more, here are some next steps you can take:

Watch this video to see Kasten K10 in action and learn how it can simplify and automate your Kubernetes data protection workflows: https://youtu.be/gu3J6ZeWwK8

Try the full-featured and FREE edition of Kasten K10 today with this super-quick installation in less than 10 minutes: https://www.kasten.io/free-kubernetes

Don’t miss this opportunity to take your Kubernetes data protection to the next level with Kasten K10 by Veeam and Carahsoft. We look forward to hearing from you soon! Download our full Gorilla Guide to Securing Cloud Native Applications on Kubernetes.

IRS Uses Digital Signatures for Improved Public Experiences

Posted on by
Reply

At the start of March 2022, the IRS launched the Taxpayer Experience Office (TEO) to improve taxpayers’ experience with digital tools, such as fully transparent accounts, expanded e-File and payment options, digital signatures, and secure two-way messaging. TEO is working with their IT, digitalization, and policy shops to identify projects that will produce the most modernization, according to agency officials. The four offices are meant to coordinate the expedition of either internal or external processes, depending on the ROI, with TEO handling the former and the Enterprise Digitalization and Case Management Office (EDCMO) the latter. “For its part, EDCMO focuses on taking paper processes digital where the cost savings are highest and the processing hours and employees in seats lowest”.[1] The main goal is to optimize business processes and technology, which normally begins with small digital transformations, but EDCMO already achieved a 178% ROI in its first year, which indicates a promising future for their endeavors.[1]

Opportunities in the Field of Digital Modernization

The IRS issued the first wave of job postings for more than 200 technologists back in March of 2022, as it plans to hire to continue modernizing IT. Positions range from entry-level to supervisory across system development, architecture, engineering, cybersecurity, IT operations, network services and customer support.

Desired skillsets are cloud, zero-trust security, low- and no-code enterprise platforms, machine learning and artificial intelligence, and NoSQL databases. The IRS faces a daunting, largely paper-based backlog of tax returns every year, so shifting to digital will help streamline to make these yearly processes run smoother and faster. As was the case with COVID-19 recovery, the IRS is also called upon to administer relief, like Economic Impact Payments and advance payments of the Child Tax Credit. They are also instances of processes that could be made more efficient by implementing digital solutions because of the quicker turnaround that those platforms provide in comparison to manual, paper-based ones.[1]

Digital Signature Service Authorization and Adoption within Government Agencies

The IRS is a notable example, but agencies within the Department of Defense are leaning into the trend of digital signature use as well. This initiative requires an effort in tandem from the industry side and the government side to achieve the necessary compliances for ensuring proper security across platforms. One of the main authorizations that these government entities and digital services must adhere to is the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to security authorizations for Cloud Service Offerings. According to the FedRAMP Program Management Office, there are two ways to authorize a Cloud Service Offering (CSO) through FedRAMP—via an individual agency or the Joint Authorization Board (JAB). The authorization process involves selecting an authorization process, preparation, authorization, and then continuous monitoring as part of the main steps. There are currently 20 Cloud Service Providers (CSPs) under the status of “ready,” 96 “in process,” and 309 classified as “authorized” through the program. Digital signature solutions, being cloud-based services, must adhere to this type of authorization to be considered for use within many government agencies. As more agencies vouch for these services and work together with CSPs to secure certifications, more agencies, in turn, are also able to adopt them to achieve maximum efficiency.[2]

What Can Digital Signatures Help Accomplish?

Digital signatures greatly reduce the time spent during transactions. As noted across articles and input from the most successful signature providers featured on LinkedIn, they can greatly improve the day-to-day for businesses operating in a post-pandemic hybrid world, and the same benefits apply to government agencies.

Most notably, trusted digital signatures can help in the following:

Security: A digital signature confirms that all signers are who they claim to be, and it prevents retroactive alterations to the signed document or tampering in general.

Time: Signing a document with ink does not take any longer than signing with a digital signature, but the time it takes to move a wet signature document along to each recipient can take days or even weeks. In comparison, a digitally signed document can be delivered in minutes via email.

Collaboration: Working remote or employing physical distancing interfere with the ability to come together for document transactions. Even with the re-appearance of in-person operations, digital signatures allow quicker turnaround and provide the additional convenience of eliminating the need to convene in person.

The Environment: From the number of trees that go into printed sheets of paper to the amount of carbon emissions that can be saved, digital signatures are the green alternative to paper-based wet signatures.

Legality: Digital signatures uphold in legality across the US and globally, specifically by adhering to the E-Sign Act of 2000 and the Uniform Electronic Transactions Act (UETA).

 

Check out this on-demand webinar for more information on this series and how Adobe can support your organization’s digital transformation initiatives.

 

Resources:

[1] Nyczepir, Dave. “IRS Teams Old and New Working in Tandem on IT Modernization.” FedScoop, March 21, 2022. https://fedscoop.com/irs-teams-it-modernization-2022/.

[2] How to Become FedRAMP Authorized. Accessed July 5, 2023. https://www.fedramp.gov/.

Accelerating Mission Success with Technology

Posted on by
Reply

The pandemic triggered disruptions to supply chains, workforce management and other daily government operations. Rather than abating, those challenges have continued to evolve. The war in Ukraine has brought new security concerns, and financial uncertainties have made it even more imperative for government agencies to be able to pivot quickly. Digital transformation is essential to meet such ever-changing, unpredictable demands. Flexible, cost-effective technology solutions enable government agencies to analyze data for better decision-making in areas as diverse as cybersecurity, public health and military operations. Investments in modern technologies have the added benefit of making government work more attractive to talented professionals with innovative ideas and a willingness to try new approaches. Such people are a crucial element of any digital transformation. Learn how you can rethink every aspect of operations in ways that spur innovation and advance the ability to respond to new challenges and opportunities as quickly as they arise in Carahsoft’s Innovation in Government® report.

 

How Connected Data Heals the Post-COVID Supply Chain

“Public-sector leaders need to think big, start small and scale fast. The best approach is to pick a chunk of the business that is consequential and show everyone incremental results. Executive buy-in is also important but sometimes comes later, after several bottom-up iterations that are so successful they are impossible to overlook. The National Telecommunications and Information Administration’s new grants portal is an excellent example. The end-to- end, FedRAMP-authorized system gives NTIA and its customers the digital tools they need to apply for broadband grant programs and support the government’s management of the projects funded with the grants.”

Read more insights from Maj. Gen. (Ret.) Allan Day, Ph.D., Vice President of Logistics/Sustainment of Global Public Sector at Salesforce.

 

Technology Expands Access and Reduces Public Health Service Challenges

FCW May Mission Success Technology Blog Embedded Image 2023“Digitization helps health workforce challenges as well as addressing the service backlog and supporting expanded access. Digital service delivery is far more efficient, freeing up clinician time to deliver health care in-person for patients who are unable or unwilling to access services digitally or when virtual encounters are not the most appropriate channel. And digitization done well provides rich, real-time data to better understand gaps and inequities and thus improve digital services and inform timely program and policy development.”

Read more insights from Karen Hay, Digital Transformation Leader of Global Public Health at Salesforce.

 

What the Talent Shortage in Aerospace and Defense Companies is Really Telling Us

“Quick wins are essential. Quick wins are the battles in the bigger war of transforming your organization. These are the smaller localized wins within business units outside of large enterprise changes. They become easy-to-understand success stories that give teams a taste of how a transformed organization can thrive. They are powerful social proof that leaders can use to educate and inspire.”

Read more insights from Mike Mulcahy, Digital Transformation and Strategy Development Leader for Global Public-Sector Aerospace and Government System Integrators at Salesforce.

 

How Digitizing Infrastructure Protects Against a New Generation of Cyberattacks

“Chicago’s 311 call center is an excellent example of transformation in action. It is the point of entry for residents, business owners and visitors to access information about city programs, services and events. Chicago 311 allows citizens to access that information without long hold times and with minimal impact on staff. Since its launch, Chicago 311 has become an essential resource for activities as varied as simple informational inquiries and requests for tree trimming and pothole repairs. More broadly, the service has shown how the right cloud platform can transform the traditional call center into a modern contact center that unlocks everything from back-office information to self-service capabilities across a single, secure and connected experience.”

Read more insights from Paul Baltzell , Vice President of Strategy and Business Development for State and Local at Salesforce.

 

Empowering Citizens Through Platform Investments

“CIOs are facing the challenge of how to modernize by using platform technology. Most have moved into the cloud, but modernizing with a platform is a new way of thinking. It means deciding which platforms to adopt and which use cases to build onto these platforms. Modernization means reducing the technology stack. When agencies choose the right platform, they benefit from the use cases that are already on it so they don’t have to start from scratch.”

Read more insights from Scott Brock, Vice President of Strategy and Business Development for State and Local at Salesforce.

 

How Technology Investments Can Help Close the Talent Gap

“A November 2022 memo from the Office of the Secretary of Defense confirmed the seriousness of the situation with respect to retention after return-to-work policies went into effect. Focusing on our nation’s cybersecurity priorities, the statement called for expanding the workforce through apprenticeship programs and other nontraditional means of closing the talent gap. There is a solution: with the right investment in technology and talent, leaders can manage through the current challenges and achieve a posture where positive change is a constant, iterative and accepted part of the landscape.”

Read more insights from Dr. Michael Parker, Vice President of Business Development at Salesforce.

 

Download the full Innovation in Government® report for more insights from IT modernization thought leaders and additional industry research from FCW.

Palantir Announces Availability of Foundry on Microsoft Azure

Posted on by
Reply

Amid global economic uncertainty, access to integrated, protected, and trusted data and analytics is more vital than ever when it comes to creating business value. To further enable transformative outcomes, Palantir is pleased to partner with Microsoft in making Palantir Foundry available on Microsoft Azure, empowering existing and new customers to more effectively apply data and analytics in their operational decision-making.

Through this new collaboration, organizations will be able to quickly deploy Palantir Foundry — our ontology-powered operating system for the modern enterprise — as well as being able to unlock further value in Azure Data Services with Microsoft’s cloud-scale analytics and AI solutions.

As part of this relationship, our Foundry platform is available on Azure, enabling customers to deploy our software at speed, while benefiting from Azure’s trusted and secure infrastructure, as well as its global commercial footprint.

Availability on the Azure Marketplace will enable seamless purchasing and invoicing, with customers able to use their existing Microsoft Azure Consumption Commitment (MACC) to purchase a Foundry license and infrastructure costs.

Foundry’s single view ontology can layer on top of Azure Data Services, where they can then use investments for faster time to value, by better unlocking insights, and predicting and simulating outcomes for more data-driven decision making.

Palantir Foundry on Microsoft Azure Blog Embedded Image 2023

The platform will also integrate with native Azure Data Services for enterprise data management on Microsoft Azure, such as Azure Data Lake, Azure Synapse Analytics, Microsoft Power BI, Microsoft Dynamics 365, Microsoft Teams, and Microsoft Industry Clouds. This means customers will be able to further build on their existing IT investments in Azure Data Services through Palantir’s software-defined data integration (SDDI) to products like Azure Synapse Analytics, Azure Data Lake Storage, Azure AI and Azure Machine Learning, alongside others.

“We’re pleased to partner with Palantir to bring Foundry to Microsoft Azure. Organizations around the world will be able to make their data more actionable by using Palantir’s platform for data-driven operations and decision making, powered by Azure’s cloud-scale analytics and comprehensive AI services.” — Deb Cupp, President, Microsoft North America

Better Together with Palantir Foundry and Azure Data Services

Our new relationship with Microsoft will also see us go to market together in joint opportunities across industries like energy and renewables, retail and CPG, as well as other cross-industry sustainability and ESG efforts, where Microsoft customers can enhance their existing digital transformation efforts in Azure Data Services:

  • Energy and Renewables: Foundry enables customers to integrate data at speed and scale from remote sensors and Azure IoT Hub, apply this data to drive up the efficiency of assets, from offshore oil to onshore wind.
  • Retail and CPG: The platform enables organizations to bring near-instant visibility into demand and the ability to adapt their promotions, inventory, and operations in real time.
  • Sustainability and ESG: We’re helping organizations in their net zero transition by creating a common carbon ontology to empower front line decision makers to adjust their work to meet emissions targets.
  • Healthcare and Life Sciences: Foundry is used across the healthcare and life sciences value chain, from drug discovery and development, through to manufacturing, marketing, and sales. Integrate with Azure Health Data Services to manage protected health information.

We are also working together to accelerate time to value for customers in these industries any many more, by consolidating SAP and other ERPs using Palantir HyperAuto, helping them to create a more integrated data landscape. Palantir HyperAuto can help customers accelerate their journey to SAP on Azure and quickly surface insights in just hours.

Partnership in Action

Additional Palantir Foundry capabilities that can be deployed at speed via Azure include those from customers like the connected vehicle company Wejo. Wejo is a proud Palantir partner, optimizing Foundry’s capabilities, and a global leader in Smart Mobility for Good™ cloud and software solutions for connected, electric, and autonomous vehicle data.

Their data comes from over 92 billion vehicle journeys and consist of more than 19.5 trillion data points to data that provide businesses and organizations across a variety of industries the power to innovate, drive growth, transform communities, and save lives.

“We want to help reduce the 1.3 million deaths that happen each year on the road and the additional 8 million due to emissions with smart mobility for good products and services. As part of the Foundry platform, we are excited that Palantir customers with Azure will be able to more rapidly drive integrated, protected, and trusted data and analytics from Wejo for smart mobility initiatives and business value.” — Sarah Larner, Executive Vice President of Strategy and Innovation at Wejo

We look forward to working with Microsoft to broaden Foundry’s availability, enabling clients across industries to better leverage their existing investments for improved operational outcomes.

Those interested in learning more about Palantir and Microsoft’s relationship can visit the Palantir website or get started today via the Azure Marketplace.

This post contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These statements may relate to, but are not limited to, expectations regarding the terms of the partnership and the expected benefits of the software platform and solutions. Forward-looking statements are inherently subject to risks and uncertainties, some of which cannot be predicted or quantified. Forward-looking statements are based on information available at the time those statements are made and were based on current expectations as well as the beliefs and assumptions of management as of that time with respect to future events. These statements are subject to risks and uncertainties, many of which involve factors or circumstances that are beyond Palantir’s control. These risks and uncertainties include Palantir’s ability to meet the unique needs of its customers; the failure of its platforms and solutions to satisfy its customers or perform as desired; the frequency or severity of any software and implementation errors; its platforms’ reliability; and the ability to modify or terminate the partnership. Additional information regarding these and other risks and uncertainties is included in the filings Palantir makes with the Securities and Exchange Commission from time to time. Except as required by law, Palantir does not undertake any obligation to publicly update or revise any forward-looking statement, whether as a result of new information, future developments, or otherwise.

This post originally appeared on Palantir.com and is re-published with permission.

Download our Resource, “Impact Study: Accelerating Interoperability with Palantir Foundry” to learn more about how Palantir Technologies can support your organization.

Cybersecurity Initiatives from TechNet Cyber 2023

Posted on by
Reply

The global prominence of technology, cyber power and cybersecurity is vital to U.S. political and economic success. At TechNet Cyber 2023, a conference held in Baltimore, Maryland, Government, industry and academic partners discussed solving global security needs. This year’s conference, which took place May 2-4, focused on numerous topics including Zero Trust, multicloud and defense strategies against bad actors.

Thunderdome: The New Zero Trust Framework

Thunderdome is the new Zero Trust framework to improve cyber security and posture, created by the Defense Information Systems Agency (DISA), a combat support agency that provides information technology and communications support. Lieutenant General Robert Skinner, the director of DISA, attests that Thunderdome meets 131 of 153 key standards that were laid out by the Department of Defense (DoD) as a part of its strategy for Zero Trust. With that and further growth, Thunderdome is well on its way to being a vital part of Zero Trust cybersecurity.

Carahsoft TechNet Tradeshow Blog Embedded Image 2023However, Thunderdome is not a one size fits all solution, as its scalability and modularity will require ongoing assessment. At the event, Lieutenant General Skinner highlighted three key components to understanding where Thunderdome fits into agencies. They are known as the “three Ps:” posture, position and partnerships. The first part, posture, evaluates where an agency stands with its technology and processes in relation to its cyber posture. The second element, position, is the utilization of these resources to achieve the best results. And lastly, partnerships form the cornerstone of maximizing business capabilities. In relationships with allies and partners, all participants can help each other and ensure that they are all on the same page.

Much of this manifests in Thunderdome’s process of improving agency posture with regards to the workforce. Through education, the right training, retention and hiring those with the right skillsets, agencies can improve their industry posture. Lieutenant General Skinner stressed that to support the current workforce, it is vital for agency leaders to “know and understand what their capabilities are to move them in the right place.”

The Pentagon’s MultiCloud Environment

The Pentagon’s multicloud environment is designed to give practitioners access to the best of technology. However, the complexity of the multicloud environment can lead to issues if not managed correctly. To combat this, Armon Dadgar, HashiCorp’s CTO and Co-founder, recommends forming a consistent way for practitioners to set up cybersecurity infrastructure on other platforms. As agencies seek to decomplexify systems, one way to achieve this in both the public and commercial sector is by establishing a consistent approach to the multicloud. Agencies should be intentional about instituting abstraction layers and begin by defining a central platform team to create a common blueprint across environments. This way, there is an organized standard for future processes.

Threats to Cybersecurity

Wanda Jones, a principal cyber advisor of the U.S. Air Force, discussed how to protect against hackers with evolving threats. Bad actors are aggressive, always moving and attacking industry’s weak spots. The best way to defend capabilities is to detect threats early on and respond in a timely manner. Agencies must always be monitoring and improving to stay on the offensive. A solid start to improving the Zero Trust is improving security architecture and providing access to those with known identities within the agency.

With the continued focus on cybersecurity, the Federal Government maintains the public’s safety and security.

 

To learn more about the topics discussed at TechNet Cyber, View the full Fed Gov Today episode co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at TechNet Cyber 2023.*

Why AppExchange Use Offers Agencies Untapped Opportunity

Posted on by
Reply

In our first Insider’s Guide, we’re pulling back the curtain on the world’s largest cloud app marketplace, the Salesforce AppExchange, to offer a look at what it is, how it works and how it can provide value to agencies in extending their investment in the Salesforce platform. With the government’s increased focus on improving service delivery — particularly public-facing services per the presidential administration executive order on customer service — taking advantage of possible software-as-a-service integrations with the Salesforce customer relationship management platform makes logical sense. Download the guide to learn how AppExchange helps organizations increase productivity, eliminate risk and save time.

 

Nintex DocGen for Document Creation, Automation and Management

“A great example would be voter registration cards. Every year, you need to update it. We make it really easy to go out and maintain it with our solution and not have to go into code to make updates. It becomes easy to create, easy to maintain going forward and not having to spend budget on development cycles or development resources to build these solutions. The alternative is to write and maintain custom Apex code, which requires an advanced skill set and takes more time. This is a faster way to develop it and an easier way to maintain it.”

Read more insights from Steve Witt, Director of Public Sector at Nintex.

 

IIG FNN AppExchange Blog Embedded Image 2023FormAssembly for Secure Online Forms

“Specifically, we’re the most secure and compliant platform in the entire marketplace. That is how we go to market, that’s what we pride ourselves on: being good stewards of our data, being thought leaders in that space. Government organizations should use us because, doubling down on the security and compliancy, we’re tailored for highly sensitive data. We’re built for that. We hold the distinction of being the only FedRAMP-ready platform on the marketplace in this category. We also hold SOC 2, ISO 27001, PCI DSS and GDPR compliance. And really, what that means for our customers and partners is that we’re experts in this space, and that will mitigate any risk and collecting data for your organization, whether it’s here in the United States or abroad.”

Read more insights from Paul Lazatin, Director of Partnerships at FormAssembly.

 

WalkMe for No-Code Digital Adoption

“What makes us unique is that we have the ability to overlay on any enterprise application in the tech stack, commercial off-the-shelf (COTS), government off-the-shelf (GOTS) or custom-built. By doing so, we’re able to create better user experiences, drive employee productivity and monitor digital adoption on any enterprise application that’s being deployed out to the federal government, whether those applications are internal to employees or externally facing for taxpayers and constituents.”

Read more insights from Carl Wright, Director of Public Sector of Federal Sales at WalkMe.

 

Odaseva for Enterprise Data Protection

“Many federal and state organizations have questions that need answers when it comes to managing their Salesforce data. How do Salesforce users archive data that is no longer needed? How do they comply with regulations such as those from the National Institute of Standards and Technology or in the California Consumer Privacy Act? That’s why we at Odaseva consider the data management lifecycle. Odaseva helps organizations comply with the strictest data regulations and guard against data failure — all with precise control on a field-tested platform to scale with ease. And we deliver this with the strongest data security features that exceed the requirements of even the most complex, highly regulated businesses in the world.”

Read more insights from Matt Carstensen, Senior Solutions Engineer at Odaseva.

 

Conga Apps for Contract and Workflow Management

“Conga offers a flexible platform and set of solutions built natively on top of Salesforce that address a broad set of needs for federal, state and local government entities. Our products include Composer, the number one downloaded application on Salesforce’s AppExchange. Conga Composer allows public sector customers to automate document generation to get work done faster and easier in Salesforce. Users can create documents with dynamic data from Salesforce in the correct template, then send it, store it and trigger the next business process. Conga Sign is a modern and highly secure e-signature solution. We now offer a FedRAMP-certified version of our e-signature solution, which is getting quite a bit of attention.”

Read more insights from Eric Daggett, Vice President of Sales for Public Sector at Conga.

 

Download the full Insider’s Guide for more insights from these AppExchange leaders and additional interviews, research and infographics.