Category Archives: Partners

Better Together: How Nutanix and Omnissa Are Building the Modern Government Workspace

Posted on by
Reply

Public Sector IT leaders navigate rapid change including geopolitical shifts, evolving cyber threats, vendor consolidation and pressure to do more with constrained budgets. For agencies modernizing end-user computing (EUC) and digital workspace environments, progress increasingly depends on integrated infrastructure, flexible architecture and trusted partnerships. Nutanix and Omnissa, distributed by Carahsoft, The Trusted It Solutions Provider™, deliver a combined platform that reduces complexity, accelerates deployment and keeps agency employees productive and secure.

A Partnership Built for the Public Sector

Carahsoft is the bridge between technology innovators and Government agencies, providing procurement vehicles, technical resources and partner support that simplify adoption. That relationship extends to Nutanix and Omnissa, with Carahsoft serving as a distribution partner that helps Federal, State, Local and Education agencies access both platforms through streamlined procurement. The partnership spans years of General Services Administration (GSA) Schedule contracting support, proof-of-concept assistance and technical resources that help agencies evaluate, deploy and scale their environments with confidence.

Nutanix brings a unified, software-defined infrastructure platform that combines compute, storage and virtualization into one hyper-converged stack. Rather than managing firmware updates across siloed server, storage and networking components, agencies can use Nutanix Prism Central and its Lifecycle Manager (LCM) to manage lifecycles holistically, reducing administrative overhead and compatibility risks. Nutanix’s cloud platform, NC2, also enables consistent operations across on-premises environments, AWS, Azure and Google Clouds without requiring agencies to re-architect their applications.

Omnissa is fully focused on the modern digital workspace. Through Workspace ONE, Omnissa unifies management of virtual desktops (VDI), mobile devices and Software-as-a-Service (SaaS) applications while providing enterprise-grade security, conditional access and unified endpoint management (UEM). Omnissa also uses AI to proactively monitor and improve the digital employee experience, identifying performance issues before they affect end users.

A Stronger Solution Together

The integration between Nutanix and Omnissa Horizon on AHV, Nutanix’s native hypervisor, reached general availability at the end of December 2025 and has seen significant market response. Its beta program was the largest and most successful in Horizon’s history, and within weeks of general availability, the combined solution had already scaled to over 70,000 users. That momentum reflects real demand from agencies seeking a high-performance, fully supported alternative that avoids the constraints of legacy vendor agreements.

The technical case for combining the platforms centers on optimization. Running Horizon on Nutanix’s hyper-converged infrastructure positions compute and storage in the same stack, delivering measurably stronger VDI performance than traditional three-tier architectures. The operational experience combines Nutanix’s infrastructure management through Prism with Horizon’s app delivery and provisioning capabilities, including App Volumes, giving IT teams a more unified view across their virtual desktop environment. The outcome is faster deployment, lower total cost of ownership and reduced complexity.

Nutanix and Omnissa Better Together Blog, embedded image, 2026

Rethinking How Apps Are Delivered

One meaningful Omnissa capability is its apps-on-demand delivery model through App Volumes. Many agencies still use persistent desktop environments, pre-loading large application libraries onto each VDI instance whether or not they are needed. For engineering teams managing hundreds of applications, this creates unnecessary bloat, complicates patching and introduces avoidable performance overhead.

Omnissa shifts that model by delivering applications on demand, so they are available when needed without the administrative burden of persistent installation. This speeds patching, reduces the management footprint and gives IT teams tighter control over the application environment.

Addressing the Evolving Demands of Government IT

The Nutanix and Omnissa partnership is designed to grow with agency requirements. Hybrid deployments spanning on-premises data centers and cloud environments are now the norm, and both platforms support that reality. Nutanix Cloud Cluster (NC2) enables Nutanix workloads to run natively on AWS and Azure while maintaining consistent management while Omnissa Horizon extends seamlessly across those environments so agencies can place workloads based on performance, compliance and cost requirements.

Licensing flexibility reinforces that adaptability. Nutanix offers End-User Computing (EUC) licensing on a per-user basis so agencies can license per user or by core count. For organizations with power users who need high-performance environments, this model delivers direct cost savings, a meaningful consideration for Public Sector agencies that must justify every technology investment.

Security is embedded, not added on. Nutanix incorporates Nutanix Flow Network Security micro-segmentation and Zero Trust networking capabilities at the infrastructure layer while Omnissa brings conditional access policies, endpoint compliance enforcement and AI-driven threat monitoring at the workspace layer. Together, they create a layered security posture that supports the rigorous Government compliance demands.

Simplifying the Path to Modernization

For agencies running VMware or Citrix environments and navigating the complexity of transition costs, structured migration support removes a common barrier to change. Nutanix and Omnissa both offer migration tools, validated reference designs, pre-sales architects and post-sales services teams designed to move agencies from existing platforms to the integrated stack. Environment sizing tools help partners and agencies right-size deployments before committing resources, reducing the risk of over- or under-provisioning.

Preparing for an AI-Driven Future

Looking ahead, both organizations are investing in AI integration as a core platform capability, an approach particularly relevant for Public Sector agencies working to adopt AI responsibly. Nutanix supports AI and containerized workloads on the same infrastructure used for VDI, using Nutanix GPT-in-a-Box and reducing the need for separate AI infrastructure. Running AI workloads in a virtualized environment has also shown total cost of ownership (TCO) advantages over bare-metal deployments.

Omnissa is building AI into autonomous digital workspace management, enabling more self-healing, self-optimizing environments that detect and resolve performance issues before they impact productivity. For agencies exploring AI use cases, VDI environments offer a controlled deployment path that routes sensitive data within agency boundaries rather than public cloud AI services.

For Public Sector agencies evaluating their next phase of IT modernization, the combination of Nutanix’s infrastructure simplicity, Omnissa’s workspace management depth and Carahsoft’s procurement and support ecosystem represents a practical, proven path forward.

To learn more about the Nutanix and Omnissa integrated solution, including the general availability of Omnissa Horizon 8 support for Nutanix AHV, visit the Omnissa blog.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Nutanix and Omnissa, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Making Existing Government Intelligence Systems Agentic Without Losing Control

Posted on by
Reply

How an Agentic Intelligence Fabric connects the tools agencies already use.

Government and enterprise intelligence teams do not usually suffer from having too few tools.

They suffer from having too many tools that do not work together.

An analyst may work across OSINT platforms, risk intelligence feeds, investigative databases, geospatial tools, link analysis software, internal knowledge bases, case management systems, spreadsheets, ticketing workflows, chat channels and reporting templates.

Each system may be valuable. Each may be approved, procured, trained and trusted for a specific part of the mission.

But the work between them is often manual.

Analysts copy data from one tool into another. They reconcile entity names by hand. They compare screenshots, exports, notes, alerts, maps and source references across disconnected environments. They merge findings into a case narrative after the fact. They preserve evidence in one place, make judgments in another and produce reports in a third.

This is where intelligence work slows down.

It is also where risk enters.

The next step for Government AI is not to replace trusted platforms with a standalone AI application.

The next step is to connect existing systems into governed agentic workflows that can retrieve context, compare signals, merge findings, preserve evidence and support human judgment without losing auditability or control.

That is the role of an Agentic Intelligence Fabric.

The Real Problem Is Tool Fragmentation

OSINT is essential to modern intelligence and risk work. Publicly available information, media, infrastructure data, corporate records, social platforms, geospatial signals, breach data and live event streams can all help analysts understand what is changing in the world.

But most organizations do not consume OSINT through one clean workflow.

They consume it through many tools.

One tool may surface an entity. Another may provide enrichment. Another may hold geospatial context. Another may contain internal history. Another may hold the case file. Another may be used for reporting. Another may be where the final decision is documented.

The problem is not that these tools are useless. The problem is that they rarely share operational context.

They do not automatically know that two slightly different names refer to the same organization. They do not preserve the analyst’s reasoning across systems. They do not carry uncertainty from discovery into reporting. They do not maintain one accountable path from source to case to decision.

When tools are disconnected, analysts become the integration layer.

That is expensive, slow and fragile.

It creates practical questions that matter under pressure:

  • Where did this claim come from?
  • What evidence supports it?
  • What weakens it?
  • Which tool produced this signal?
  • Which system has the most recent context?
  • Which duplicate entity should be merged?
  • What assumptions are being made?
  • What was copied manually?
  • Who accepted those assumptions?
  • What decision is this work meant to support?

These are not cosmetic workflow issues. They are intelligence quality issues.

Merging data is not clerical work when the decision depends on whether the merge is correct.

If the wrong records are joined, a weak correlation can become an assessment. If source context is lost, a claim can become harder to challenge. If evidence is copied without provenance, the output may look clean while becoming less defensible.

The real problem is not OSINT alone.

The real problem is disconnected intelligence operations.

Agentic AI Changes the Workflow

AI agents create a practical way to address this problem.

Instead of using AI only to summarize a document or answer a question, agentic systems can perform sequences of work across approved tools: retrieving context, calling APIs, comparing entities, checking case history, preserving source references, preparing analyst-ready outputs, flagging uncertainty and routing tasks to the right human decision point.

That matters because the analyst’s real burden is often not one difficult query.

It is the repeated movement across systems.

An agent can help search an approved OSINT platform, compare the finding with internal case context, check whether an entity already exists in another system, retrieve relevant prior reporting, preserve source references, identify contradictions and prepare a structured draft for analyst review.

The agent is not replacing the underlying tools.

It is operating across them.

But agentic AI also introduces a control problem.

The more an agent can do, the more important it becomes to define what it is allowed to do, when, why and under whose authority.

An agent with broad tool access and weak governance is not operational maturity. It is risk. It can use the wrong tool, trust the wrong source, merge the wrong entities, lose the evidence chain, summarize uncertainty away or create outputs that are difficult to defend after the fact.

In serious environments, agentic AI needs more than model capability.

It needs a fabric that connects tools while enforcing boundaries.

The Missing Layer Between Tools and Decisions

Most organizations do not have a single intelligence system. They have a landscape of systems.

Some are specialized OSINT platforms. Some are investigative tools. Some are internal data repositories. Some are knowledge bases, ticketing systems, reporting workflows, watch floors or classified and controlled environments. Many are already embedded in procurement, security, training and operational practice.

Replacing all of that is rarely realistic and often undesirable.

The more practical path is to add an operating layer that can connect existing platforms, tools, data sources, agents, evidence, cases and human approvals into one governed workflow.

That is what an Agentic Intelligence Fabric is designed to do.

An AIF is not just another AI application sitting beside existing systems. It is the connective layer that lets approved agents work across existing systems without surrendering control.

At minimum, the layer must do three things. It must connect approved external and internal systems so that governed agents can work across them—preserving case context, source references and entity resolution across tool boundaries. It must govern access through role-based controls, audit trails for both agent and human actions and intervention points tied to real operational risk. And it must deploy in the environments where the mission actually runs—cloud, sovereign cloud, on-premises, air-gapped or edge—without forcing the buyer to compromise on security posture or sovereignty.

The point is not to automate intelligence away from analysts.

The point is to let analysts operate faster while keeping judgment, accountability and mission authority where they belong.

Where the Work Runs Matters as Much as What Runs

Federal missions do not run in one environment.

The same workflow may need to operate in cloud today, in a sovereign or Government cloud tomorrow, in an on-premises environment for sensitive cases and air-gapped or at the edge for classified or forward-deployed work.

A fabric layer earns its name only if the operating model—cases, evidence, controls, agents—is preserved across all of them. Anything less forces the agency to maintain different intelligence operations in different boundaries, with different audit posture and different governance gaps.

Deployment is not an afterthought to the workflow. It is part of the workflow.

A Practical Example

Consider an analyst preparing a targeting assessment ahead of an inbound shipment. The case begins with one question: does this consignment, this consignor or this route warrant a closer look?

Answering that question pulls the analyst across five systems—an OSINT platform for entity discovery, an internal targeting database, a sanctions screening tool, a trade-data source and a case management application. The work gets done. But the evidence trail lives across five exports, the entity matches are made by hand and the assumptions behind each step are remembered, not recorded.

The goal should not be to replace any of those systems with a separate AI interface.

The better model is to let governed agents work across them.

A governed agent can retrieve the entity context, surface candidate matches across systems, preserve source references, highlight the sanctions hits that need escalation, identify contradictions and prepare a structured draft for the analyst’s review.

The analyst remains responsible for the assessment.

The system preserves what the agent did, which tool it used, which records it merged, what it ignored, what assumptions it made and where the human accepted, changed or rejected the output.

In this model, agentic AI does not become an uncontrolled layer of automation. It becomes a governed extension of the operational workflow.

That is the difference between using AI as a sidecar and operating AI as the connective tissue between intelligence tools.

Why This Matters for Government Adoption

Government AI adoption will not be decided only by model quality.

It will be decided by whether AI can work inside real operational constraints: existing systems, procurement realities, security controls, audit requirements, human review, deployment restrictions and the need to defend decisions under scrutiny.

Standalone AI tools can demonstrate impressive capability in isolation. But Government work rarely happens in isolation.

The work happens across systems, authorities, policies, teams and environments. The AI architecture has to respect that reality.

This is why the next generation of intelligence systems needs to unify four layers:

  • OSINT as a source layer.
  • Agentic AI as the workflow capability that can operate across tools.
  • Intelligence as the governed production of judgment, evidence and action.
  • Agentic Intelligence Fabric as the operating layer that connects existing systems, data, agents, cases and decisions.

When those layers are separated, organizations get more tools, more interfaces and more risk. When they are connected properly, AI can help existing investments become more useful without weakening control.

From AI Tools to Agentic Operations

The Government and enterprise market does not need AI for its own sake.

It needs AI that can operate responsibly inside mission workflows.

That means agents must be able to use approved tools, but not exceed their authority. They must accelerate analysis, but not hide uncertainty. They must produce outputs, but keep those outputs attached to evidence. They must work across platforms, but leave a trail that can be audited, challenged and reviewed.

This is the category WhoMeta is building toward with Arqent: an Agentic Intelligence Fabric for evidence-native, human-governed, sovereign intelligence operations.

The future of intelligence will not be defined by the organization that collects the most data or deploys the most AI features.

It will be defined by the organization that can connect its existing systems into accountable agentic workflows and still prove what it knows.

Ready to connect your intelligence systems without losing control? Explore how WhoMeta’s Agentic Intelligence Fabric brings your existing tools into one governed, auditable workflow.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including WhoMeta, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Student Safety and Success: Secure Communications In Education

Posted on by
Reply

Teachers, administrators and other staff in education have many regulations to be aware of when communicating with and about students and parents. From the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) to a variety of regulations individual to each state, educators have both a legal and moral obligation to keep their communications transparent, auditable and policy compliant. MultiLine by Movius is a secure, cloud-based, cost-effective solution that provides a unique phone number for professional communications utilizing an educator’s personal device, all while establishing clear and strong boundaries between the two forms of communication.

Communication Channels: Not Just Between Teacher and Student

Communication is a vital part of an educator’s job. Being available for a student and for their parents or guardians to answer questions or address concerns strengthens that relationship and promotes a student’s growth and success. However, there are significant challenges that K-12 organizations face when utilizing unmonitored and unrecorded forms of communication. Without a way to monitor correspondence, organizations open themselves to liability risks with legal and compliance blind spots, especially with sensitive information.

In one case, a staff member inadvertently shared student updates with a non-custodial parent. When the issue came to light, it led to a FERPA review. Because the communication took place on a personal device, there was no accessible audit trail, making it difficult to fully document what occurred and increasing compliance risk for the district.

In another example, district leadership discussed an active investigation via personal text messages. When those messages were later requested, some were unavailable or incomplete, creating challenges with documentation and chain of custody. This situation introduced potential legal exposure, along with additional costs tied to e-discovery and review.

These incidents outline only a few ways K-12 institutions risk compliance violations when communication channels between education staff, students, parents and guardians go unmonitored.

The MultiLine Solution

Regarding mobile communications, there are two main modes that education staff utilize: personal devices or a district-issued devices. Each come with their own drawbacks.  Personal devices are convenient and cost-effective, but lack the ability to log, audit and monitor correspondence. On the other hand, district-issued devices have some stricter monitoring capabilities; however, they are expensive to maintain and carrying two mobile devices is inconvenient to staff. An ideal solution to the communication challenges facing K-12 organizations balances the convenience of a personal device and the security of a district-issued device.

MultiLine by Movius is an artificial intelligence (AI)-powered mobile-first experience for voice, Short Message Service (SMS), social messaging and Microsoft Teams. Education staff can download the Movius application on any smartphone, tablet or desktop computer, including any device privately owned by the staff member. Through the application, the user is assigned a secure, district-owned number to the device. This number does not operate under the personal phone’s carrier and does not touch any personal emails, text messages or searches, creating clear separation of personal and professional lines.

MultiLine logs and audits all texts and calls for transparency and accountability, ensuring FERPA, HIPAA and district policy compliance. Every message and call is automatically logged, encrypted with AES-256 and stored in a secure cloud archive, which is accessible by district administrators for monitoring, auditing and parental review. Additionally, MultiLine preserves institutional knowledge through the application, even through staff turnover. As one staff member leaves, their MultiLine phone number can be reassigned to the incoming staff member through the Movius administrative portal. Overall, MultiLine reduces legal exposure and supports risk mitigation.

School districts face budget shortfalls and increasing pressure to stretch every dollar while providing the greatest educational experience possible for their communities. In addition to being secure and transparent, administrations need cost-effective communication solutions. Switching to MultiLine from cellular stipends cuts communication costs by over 50%, while adding policy protection, logging and auditability capabilities.

On June 27, 2025, Kentucky enacted Senate Bill 181 (SB 181), requiring public schools to use traceable, archivable and parent-accessible platforms for all electronic communications between staff and volunteers and students. While it is legally codified in Kentucky, there are several advantages to having strict delineations between personal and professional communication methods in education. Having thorough security, logging and monitoring of staff, parent and student digital correspondence not only minimizes noncompliance risk, but ensures that students are getting the most out of their education.

Watch Movius’ webinar “Improving K-12 Student Attendance and Engagement in 2026 with MultiLine” to further explore the advantages of fully monitored and logged communication channels for education professionals.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Movius, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modernizing Higher Ed IT: Equinix for Research Universities

Posted on by
Reply

Leading research universities constantly push the boundaries of human knowledge. Your faculty and students rely on advanced technologies to make breakthrough discoveries, analyze massive datasets and collaborate with experts around the globe. But as these academic ambitions grow, the physical technology supporting them often struggles to keep up.

Legacy on-campus data centers often lack the capacity to handle the intense power and connectivity demands of modern computing. This infrastructure gap creates a severe bottleneck, slowing down critical research and complicating the pursuit of Federal funding.

Carahsoft and Equinix have partnered to help universities overcome these hurdles. By shifting from aging campus facilities to a colocation data center full of modern digital infrastructure, you can accelerate discovery, streamline hybrid cloud strategies and enhance your competitive edge for Federal grants.

Here is how you can design the digital foundation your university needs to thrive.

Powering the Next Generation of AI and HPC

The most complex research projects, particularly those involving artificial intelligence (AI) and High-Performance Computing (HPC), require unprecedented processing power. Legacy campus data centers were not built to support the dense, power-hungry servers necessary for these workloads. As a result, many universities face significant power and cooling limitations for modern GPU-based computing.

AI-ready data centers are built to handle these precise demands. Instead of sinking millions into renovating aging campus facilities, universities can leverage colocation services that provide the specialized cooling and energy density required to run high-performance supercomputers and deep learning models efficiently.

By offloading the physical infrastructure burden, your IT team can stop worrying about power outages or cooling failures and start focusing on what truly matters: empowering researchers to process massive datasets and reach conclusions faster.

Securing Grants with Strict Compliance

Federal grants are the lifeblood of university research programs and data sovereignty and privacy regulations increasingly shape how and where educational institutions can process AI data.

For IT and security leaders (CISOs), navigating frameworks like CMMC, FISMA High, HECVAT or HIPAA is a top priority.

Academic research often involves working with sensitive or Controlled Unclassified Information (CUI). Storing this data in vulnerable environments puts your institution at risk.

Utilizing colocation facilities can simplify the path to compliance by offering private, direct connectivity that bypasses the public internet. This ensures that sensitive research data remains protected both in transit and at rest. When your university can confidently demonstrate robust security controls and data sovereignty to Federal agencies, you gain a significant advantage in grant competitiveness.

Seamless Collaboration and Hybrid Cloud

Academic research is rarely an isolated effort. True innovation happens when universities collaborate with national labs, Federal agencies, private industry and peer institutions worldwide. This requires secure, high-speed data sharing across vast geographic distances.

Interconnected infrastructure offered by colocation providers allow universities to create secure physical and virtual links into a global ecosystem of research partners. This provides you with the ability to quickly transfer massive datasets to collaborating institutions without the frustrating latency or security risks associated with standard internet connections.

Many IT leaders are adopting hybrid cloud strategies to gain more efficient, cost-effective access to computing resources. To make that strategy work, it is essential to choose a colocation provider with a strong ecosystem that aligns with your specific requirements. That includes the right mix of cloud providers, networks, neoclouds and research partners to support your workloads, performance goals and growth plans. A well-connected provider does more than house infrastructure; it gives you the flexibility, reach and partner access needed to build a hybrid cloud environment that is resilient, scalable and fit for purpose.

Securing Your Digital Future with Equinix

The demands on university data centers will only increase as AI adoption grows and Federal grant requirements become more stringent. A strong digital foundation built on high-performance data centers like Equinix helps universities scale AI infrastructure globally with greater speed and efficiency. This enables institutions to run high-performance computing workloads, securely share sensitive data and connect more easily with the global research community.

Through software-defined, secure interconnection with Equinix Fabric, universities can connect directly to leading cloud and SaaS providers, including AWS, Microsoft Azure, Google Cloud, Salesforce and Workday. This gives research teams fast, reliable access to critical digital resources while reducing complexity and improving control. It also allows institutions to scale workloads to the public cloud during periods of peak demand and scale back when needed to improve performance and manage costs.

Optimize your Cloud Access Strategy

A strategic Carahsoft technology partner, Equinix is is committed to helping universities design future-ready IT infrastructure. Whether your top priority is optimizing your cloud access strategy, supporting your AI infrastructure goals or securing data for your next major research grant, Equinix provides the tools you need to succeed.

If you are exploring ways to modernize your digital infrastructure or want to learn how your peers are navigating these exact challenges, Carahsoft and Equinix are here to help. Reach out to the digital infrastructure specialists at Carahsoft to schedule a brief discussion or an executive briefing to dive deeper into your university’s specific goals.

Let us help you accelerate discovery and power the next generation of academic innovation.

Come meet Equinix at EDUCAUSE 2026 at Booth #210!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Equinix, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Better Together: How Nutanix and AccuKnox Are Securing the Tactical Edge, and Beyond

Posted on by
Reply

Modern defense operations demand more than connectivity; they demand resilience. As mission environments grow increasingly contested and disconnected, the ability to process intelligence, deploy applications and enforce security at the edge has become a strategic imperative. Nutanix and AccuKnox have built a compelling answer: a tightly integrated platform that pairs the Nutanix Kubernetes Platform (NKP) with AccuKnox’s Zero Trust security layer to deliver a complete, hardened stack, from the software factory to forward-deployed vessels to orbiting satellites. This hardened stack is also hardware agnostic and can be deployed on bare metal tactical servers, and up to IL6+ Govcloud instances. For the Department of War (DoW) architects, system integrators and space operations professionals, the critical question is no longer whether to modernize, but how to do it in environments where reach back is unreliable, swap space is constrained and the cost of failure is operational.

Kubernetes as the Foundation for Tactical Edge Operations

Delivering enterprise-grade infrastructure to physically remote, resource-constrained environments requires more than Kubernetes alone. Kubernetes represents roughly 30% of the solution; the remainder is a curated ecosystem of microservices, service mesh, observability tools and storage integrations that together form a complete operational platform. Without that full stack, organizations risk spending months assembling disparate open source components, only to find that their workloads are still unable to reach production. The NKP addresses this by delivering a pre-integrated, hardware-agnostic solution deployable on bare metal, in the cloud or fully air-gapped at the tactical edge. Whether the use case is a carrier strike group operating disconnected at sea, a forward-deployed Army unit running legacy virtual machines (VMs) alongside containers, or an Unmanned Aerial Vehicle (UAV) requiring a minimal footprint, NKP provides a single platform capable of self-healing, automated scaling and continuous operation, regardless of connectivity status.

AI Delivery and Agentic Capabilities in Disconnected Environments

In contested environments, artificial intelligence (AI) cannot depend on cloud inference. It must run locally, reliably and securely. Nutanix Enterprise AI layers on top of NKP to provide a managed platform for running Large Language Models (LLMs), Retrieval-Augmented Generation (RAG) systems and agentic AI applications with full GPU support, all within disconnected environments. At a recent TechNet San Diego demonstration, RAG AI was used to surface answers from complex naval system maintenance manuals in seconds, a direct application for shipboard readiness operations. Agentic platforms are now deployed with Army units and fielding requests from naval activities, running fully on NKP hardware aboard vessels and mobile command centers without internet dependency. AI models trained at core installations are pushed to forward-deployed assets, where they run locally and queue updates for synchronization upon reconnection, preserving operational continuity without compromising security or model integrity.

Zero Trust Security Woven Into Every Layer

Security at the tactical edge requires continuous policy enforcement at every layer of the software stack, from code commit to container runtime in the field. AccuKnox integrates below the application layer to enforce least-permissive security policies at the kernel level using eBPF-based telemetry. Its Discovery Engine analyzes applications both statically and dynamically, automatically generating security manifests that accompany each application throughout its full deployment lifecycle. These policies define exactly where an application can communicate, what data it can access and how it may interact with adjacent system components—creating enforcement that is architectural rather than reactive. For acquisition officials and Authorizing Officials (AOs) managing distributed mission systems, the platform also automates the generation of compliance evidence covering Security Technical Implementation Guides (STIGs), Common Vulnerabilities and Exposures (CVEs) and relevant security frameworks, compressing what has historically been a months-long manual process into continuous, audit-ready assurance.

Extending the Stack to Orbit: DevSpaceOps

The Nutanix and AccuKnox partnership extends beyond the terrestrial edge to software-defined satellites and orbital platforms. Modern satellite platforms support containerized payloads, multi-tenancy and high-tempo software updates, and they carry significant security exposure. A representative sample of open source software deployed across current satellite initiatives contains more than 60 million lines of code and upwards of 20,000 CVEs. Unlike ground-based nodes, satellites cannot rely on real-time downlink for security decisions; they require local policy enforcement, runtime monitoring and eventually consistent posture reporting to the ground. The concept of DevSpaceOps, modeled on DevSecOps but adapted to the constraints of orbit, addresses how development teams can certify, deploy and manage satellite software with verifiable confidence, leveraging lightweight versions of KubeArmor, automated SPARTA TTP mapping and orbital security dashboards that give Space Operations Center (SOC) teams constellation-wide visibility into STIG compliance, CVE exposure and runtime violations.

One Stack, Every Domain

NKP delivers the hardware-agnostic, cloud-native platform that enables continuous operations across disconnected, multi-domain environments, from carrier strike groups to Army forward units to orbital constellations. AccuKnox ensures that everything running on that platform is secured, monitored and compliant at every layer of the stack. For defense organizations looking to reduce decision latency, accelerate the Authorization to Operate (ATO) lifecycle and ensure security travels with every workload, this joint solution offers a proven, fielded path forward.

To explore these capabilities in greater depth, including live demonstrations of sensor-to-shooter workflows, orbital security posture management and agentic AI in disconnected environments, watch the full webinar presented by Nutanix and Carahsoft.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Nutanix, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Visibility to Zero Trust: Enabling Federal Agency Cybersecurity at Scale

Posted on by
Reply

As Federal agencies accelerate their Zero Trust journeys in response to executive mandates and evolving compliance requirements, cybersecurity leaders face a fundamental challenge: they cannot protect what they cannot see. Zero Trust depends on complete, reliable visibility across modern cloud environments and legacy Operational Technology (OT) systems. Without that packet-level visibility, Zero Trust cannot be effectively enforced.

Closing the Network Visibility Gap

Most agencies rely on Switched Port Analyzer (SPAN) ports to correspond network traffic to security tools, but this approach can leave security sensors with incomplete data, especially in legacy OT environments. Garland Technology’s network Traffic Access Points (TAPs) address this directly. Passive hardware TAPs sit in line between network devices, duplicating traffic for monitoring tools. TAPs carry no Media Access Control (MAC) or Internet Protocol (IP) address, making them invisible to adversaries and work across virtually any vendor ecosystem without creating new visibility constraints.

For environments that need strict one-way data flow, hardware data diodes add another layer of protection. They enforce unidirectional traffic at the circuit level, replacing or working alongside existing SPAN or mirror ports without requiring a full infrastructure overhaul. With National Cross Domain Strategy & Management Office (NCD SMO) certification in its final stages, hardware-based data diodes offer Federal agencies a compliance-ready path to enforce one-way traffic.

Distributing Visibility Intelligently with Packet Brokers

Complete network visibility across a Federal environment involves more than a single TAP or sensor. Traffic moves across multiple links, environments and speeds, and it must be routed to the right monitoring and security tools. Network packet brokers from Garland Technology help agencies receive data from multiple sources and distribute them.

Packet brokers make large-scale visibility manageable through capabilities including:

  • Aggregating traffic from multiple feeds
  • Filtering relevant data streams
  • Load balancing across tool sets
  • Deduplicating redundant packets
  • Slicing and timestamping packets for precision analysis
  • Tunneling traffic across segmented environments

These features reduce overload and improve monitoring performance. In practice, packet brokers can feed targeted traffic simultaneously into Security Information and Event Management (SIEM) platforms, intrusion detection systems, network performance monitors and other sensors.

In OT environments structured around the Purdue model, packet brokers typically sit at the operations systems level, aggregating traffic from TAPs and SPAN ports at lower network layers and routing it upward, through data diodes where required, into the tool sets where security teams can act.

Converging IT and OT for Zero Trust Compliance

Zero Trust is accelerating IT and OT convergence. The National Institute of Standards and Technology (NIST) Zero Trust Architecture (ZTA) framework, along with agency-specific guidance, demands continuous verification of users, devices and applications across the entire network. This is especially challenging because many OT devices in Government networks are decades old and cannot support software updates or inline security tooling without disrupting critical operations.

A practical approach is to leave those systems in place while using network TAPs to pull traffic from legacy OT devices without interrupting operations. That allows security platforms to analyze activity, apply threat intelligence and enforce policy at the network level without touching the devices themselves.

This visibility also enables virtual patching. When a firewall platform can identify an OT device’s version and known vulnerabilities, it can block traffic patterns associated with known threats at the network level without interrupting critical operations. Security teams can also tailor the virtual patching profile to the devices in their environment, resulting in a consolidated, visual asset inventory that maps how OT devices are organized across the network.

A Unified Security Fabric for Continuous Assessment

Zero Trust depends on multiple capabilities working together, including identity, access permissions, segmentation, policy enforcement and continuous assessment. At Federal scale, those functions are most effective when they are integrated rather than spread across disconnected tools. That is where Fortinet Federal brings its security fabric alongside Garland Technology’s visibility infrastructure.

A unified next-generation firewall platform, Fortinet Federal’s FortiGate platform combines routing, Software-Defined Wide Area Network (SD-WAN), segmentation and threat detection into a single operating system, FortiOS, reducing blind spots. FortiGate also extends visibility across switches and wireless access points, enabling security teams to enforce policy more consistently across users, devices and applications.

This consolidated visibility supports Zero Trust Network Access (ZTNA) by applying consistent policy and authentication standards across remote and on-premises users. Threat intelligence further strengthens this model by continuously updating and distributing protections across the environment. FortiGuard Labs sustains this visibility and enforcement through a global threat intelligence network that continuously feeds into Network Operations Center (NOC), Security Operations Center (SOC), Security Orchestration, Automation and Response (SOAR) and SIEM platforms, enabling teams to investigate threats and respond in a coordinated manner.

A Trusted, Compliant and Isolated Security Supply Chain

For Federal agencies, Zero Trust readiness also depends on the integrity of the security supply chain. Security tools must come from vendors with the structure, compliance posture and operational safeguards required for Federal deployment.

Fortinet Federal delivers industry-leading cybersecurity and secure networking capabilities to the U.S. Government through a dedicated, independently operated and federally aligned organization. Its purpose is to serve as a trusted mission partner—providing validated, secure supply chain assurance as well as high-performance and cost-efficient technology.

On the visibility side, Garland Technology’s American-manufactured hardware purpose-built for network TAPs, packet brokers, inline bypass and data diodes helps agencies scale to full-time continuous monitoring architectures without requiring major platform changes or vendor transitions.

Building Toward a More Secure Future

The path to Zero Trust in Federal environments requires the right partners working together. Garland Technology provides purpose-built visibility infrastructure that reliably delivers packet data across IT and OT environments without disrupting legacy systems or creating new points of failure. Fortinet Federal’s federally vetted, supply-chain-isolated security platform turns that visibility into enforceable policy through threat intelligence, network segmentation, ZTNA and continuous assessment. Together, Garland Technology and Fortinet Federal give agencies the integrated foundation needed to implement Zero Trust at scale, protect critical infrastructure and stay ahead of evolving threats.

To learn more about achieving packet visibility and Zero Trust at scale, watch Fortinet Federal and Garland Technology’s webinar, “From Visibility to Zero Trust: Enabling Federal Agency Cybersecurity at Scale.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Fortinet and Garland Technology, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

VMware Private AI: Secure, Scalable AI Adoption for Healthcare

Posted on by
Reply

Demand for artificial intelligence (AI) is nearly universal with approximately 98% of healthcare executives reporting a desire to implement or expand AI capabilities, yet most remain stalled at the starting line. The barrier is not a lack of ambition, but rather the complexity of execution. Fragmented platforms, unclear procurement pathways and the difficulty of integrating AI with sensitive patient data have made deployment feel out of reach for many care teams. Broadcom’s VMware Private AI, now natively embedded within VMware Cloud Foundation (VCF) 9, is designed to change that equation.

From Add-On to Foundation: The VCF 9 Integration

The most significant architectural shift in Broadcom’s AI strategy over the past year is the evolution of VMware Private AI from a standalone service into a core component of the platform. With VCF 9, organizations that already hold VCF licensing have immediate access to Private AI capabilities without separate procurement or added complexity.

This shift is especially meaningful for healthcare IT leaders tasked with balancing innovation and compliance in highly regulated environments. By embedding AI capabilities directly into the foundational infrastructure layer, VMware Private AI eliminates the “moving parts” that have historically made AI deployments costly and unpredictable. Healthcare organizations can now activate and govern AI workloads within an environment they already operate and trust.

Five Components Built for Production-Ready AI

VMware Private AI is organized around five functional pillars, each designed to address a specific stage of the AI lifecycle, from model governance to real-world deployment:

  • Model Store: A secure repository where models are curated, tested and governed before entering production, ensuring only validated and policy-compliant models used in clinical or administrative environments.
  • Service Infrastructure: Templatized deep learning virtual machines (VMs) that can be provisioned on demand, accelerating deployment timelines while maintaining standardization and security controls.
  • Model Runtime: The generative AI (GenAI) execution layer handles active model inference, forming the operational core of the Private AI environment.
  • Model Insights and Action: Tools that support model interaction, response logic and fine-tuning, enabling teams to continuously refine AI performance using real operational data.
  • Vector Databases with Retrieval Augmented Generation (RAG): Instead of retraining base models with proprietary data, RAG enables AI systems to retrieve and reference internal knowledge in real time, delivering accurate, contextually relevant outputs without exposing sensitive data externally.

Keeping Healthcare Data Where It Belongs

Data sovereignty remains a non-negotiable priority in healthcare. Patient records, clinical notes and operational data are governed by strict regulatory requirements, and any AI solution that routes this information through public cloud services or third-party providers introduces significant compliance risk.

VMware Private AI addresses this directly through its RAG-based architecture. By connecting AI models to internal data sources—including SharePoint repositories, local file systems and internal databases—and processing information within the organization’s own infrastructure, the solution ensures that sensitive data never leaves the controlled environment. Documents are segmented into discrete chunks that the model can reference contextually, producing outputs grounded in the organization’s actual knowledge base rather than generic training data.

Additionally, new observability tools provide administrators with real-time visibility into model health, capacity utilization and Application Programming Interface (API) access patterns, supporting both operational continuity and security monitoring.

Healthcare Use Cases: From Clinic to Back Office

 VMware Private AI supports a broad range of healthcare applications across four primary domains:

  • Clinical Decision Support: AI-assisted tools that help clinicians navigate complex case data supports precision medicine and population health initiatives.
  • Administrative Automation: Automated documentation, clinical annotation and digital chat assistance for care teams reduces clerical burden, staff burnout and documentation backlogs.
  • Patient Engagement: AI-powered digital assistants that guide patients through post-discharge treatment plans improve adherence and reduce readmission risk.
  • Operational Efficiency: Predictive maintenance for medical equipment and AI-driven resource allocation optimizes capacity management for healthcare systems.

The broader vision is a shift toward ambient intelligence, AI that monitors, learns and assists in real time without requiring manual prompting, freeing care teams to focus on patients and less on administrative systems.

A Practical Framework for Getting Started

Not all AI use cases offer the same balance of value and implementation complexity. Broadcom recommends a prioritization framework that evaluates each potential application against two key dimensions:

  • The value delivered to patients or the organization
  • The complexity required for deployment

By starting with high-value, low-complexity use cases, such as administrative automation or patient communication, organizations can build momentum, demonstrate Return on Investment (ROI) and develop internal expertise before advancing to more complex clinical applications.

This phased approach reflects a broader evolution in healthcare AI. It is no longer confined to research environments; it is now an operational capability. Organizations that approach AI with deliberate governance, clear prioritization and secure foundational infrastructure will be best positioned to realize its full potential.

Explore how VMware’s Private AI capabilities can support your organization’s clinical and operational goals.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including VMware, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Importance of Creativity in Government and How Creative Software Improves Digital Workflows

Posted on by
Reply

In today’s rapidly changing world, Government agencies are under immense pressure to deliver efficient, transparent and citizen-focused services. They often work with limited budgets and follow strict rules. Although creativity is commonly associated with the Private Sector, it has become increasingly important in the Government space. Creative thinking allows employees to develop better solutions for complex challenges, such as emergency response and policy implementation. Adobe’s creative software plays a valuable role in this shift by helping agencies improve their digital workflows, reduce delays and operate more effectively while meeting high standards for security and compliance.

The Value of Creativity in the Public Sector

Creativity in the Public Sector goes beyond new ideas. It helps agencies address important issues like public health, infrastructure improvements and fair access to services. By encouraging fresh thinking, Government teams can create clearer communications for citizens, present complex data in simple ways and design programs that truly meet community needs. When creativity is supported, agencies tend to achieve better results, build stronger public trust and adapt more easily to change. Without creative approaches, traditional processes can limit progress and make it harder to serve the public effectively.

Enhancing Digital Workflows with Creative Software

One area where creativity makes a real difference is in digital workflows. Many Government operations still depend on manual, paper-based steps that take considerable time and effort. Creative software tools help transform these into faster, more collaborative digital processes. Applications for graphic design, video production, document creation and data visualization enable teams to produce professional materials more efficiently. This includes public awareness campaigns, reports and e-learning training resources. Improved system integration also makes it easier for departments to share information and collaborate effectively. 

Bottlenecks remain a common challenge in Government. Excessive paperwork, lengthy approval processes and outdated systems often cause delays, increase costs and reduce productivity. Creative software and automation offer a practical way to address these issues. By simplifying routine tasks, agencies can save significant time and resources. Features such as electronic signatures, document templates and real-time collaboration help speed up processes that could take up to twice as long using traditional methods. 

Real-World Success Stories

Several Government agencies have seen clear benefits from creative software. Adobe Creative and Adobe Document Cloud, featuring Adobe Acrobat and Adobe Acrobat Sign, further helps by automating document-related tasks. The City of Denver used Adobe Creative Cloud to strengthen its online services and public outreach campaigns (City of Denver Case Study, n.d.). The Federal Aviation Administration (FAA) integrated these tools to modernize its grants management process. This change reduced paperwork and allowed funding for major infrastructure projects to proceed at a faster pace (FAA Case Study, n.d.). The United States Marine Corps achieved a 38 percent reduction in Adobe eLearning production costs by updating its training workflows with Adobe solutions (USMC Case Study, n.d.). The U.S. Census Bureau also realized substantial savings—between $1.4 billion and $1.9 billion—by digitizing forms and outreach efforts (US Census Bureau Case Study, n.d.). Importantly, Adobe’s tools are designed to meet strict Federal security, accessibility and compliance requirements.

A Step Toward More Effective Government

By embracing creativity through secure and accessible creative software tools, Government agencies can reduce operational bottlenecks and deliver better service to the public, supporting greater efficiency, innovation and accountability.

Check out our on-demand webinar series for more information about how Adobe solutions empower teams to streamline workflows, harness AI-driven tools and elevate creative output.

Sources

“City and County of Denver Case Study.” https://business.adobe.com/customer-success-stories/city-county-denver-case-study.html

“Automating digital documents to improve government efficiency and effectiveness.” May 1, 2024. https://blog.adobe.com/en/publish/2024/05/01/automating-digital-documents-improve-government-efficiency-effectiveness

“USMC Extends Elite Training to the Digital Classroom.” https://business.adobe.com/customer-success-stories/usmc-case-study.html

Adobe Customer Success Story – “U.S. Census Bureau.” The savings range reflects estimates from Government Accountability Office (GAO) reporting on the 2020 Census digital innovations. https://business.adobe.com/customer-success-stories/us-census-bureau-case-study.html

Adobe Customer User Cases. Government Solutions: Efficient, Impactful, Modernized

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Adobe, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Minimizing the Attack Surface: The Onion Model vs. Core-First Protection

Posted on by
Reply

Historical Context of Layered Security

The onion model emerged during the growth of enterprise IT when organizations responded to new threats by adding new defensive layers. Each incident or compliance requirement led to another perimeter or middleware control. While effective in the short term, this layered approach produced patchwork systems with overlapping functionality, inconsistent policies and gaps that attackers could exploit.

The Onion Model and Its Vulnerabilities

The traditional “onion model” of cybersecurity layers defenses concentrically around a central database. Each layer is intended to provide a barrier against intrusion, but the cumulative effect is often an expanded and more complex attack surface. From the inside out, the layers typically include:

  1. Database (Data) – the core asset containing customer records, financial transactions, intellectual property, logs and other sensitive information.
  2. Schema & Validation – enforcement of data formats, constraints and integrity checks designed to prevent malformed or malicious inputs from reaching the core.
  3. Application Logic & APIs – business rules and access methods that determine how applications interact with the database, often exposing numerous interfaces.
  4. Access Controls & Identity (IAM) – authentication and authorization services (passwords, tokens, SSO, MFA) that regulate who can reach protected resources.
  5. Encryption Services – cryptographic mechanisms for protecting data at rest and in transit, including key management, TLS/SSL and disk-level encryption.
  6. Firewalls / Perimeter Security – network boundary defenses, intrusion detection systems, packet filtering and monitoring services designed to repel external threats.

Why the Attack Surface Expands

While each layer aims to protect the core, collectively they create new opportunities for exploitation:

  • Integration Points – every interface or protocol boundary becomes a seam that can be misconfigured or attacked.
    • Configuration Complexity – with more interdependent systems, administrators must manage extensive policy sets and security rules, increasing the likelihood of mistakes.
    • Expanded Targets – each layer (firewalls, IAM, middleware, encryption appliances) presents its own vulnerabilities, requiring constant patching and monitoring.
    • Dependency Chains – the failure of a single outer system can cascade inward, leaving the core exposed despite the presence of other controls.

In practice, adding more layers often enlarges the attack surface instead of shrinking it. Attackers exploit this complexity, probing for the weakest link among numerous entry points.

Operational Cost of a Typical Attack Surface

Beyond theoretical weaknesses, a large attack surface carries real operational costs. Tool sprawl burdens administrators with dozens of systems to configure and maintain.

Overlapping monitoring layers generate alert fatigue, obscuring genuine threats. Security budgets become diluted, funding maintenance of redundant defenses rather than reinforcing the integrity of the data itself.

Modern Threat Landscape

Today’s adversaries exploit weaknesses that layered defenses cannot easily address. Lateral movement bypasses layers once attackers are inside a network. Supply chain compromises enter through trusted applications, neutralizing perimeter filters. Zero-day exploits render outer walls ineffective overnight. Core-first security, with protection embedded at the data level, ensures confidentiality and integrity even in the face of these modern tactics.

Architectural Simplicity as Security

Simpler architectures are inherently more secure. Each removed integration point reduces the trusted computing base and the probability of misconfiguration. By embedding protections directly into the data layer, Walacor collapses overlapping controls, producing a system that is easier to audit, verify and trust. This simplicity is itself a security multiplier.

The Core-First Alternative

A core-first security model inverts the paradigm by embedding protections at the data layer itself rather than relying primarily on external systems:

  • Record-Level Encryption and Validation – each data element carries its own cryptographic safeguards, ensuring confidentiality and authenticity.
    • Immutable Integrity Proofs – cryptographic hashes and proofs guarantee that tampering is detectable, independent of outer defenses.
    • Minimized Trust Dependencies – fewer external layers are required for assurance, reducing the number of systems that must be defended and configured.
    • Resilience Under Breach – even if outer controls fail, the data itself remains cryptographically protected and resistant.

This approach shrinks the attack surface by concentrating security at the point of greatest value: the data. Instead of expanding outward with additional complexity, it reduces potential vectors for compromise.

Walacor and Core-First Protection

Walacor implements the core-first philosophy by embedding immutability, cryptographic enforcement and schema validation directly into the data layer. Rather than building outward layers that expand the attack surface, Walacor collapses unnecessary perimeter complexity and anchors protection where it cannot be bypassed: the data itself.

  • Data-Level Cryptography – each record is encrypted and bound to proofs of authenticity, eliminating reliance on external encryption appliances.
    • Immutable Storage – records are tamper-evident at the core, reducing the need for overlapping monitoring systems.
    • Integrated Validation – schema and policy checks occur at write-time, blocking invalid or hostile data without middleware add-ons.
    • Shrinking the Attack Surface – because Walacor renders many outer layers redundant, there are fewer interfaces to defend, fewer seams to misconfigure and fewer targets for attackers.

Walacor demonstrates that the most effective way to minimize the attack surface is to concentrate defenses in the core, ensuring data integrity and confidentiality regardless of the state of external systems.

Agents, AI and the Attack Surface

The emergence of intelligent agents and AI-driven systems adds a new dimension to the attack surface discussion. Agents interact with data across multiple contexts—querying, transforming and making autonomous decisions. In a traditional layered model, each of these interactions multiplies the integration points and potential vulnerabilities. Malicious prompts, poisoned training data or compromised connectors can all bypass outer defenses to reach sensitive information.

A core-first model directly addresses this risk. By cryptographically securing and validating data at the record level, Walacor ensures that even AI agents cannot be tricked into handling falsified or tampered records. Every data element carries its own assurance, creating a trustworthy substrate for automated reasoning and machine learning pipelines.

In this way, AI becomes a consumer of verifiable data rather than a potential vector for hidden compromise, aligning intelligent agents with the same guarantees that protect human operators.

Forward-Looking Implications

A core-first approach lays the groundwork for enduring benefits. Immutable, verifiable data strengthens sovereignty in federated and multicloud environments. Compliance becomes easier, as audit trails and integrity proofs are inherent to the system rather than bolted on. This architecture future-proofs sensitive systems, ensuring resilience against evolving threats.

Reinforcing the Core-First Premise

The onion model reflects a reactionary philosophy that often results in excessive complexity and a sprawling attack surface. A core-first strategy simplifies the architecture by embedding protection directly into the data layer, eliminating unnecessary exposure and ensuring that sensitive information remains secure even in hostile conditions.

To learn more about a core-first approach to cybersecurity, contact Walacor.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Walacor, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Importance of Securing the Software Supply Chain

Posted on by
Reply

Moving Upstream: The Evolution of Software Supply Chain Attacks

The software supply chain consists of multiple components, touching every piece of code from the moment of conception to the moment of deployment into a Government application. This includes a variety of software, including third-party libraries, open source components, build tools and software architecture, making it a valuable target to hackers.

The software supply chain threat landscape has evolved from a series of disjointed yet targeted attacks to a broader upstream poisoning strategy. Historically, malicious actors targeted specific agencies; today, they have shifted to targeting upstream public software libraries and repositories. These open source libraries are used by thousands of Government agencies and can cause untold damage in a single attack. In the Public Sector, a compromised supply chain does not just mean a data link—it can constitute a threat to national security.

Several real-world cyberattacks exemplify this pattern change, including the 2025 Shai-Hulud software supply chain attack and the 2025 GlassWorm Integrated Development Environment (IDE) extension cyberattack. Malicious actors contribute code that appears to be helpful to public open source projects that contain hidden backdoors or vulnerabilities. In this case, it grants access to systems run by Government agencies.

Some hackers target the developer toolchain and IDE more broadly, as shown in the GlassWorm IDE extension cyberattack. GlassWorm was a self-propagating vulnerability whose initial threat injection was through an IDE extension download through a popular IDE extension marketplace. Other malicious actors have targeted artificial intelligence (AI)-powered supply chains, taking advantage of the speed and power of AI to propagate sophisticated multi-threaded threat campaigns against the developer ecosystem.

Setting Up for Success: Security Built Into the Process

In February 2022, the US Government published the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF) to combat threats to the software security chain. This publication divides guidance under four main practice groups:

  • Preparing the organization
  • Protecting the software
  • Producing well-secured software
  • Responding to vulnerabilities

These groups shift the model from fragmented security tools stitched together toward a unified process in which the security is baked directly into the developer’s workflow. For agencies, this framework provides a common language from which they can all develop a cohesive, secure and regulated software supply chain.

One of the ways developers can secure their supply chains is through Software Bill of Materials (SBOMs). SBOMs are essentially recipes for software; they outline all of the components inside a piece of software. These became required through Executive Order (EO) 14028 but creating them manually at the speed of modern DevSecOps is nearly impossible. Furthermore, as the Government manages risk and prepares for quantum-safe cryptography, the ability to support industry-standard and Federal compliance requirements for Software Package Data Exchange (SPDX) and CycloneDX SBOM formats, which include Vulnerability Exploitability Exchange (VEX) and cryptographic information, is mandatory for mission success.

The automation of SBOMs affects multiple components of the software supply chain:

  • Real-Time Visibility: Agencies have insight into all aspects of the software supply chain, from the deployment of a new line of code to the introduction of common vulnerabilities and exposures (CVE) to their inventory.
  • Reach of Vulnerability: DevSecOps teams can look at a vulnerable part of a library and determine the status of execution, the path of remediation and how agencies should prioritize remediation efforts.
  • Continuous Compliance: Every automated SBOM ensures that every release is compliant with Federal standards without requiring manual audit every time.

Beyond SBOMs, Federal agencies can focus on implementing other safeguards. Developing a curation process to vet open source libraries and components before they are ever downloaded is a critical first step. Agencies should examine potential application and service exposures, such as leaked credentials or backdoors in the software architecture. Additionally, securing the code at the binary level ensures that what was tested and developed is exactly what is run in production.

The JFrog Software Supply Chain Platform: All in One

From inception of code to runtime during mission-critical operations, having a single platform that provides security and visibility across the Software Development Life Cycle (SDLC) is crucial. The JFrog Platform ensures those factors by focusing on universal binary management. It supports over 30 open source packages, including Docker, Maven and Python. JFrog Artifactory, JFrog’s universal artifact repository manager, manages this package from one place, providing a single source of truth for developers that support mission-critical applications.

JFrog does not just look at the top layer for vulnerabilities and exposures; they scan deep into every dependency and sub-dependency within the binary to protect developer tools and infrastructure. Signed evidence at every gate creates end-to-end traceability from the developer’s IDE to edge deployment. The JFrog Platform is compatible with multiple network environments, from on-prem to hybrid to a multicloud flexible strategy.

As the Government modernizes its approach to digital transformation, agencies need industry partners that provide visibility into the next frontier. Security starts and extends across the software supply chain, from the inception of the code at the binary level to deployment of the application. The JFrog Platform delivers unprecedented trust assurance and risk mitigation through their signature binary-level security and positions their Public Sector customers and partners at the bleeding edge of innovation.

Explore JFrog’s DevSecOps solutions and how JFrog can protect Public Sector software supply chains from code to production.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including JFrog, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.