Category Archives: Partners

Enabling Responsible AI in Palantir Foundry

Posted on by
Reply

Editor’s Notes: The following is a collaboration between authors from Palantir’s Product Development and Privacy & Civil Liberties (PCL) teams. It outlines how our latest model management capabilities incorporate the principles of responsible artificial intelligence so that Palantir Foundry users can effectively solve their most challenging problems.

At Palantir, we’re proud to build mission-critical software for Artificial Intelligence (AI) and Machine Learning (ML). Foundry — our operating system for the modern organization — provides the infrastructure for users to develop, evaluate, deploy, and maintain AI/ML models to achieve their desired organizational outcomes.

From stabilizing consumer goods supply chains, to optimizing airplane manufacturing processes, and monitoring public health outbreaks across the globe, Foundry’s interoperable and extensible architecture has enabled data science teams worldwide to readily collaborate with their business and operational teams, enabling all stakeholders to create data-driven impact.

Palantir Responsible AI in Foundry Blog Embedded Image 2023

As we discussed in a previous data science blog post, using AI/ML for these important use cases demands software that spans the entire model lifecycle. Foundry’s first-class security and data quality tools enable users to develop AI/ML models, and by establishing a trustworthy data foundation, our software offers the connectivity and dynamic feedback loops that these teams need in order to sustain the effective use of models in practice.

Further to this, developing capabilities that facilitate the responsible use of artificial intelligence is an indispensable part of building industry-leading AI/ML capabilities. Here, we’ll share more about what responsible AI means at Palantir, and how Foundry’s latest model management and ModelOps capabilities enable organizations to address their most challenging problems.

Responsible AI at Palantir

At its core, our AI/ML product strategy centers around developing software that enables responsible AI use in both collaborative and operational settings. We believe that the term has many dimensions and includes considerations around AI safety, reliability, explainability, and governance. We’ve publicly advocated for a focused, problem-driven approach as well as the importance of robust data governance to AI/ML in multiple forums.

We believe that the tenets of responsible AI are not just limited to model development and use but have considerations throughout the entire model lifecycle. For example, developing reliable AI/ML solutions requires tools for the management and curation of high-quality data. These considerations extend beyond model deployment alone and include how end-users interact with their AI outputs and how they can use feedback loops for iteration, monitoring, and long-term maintenance.

Incorporating responsible AI principles in our software is also a core part of our commitment to privacy and civil liberties. Building this kind of software means recognizing that AI is not the solution to every problem and that a model for one problem will not always be a solution to others. A model’s intended use should be clearly and transparently scoped to specific business or operational problems.

Moreover, the challenges of using AI for mission-critical problems span a variety of domains and require expertise from a diverse breadth of disciplines. Building AI solutions should therefore be an interdisciplinary process where engineers, domain-experts, data scientists, compliance teams, and other relevant stakeholders work together to ensure the solution represents the specialized demands and requirements of the intended field of application. The values of responsible AI shape how we build our software, and in turn, they enable our customers to use AI/ML solutions in Foundry for their most critical problems.

Model Management in Foundry

Building on the platform’s robust security and data governance tools, Foundry’s model management capabilities are designed to encourage users to incorporate responsible AI principles throughout a model’s lifecycle. We have recently released product capabilities that improve the testing and evaluation ecosystem through no-code and low-code interfaces. We encourage you to read more about these here.

Problem-first modeling

In Foundry, orienting around the “operational problem” that models are trying to solve is at the heart of this new model management infrastructure. Foundry offers many tools for a data-first and exploratory approach to model experimentation, but for mission-critical use-cases, AI/ML applications need to be scoped to a specific problem. We have deliberately built modeling objectives to focus model development, evaluation, and deployment around well-defined problems.

The Modeling Objectives application enables users to define a problem, develop candidate models as solutions to these challenges, perform large-scale testing and evaluation, deploy models in many modalities to both staging and production applications, and then monitor them to enable faster iteration.

Specifying the modeling problem from the outset enables collaborators to better understand — and test for — the application and context for which the models are intended. This also provides greater insight into inadvertent reuse or repurposing of models. Modeling objectives provide a flexible yet structured framework that presents an opportunity to streamline model development and deployment by collecting key datasets, identifying stakeholders, and creating a testing and evaluation plan before their development begins.

These objectives also transparently communicate state about a particular AI/ML solution — from model development to testing, to deployment and further post-deployment actions like monitoring and upgrades. This enables users to be more intentional, responsible, and effective in how they use AI to address their organization’s operational challenges.

Deep integrations for security and governance

Data protection, governance, and security are core components of Palantir Foundry and are especially important for AI/ML. AI solutions must be traceable, auditable, and governable in order to be used effectively and responsibly. To facilitate this, Foundry’s model management infrastructure integrates deeply with the platform’s robust capabilities for versioning, branching, lineage, and access control.

Users can submit a model version to an objective and propose that model as a candidate solution for the problem defined in that objective. When submitting a model, users are encouraged to fill out metadata about the submission which becomes part of its permanent record. Project stakeholders and collaborators can use this to better understand the details of each submission and create a system of record that catalogs all future models for a particular modeling problem. With Data Lineage, they can also quickly see the provenance of every model that is submitted to an objective, revealing not only the models themselves, but also their training and testing data and what sources those datasets originally came from.

Foundry’s model management infrastructure natively integrates with the platform’s security primitives for access controls. This enables multiple model developers, evaluators, and other stakeholders to work together on the same modeling problem, while maintaining strict security and governance controls.

Robust testing and evaluation capabilities

Testing and evaluation (T&E) is one of the most critical steps in any model’s lifecycle. During T&E, subject matter experts, data scientists, and other business stakeholders determine whether a model is both effective and efficient for any given modeling problem. For example, models may need to be evaluated quantitatively and qualitatively, assessed for bias and fairness concerns, and checked against organizational requirements before they can be deployed to applications in production environments. That’s why we have released a new suite of capabilities to facilitate more effective and thorough T& in Foundry.

Foundry now offers evaluation libraries for common AI/ML problems as a part of the Modeling Objectives application. The availability and native integration of these libraries within Foundry’s model management infrastructure enable users to quickly produce well-known, quantitative metrics in a point-and-click fashion for common modeling problems, all without having to dive into any technical implementation.

We’ve also included a framework for users to write their own custom evaluation libraries. Libraries authored in this framework benefit from the same UI-driven workflow and integration with modeling objectives. This extends the power of the integrated evaluation framework to more advanced modeling problems or context-specific use cases.

Building on the evaluation library integrations, we’ve also added the ability to easily evaluate models across subsets of data. This lets users quickly and exhaustively compute metrics to identify areas of model weakness that might otherwise go undetected if only computing aggregate metrics. Evaluating models on subsets can more easily surface bias or fairness concerns that affect only a portion of the model’s expected data distribution. Users can also configure their T&E workflows to run automatically on all candidate models proposed for a problem in order to build a T&E procedure that is both systematic and consistent.

We also recognize that not all T&E procedures are quantitative. Therefore, checks in modeling objectives help keep track of certain pre-release tasks that might need to get done as part of the T&E process before a model can be released.

Looking ahead

Modeling objectives and the T&E suite are just some of the latest capabilities to encourage responsible AI in Foundry, and we continue to invest in new capabilities for effective model management. From the tools that facilitate robust model evaluation across domains, to mechanisms for seamless model release and rollback in production settings, our model management offering will always focus on empowering our customers to use their AI/ML solutions effectively, easily, and responsibly for their organization’s most challenging problems.

This post originally appeared on Palantir.com and is re-published with permission.

Download our Resource, “Palantir Named a Leader in AI/ML Platforms” to learn more about how Palantir Technologies can support your organization.

Safely Modernize Legacy Systems with Palantir Foundry Container Engine (FCE)

Posted on by
Reply

Missile warnings. Airplane flight statuses. Satellite observation alerts. Much of the U.S. Government’s most critical digital infrastructure is dependent on software built during the Cold War, written in archaic languages (e.g., Fortran, COBOL, ADA), and/or installed exclusively on mainframe computers. While the infrastructure is old and may struggle to keep up with the needs of today, the core logic often works well. Yet re-writing decades of work and millions of lines of code to try to modernize just isn’t feasible.

Introducing Foundry Container Engine (FCE): FCE runs containerized legacy code in Foundry, enabling government agencies to leverage what’s working and safely leave behind what isn’t. For an analogy, consider AWS Lambda, which revolutionized how engineers run code by abstracting away the hardware infrastructure required — no more worrying about servers and clusters. In a similar fashion, FCE is revolutionizing how engineers integrate and orchestrate legacy investments in their modern software architectures. FCE streamlines your modernization journey, allowing you to incrementally rebuild millions of lines of legacy code while continuously delivering new value to the organization.

The Challenge: Operationalizing legacy code is hard

Code that is decades old is not inherently bad. On the contrary, it’s been battle-tested over decades and written by people with deep expertise in highly specialized fields. Yet aligning old software to the changing operational realities of today is both daunting and necessary. It’s often untenable work to re-write and scale up the satellite model that was built to detect 100 satellites in the 1980s and now needs to detect 30,000 satellites in 2023.

Our customers who rely on legacy code and infrastructure frequently face the following challenges:

  • Modernizing is disruptive: Too often, the only options presented for modernization are highly disruptive — data lakes, code base overhauls, and multi-year roadmaps. These run the risk of taking critical systems offline without ever accomplishing the necessary operational outcomes.
  • Unscalable: There is a long lead time for up-sizing environments to meet computation requirements, and scaling replicas of instances of products is often impossible. Forget about doing this in real-time to meet today’s critical deadlines.
  • Siloed logic: Sophisticated legacy models are much more valuable when integrated with other data sources. In our satellite example, this might include observation data, surveillance networks, sensors, and more. Adding new data feeds, data processes, outputs, and interfaces is unfeasible or too slow to be valuable.
  • Closed ecosystem: The data pipelines associated with legacy code are often a black box. There is no way for other platform and development teams to securely collaborate, effectively limiting upside by restricting the number of people able to interact with the code and provide novel analyses.
  • Divorced from operational decisions: Legacy models produce compelling insights, but the outputs are not actionable. There is no easy way to automatically create an intuitive visualization or useful alerting logic. A collision model might show satellites are about to collide, but users cannot action this information to re-orient where those satellites are flying.

Solution: Use FCE to lift and shift logic to Foundry and make it 100x more valuable

As a centrally-managed, cloud-based SaaS platform, Foundry offers instant access to cutting edge modern software implementation, including streaming pipelines, live API-driven inference, and autoscaling. Now that FCE allows containerized code to run in Foundry, unlocking the full value of legacy systems has never been easier.

Day 1 benefits include:

  • Safely and incrementally modernize: Immediately start your modernization journey with the assurance that critical systems will continue to function, and deprecation of old components will do no harm.
  • Rapidly scalable infrastructure: Achieve on-demand expansion of your compute and storage environment as capabilities evolve and expand. This provides resiliency and redundancy to avoid a single point of failure. Replacing one file with another in the FAA’s flight software should not cause flights to be grounded nationwide.
  • Flexibility and interoperability: Seamless addition of future data feeds, data processes, objects, schemas, and interfaces. Fuse disparate data to quickly produce new analyses.
  • Secure collaboration: Built-in security access control features enable secure collaboration among combined platform and development teams. When combined with pipeline transparency and DevSecOps iteration, customers can securely democratize outputs over open, extensible APIs.
  • Modern and dynamic user interfaces for rapid and automated decision-making: Users easily configure alerting logic and produce new applications with low-code/no-code tooling. Translate the complex output of a satellite physics model into an operationally relevant Space Domain Awareness application.

In a silo, legacy software can still be improved, but those small gains come at the expense of the significant, compounding benefits of modernization. FCE enables agencies to rapidly speed up progress towards their software-driven outcomes by integrating anything run by FCE with other Foundry products (e.g., pipeline builder, streaming, workshop). With Foundry’s core principles of modularity and interoperability, agencies can selectively deprecate legacy software components without disrupting their data sources, ontology, and actions. In a world where the missiles are parabolic one month and hypersonic the next, innovation in bits must outpace innovation in atoms.

This post originally appeared on Palantir.com and is re-published with permission.

Download our Resource, “Impact Study: Accelerating Interoperability with Palantir Foundry” to learn more about how Palantir Technologies can support your organization.

Safeguarding Mission-Critical Data: Veeam’s Unwavering Commitment to Data Protection and Secure Products for Government Customers

Posted on by
Reply

Protecting customer data

In today’s digital landscape, data security is of utmost importance. At Veeam Software (Veeam), we recognize the significance of safeguarding our customers’ sensitive information. As part of our ongoing commitment to security, we are actively pursuing Common Criteria and Department of Defense Information Network Approved Product List (DoDIN APL) certifications. In addition, we are fully compliant with Cybersecurity Maturity Model Certification v2 level 1 (awaiting validation) and engage in Independent Verification & Validation (IV&V). We have also successfully completed FIPS 140-2, SOC type 2 level 1, ISO 27001 certifications and are implementing the Secure Software Development Framework (SSDF) to fortify our security measures further. This update provides an in-depth understanding of these certifications and our dedication to maintaining the highest data protection standards.

Common Criteria certification and DoDIN APL

Common Criteria is an internationally recognized standard for evaluating the security of information technology products. It involves a comprehensive evaluation process, testing our software against rigorous security requirements. By pursuing Common Criteria certification, our goal is to provide our customers assurance that our products adhere to the highest security standards acknowledged by over 30 countries worldwide.

In parallel, we are also pursuing the DoDIN APL certification, which is specifically relevant for our customers operating within the Department of Defense (DoD) ecosystem. This certification ensures that our products meet the stringent security requirements set by the Defense Information Systems Agency (DISA), thereby enhancing the protection of data within the DoDIN framework.

CMMC v2 Compliance

Veeam Safeguarding Mission-Critical Data Blog Embedded Image 2023

The Cybersecurity Maturity Model Certification (CMMC) is an integral part of our commitment to ensuring the security of our customers’ data. CMMC v2 is the latest version of this unified standard designed to assess the cybersecurity posture of the defense industrial base (DIB). Compliance with CMMC v2 signifies that our security practices align with the stringent requirements defined by the Department of Defense (DoD). By adhering to these standards, we assure our customers within the defense sector that their data is safeguarded with the utmost care and resilience.

Independent Verification & Validation (IV&V)

To reinforce our security measures, we have engaged in Independent Verification & Validation (IV&V). This process involves a third-party organization conducting thorough testing and evaluation of our software. The independent nature of IV&V ensures an unbiased assessment of our security controls, offering an additional layer of confidence in our commitment to protecting valuable customer data.

FIPS 140-2, SOC type 2 level 1 and soon 2 and ISO 27001 certifications

Veeam has successfully completed several vital certifications that further fortify our security posture. FIPS 140-2 is a U.S. government standard that verifies the security requirements of cryptographic modules. This certification ensures that our encryption methods meet the highest standards and provide robust data protection.

SOC type 2 level 1 certification demonstrates our dedication to maintaining the security, availability, processing integrity, confidentiality and privacy of data. We are actively working towards achieving SOC type 2 level 2 certification, enabling us to demonstrate even greater control efficacy and maturity across our systems and processes.

Additionally, Veeam’s compliance with the ISO 27001 standard underscores our commitment to establishing and maintaining a comprehensive information security management system (ISMS). This certification validates that our security practices align with globally recognized best practices, ensuring customer data remains safe and secure.

Implementation of the Secure Software Development Framework (SSDF)

As part of our continuous improvement efforts, Veeam is in the process of implementing the Secure Software Development Framework (SSDF). This framework provides guidance on designing, developing and testing software to ensure adherence to specific security standards. The SSDF allows us to integrate robust security practices into our software development lifecycle, ensuring we proactively address security concerns at every stage of the development process and build products with security in mind from the ground up. By incorporating the SSDF into our development processes, we enhance the security of our software and reinforce our commitment to delivering robust and secure solutions.

At Veeam, our customer’s data security is our top priority. We are committed to maintaining the highest levels of protection for mission-critical data. Pursuing Common Criteria and DoDIN APL certifications, complying with CMMC v2, engaging in Independent Verification & Validation, completing FIPS 140-2, SOC type 2 level 1 and soon 2, ISO 27001 certifications and implementing the Secure Software Development Framework (SSDF) all demonstrate our unwavering dedication to data security.

By undergoing these certifications and implementing industry-leading security measures, we ensure that customer data remains secure, regardless of the sector. We will continue to evolve and improve our security practices to stay ahead of emerging threats and provide customers the peace of mind they deserve.

When customers choose Veeam and the Veeam Data Platform, they can rest assured they have selected a trusted partner committed to securing their data and the data of their customers, end-users and partners. We value the trust we have built with our government customers and will continue to deliver the highest level of data protection possible to ensure mission continuity.

Contact a member of our team today and learn more about how Veeam can support your mission-critical data initiatives.

Better Cloud with Nutanix and HPE

Posted on by
Reply

Today, almost everything online is conducted and saved through the cloud. Government agencies face the obstacle of modernizing their software infrastructure and navigating cloud-based solutions to achieve mandates. That’s why Nutanix, an American cloud computing company that unites public cloud simplicity and agility with private cloud performance and security, has taken up the mission to radically simplify and secure how organizations across all industries and sectors run apps and manage data. With its recent partnership with Hewlett Packard Enterprise (HPE), Nutanix aims to create and provide its own private cloud platform that unifies storage, provides database and desktop services, provides hybrid cloud infrastructure and offers cloud management with the goal of supporting any application and workload. All these objectives have been optimized into one secure, easy-to-use product—Nutanix Cloud Platform.

One Unified Cloud

Nutanix pioneers the cloud market with an adaptable, endlessly scalable user-interface. With its built-in intelligence system, Nutanix Cloud Platform can manage apps and data to maximize efficiency and performance. Its features are robust and resilient, as it will replicate data in small slices so that the software can efficiently recover from outages and withstand cybersecurity attacks.

Nutanix HPE Cloud Blog Embedded Image 2023

HPE and Nutanix’s global partnership brings customers more options. Unlike other cloud spaces, which have predetermined settings, Nutanix Cloud Platform grants users additional flexibility to adapt the cloud to their needs. Users can customize their clouds, apps and technology stacks with rapid time-to-value benefit. The cloud platform has the largest breath of platforms among any cloud, the ability to run ESX AHV and the freedom to scale up or down. Nutanix Cloud Platform includes a hybrid cloud infrastructure, a unified control plane, unified APIs, a secured base, a built-in hypervisor and a built-in lifecycle management.

Nutanix enables every industry to meet its goals. Fourteen different platforms are certified on HPE, giving users the option to choose which solution they use. Over the last 24 months, Nutanix has maintained a 91% Net Promoter Score reflecting its satisfied customer base, considering that the average NPS score is 45%.

Secure with Nutanix

As the world’s largest retailer of software, Nutanix must not only be prepared to deliver a beneficial product, but a secure product. Since multiple Federal, military and intelligence agencies use Nutanix, and since the basics of Government standardize around Nutanix, its cybersecurity is an issue of national security. Nutanix provides several vital security features, including:

  • Factory security hardening and baseline
  • Automated configuration validation and self-healing
  • Data-at-rest encryption
  • Localized encryption key management built into the system
  • Network segmentation and micro segmentation
  • Multi-factor authentication, role-based access and security assertion markup language
  • Data protection, including snapshotting and multi-site capabilities, synchronized replication and constant availability
  • Security on back end that monitors the network and investigates violations to ensure continuous compliance on company scanning tools
  • Encryption capabilities built into the software that cluster lockdown to ensure data cannot be accessed by outside actors

In addition, on request of the Government, Nutanix added a Kernel-based Virtual Machine, which makes the software substantially easier to use. The cloud platform’s certified solutions and joint engineering encourages users to acquire and expand vaster capabilities. By automating the process, Nutanix Cloud Platform promotes sustainable life cycle management.

Nutanix’s cloud is always improving. Manufacturers share testing notes to evaluate the most accurate assessment of the product. There is a dedicated support group for Nutanix and HPE customers that can help users with any issues that arise. Through consistent updates and a shift from capacity-based licensing to processor based, these cloud providers ensure the product is user friendly and easy to bundle with other products.

Better Together

With Nutanix and HPE’s partnership, the cloud has been revitalized as a user-friendly, unified platform to keep industries secure, as well as to provide a streamlined platform for all workloads and data. With Nutanix Cloud Platform, customers can minimize cost, performance and risk all with one product.

View our webinar and dive deeper into the benefits of Nutanix Cloud Platform from Nutanix and HPE’s partnership.

3 New Ways to Integrate Microsoft Teams with Your Purpose-built Technical Collaboration Platform

Posted on by
Reply

Technical and operational team members rely on a broad range of specialized tools: GitLab, Jira, Jenkins, ServiceNow, Zendesk, and many others. Meanwhile, their colleagues across the organization may also use general-purpose solutions such as Microsoft Teams. In fact, many of your people involved in application development, IT operations, and other technical workflows need to stay connected to Teams. And that presents some opportunities.

Microsoft Teams provides a useful all-employee meeting and chat experience. But it can’t deliver the features your technical and IT teams need, such as:

  • Built-in integrations with specialized developer and technical tools
  • Project- or topic-specific channels for in-context conversations
  • Customizable playbooks or digitized checklists to optimize technical workflows
  • Ironclad security for mission-critical workflows connecting to sensitive systems
Mattermost for Microsoft Teams Collaboration Blog Embedded Image 2023

For these capabilities, smart organizations rely on a purpose-built technical collaboration platform. An effective collaboration platform provides a single plane of glass that gives all team members a unified environment for information sharing, project tracking, and both real-time and asynchronous collaboration.

Fortunately, organizations now have an effective means of integrating Microsoft Teams and Microsoft 365 into their technical and operational processes. Mattermost for Microsoft Teams enables technical users to stay connected to Teams while collaborating in a highly customized and secure collaboration environment.

In particular, three innovative capabilities can equip your organization to turbocharge Teams integration and accelerate your technical workflows:

  1. Secure, customizable Teams messaging extension: The Teams messaging extension allows technical users to collaborate in secure shared channels across the Mattermost and Teams experiences. Users can take advantage of integrated voice, video, screen share, and calendar across the two platforms. They also get unified user management and authentication through Azure Active Directory and Active Federation Services single sign-on. The extension allows Teams users to connect to hundreds of technical and developer systems, along with custom in-house tools, by using their technologies of choice.
  2. Private communications mode for sensitive content: A private communications mode ensures strong security for your sensitive data and technical intellectual property (IP). With this capability, you retain complete control of all messages and files sent. You can optionally store data outside the Teams environment in your own encrypted databases in private or public clouds, including Microsoft Azure, AWS, and Google Cloud Platform (GCP).
  3. Business continuity mode during Teams outages: Mattermost for Microsoft Teams can be deployed in private or public clouds independent of Azure. That means you can now maintain vital communications, security, and resiliency functions during an outage of Microsoft 365.

With these features, you have new capabilities to optimize collaboration for technical and operational teams. Centralized IT functions can give your technical teams an extended customization experience while enabling them to remain firmly integrated into the all-employee Teams and Microsoft 365 platforms.

Through the integration of Mattermost and Teams, your technical operators can stay connected to nontechnical stakeholders. Yet within the same environment, they also have direct access to the webhooks, slash commands, custom plugins and apps, automations, workflow orchestration, and project management they need.

Technical and operational users can now leverage Teams while collaborating in a customizable environment – with the security, specialized tools, and purpose-built automations that optimize your mission-critical workflows.

View our demo on integrating Mattermost with Microsoft Teams.

Okta and GovSlack Bring Digital-first Environment to Government

Posted on by
Reply

Digital transformation is all around us. From how we shop to where we work, digital-first environments are the new normal. While the private sector quickly adopted collaborative, digital workspaces, the pace is a bit slower for government agencies – and for good reason.

Higher levels of security and compliance are required in government work, yet agencies still feel limited by the legacy systems in place. To transform into a digital-first workspace that promotes collaboration and improves communication among agencies and contractors, government agencies need flexible, inclusive technology that doesn’t sacrifice cybersecurity.

Modernize with a digital command center

Okta + GovSlack Digital-first Environment to Government Blog Embedded Image 2023

Okta integrates with GovSlack to help the government modernize how work gets done. The centralized digital headquarters provides frictionless, secure access and helps agencies increase productivity, security, governance, and end-to-end workflows.

GovSlack was launched to allow for secure collaboration. Okta’s Identity and access management (IAM) policies throughout GovSlack meet the security and compliance needs of intra- and cross-functional government teams and contractors.

Top five reasons to modernize with Okta and GovSlack

Here are some of the top reasons agencies can benefit from the Okta and GovSlack solutions:

  1. Share information with external agencies and contractors in real time: Slack Connect allows agencies to extend the benefits of their centralized, digital workspace to both internal and external team members in real time. This helps reduce the need for meetings and follow-ups. Okta’s IAM capabilities throughout the platform remove siloed Identity security across the extended enterprise.
  2. Access growing library of integrations: Okta’s secure and seamless integration with GovSlack and a growing number of high-security versions of the most commonly used business applications protect the government’s highest-value assets.
  3. Meet strict compliance and security requirements: Okta’s FedRAMP Moderate Identity solution includes features and capabilities available throughout GovSlack that are designed to strengthen the security posture of government agencies. Okta’s trusted security capabilities meet Zero Trust architecture (ZTA) and the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Identity pillar, helping agencies bridge on-premises assets to the cloud with a unified and automated Identity-driven access layer.
  4. Create a frictionless workforce experience: IAM tools from Okta, like phishing-resistant Multi-Factor Authentication (MFA) and biometrics, allow users to easily access the secure platform from any location or device. Granting permissions and access controls at scale is simple through GovSlack’s enterprise-grade admin dashboard.
  5. Launch into the future of modern work: With security measures offered by Okta and GovSlack, agencies can incorporate a secure, cloud-based digital headquarters into all aspects of their daily work. With a secure digital workspace in place, agencies can reduce time spent building on-premises solutions, breaking down information silos, improving collaboration internally and externally, and opening the door to more possibilities when all stakeholders have access to the same workspace.

Download our Solution Brief to learn more about Okta, the federal Identity solution for high-impact applications, and GovSlack, the designated “digital headquarters” for many government agencies.

Learn How BEINCOURT, Carahsoft and Zoom Work Together to Make Hybrid Legal Proceedings a Permanent Reality

Posted on by
Reply

In 2020, a global shift occurred that prompted many industries to embrace new technology. Legal proceedings that previously followed strict in-person protocols suddenly shifted to a virtual environment and turned to platforms like Zoom for solutions.

While in-person hearings have now resumed in most jurisdictions, hybrid court proceedings are here to stay. This new reality is the driving force behind a new partnership between Zoom, BEINCOURT and Carahsoft, who share the mutual goal of supporting a seamless transition from the virtual courtroom to a hybrid one in jurisdictions across the country.

The Benefits of Hybrid Proceedings

Carahsoft BIENCOURT Zoom Court Room Announcement Blog Embedded Image 2023

While the main benefit of virtual legal proceedings initially was continuity, other benefits quickly became apparent. Courtrooms using Zoom were able to expand access to a broader audience and make proceedings easier, more accessible and less financially burdensome for the parties involved.

Additionally, regarding court proceedings involving domestic violence or emotional abuse, the use of video technology provided victims peace-of-mind by allowing them to pursue justice through the legal system without having to share a room with their alleged abusers.

In essence, a hybrid model allows governments to reap the benefits of in-person proceedings and virtual ones. Even so, many courts need help choosing and procuring the right technology to enable this transition.

“Jurisdictions are at different stages of their technology journeys,” said Matt Mandrgoc, Head of U.S. Public Sector at Zoom. “With physical proceedings back underway, many courts are struggling to integrate video conferencing technology with traditional proceedings. That’s why this partnership and Carahsoft’s support is so important.”

Technology in the Hybrid Courtroom

As leaders in their respective spaces, BEINCOURT and Zoom are particularly well positioned to offer federal, state, and local governments a scalable, seamless way to support hybrid hearings. It is crucial for those physically in the courtroom to be able to interact with those joining virtually — just as it is crucial for the judge to remain in control of the proceedings.

By using BEINCOURT and Zoom together, the following features enable a seamless hybrid courtroom experience:

  • High-quality speakers and microphones
  • Multiple camera shots of the courtroom
  • Mechanisms for digital evidence presentation
  • Support for simultaneous language interpretation
  • Complete audiovisual control, including the option to stop screen or video sharing, and mute audio
  • Annotation and ASL capabilities for improved accessibility
  • The ability to play white noise to prevent attendees and jury members from hearing sidebar discussions

See a Mock Hybrid Courtroom Today

While Zoom and BEINCOURT offer the technology to power a hybrid courtroom, Carahsoft simplifies the procurement process for potential customers. Carahsoft will distribute the offering through relevant channels, tapping into their diverse public sector partner ecosystem.

Additionally, Carahsoft has built a mock hybrid courtroom simulation at its Reston, Virginia office that is also accessible virtually to remote customers and includes a bench, witness stand, counsel tables, two TVs (for screen-sharing and hybrid meetings), cameras, and miscellaneous hardware.

Sign up for a demo today to learn more about why hybrid courtrooms are here to stay.

AvePoint Adds Governance, Management, Data Protection and Migration Support for Microsoft Power Platform

Posted on by
Reply

Carahsoft partner AvePoint Public Sector recently announced its support for the governance, management, migration and data protection of Microsoft Power Platform environments. As more organizations adopt Power Platform to automate processes, build digital solutions, analyze data and create virtual agents, IT leaders need strategies that support their unique governance, security and compliance requirements.

AvePoint’s support for Power Platform helps organizations:

  • Provide scalable management and governance: Access management and risk assessments allow organizations to quickly drive impactful collaboration and sustainable Power Platform adoption. Best practices and productivity can be achieved through automated governance and policies, enforcing proper control of data access and functionality.
  • Protect critical workspaces, apps and flows: AvePoint’s automated backup for Power BI workspaces, Power Apps and flows makes it seamless to avoid accidental data deletion, user error or ransomware. This way, organizations can ensure they’re protected, compliant and prepared for business continuity when using Power Platform.
  • Seamlessly migrate data: Building on AvePoint’s award-winning migration capabilities, organizations can now migrate apps from an environment within the same tenant or between tenants – giving organizations more opportunities to successfully use Power Platform.
AvePoint and Microsoft Integration Blog Embedded Image 2023

Some organizations are already taking advantage of the AvePoint’s Power Platform support. “AvePoint’s support for Power Platform has helped us empower employees to safely build solutions that will enhance their work,” Mike Fettner, Principal Office 365 Engineering at Regeneron, said. “As an organization, this allows us to continue taking smart risks because we know robust governance solutions will put the right guardrails in place, and data protection will ensure none of our data or workflows are lost.”

Register today to join AvePoint and Microsoft for Power Platform Workshop: A Framework to Manage and Govern Power Platform at Scale, coming to a city near you later this Spring.

Connecting Customers with AvePoint and Industry Solutions

It has never been easier to count on Carahsoft and AvePoint. We can help your agency with:

  • Quick quote turnaround and smart spending
  • Industry-expert cloud computing product recommendations
  • 24/7 live assistance to get you up and running faster

Contact a member of the Carahsoft and AvePoint Public Sector team today and discover how we can support your organization.

How CISOs Can Come to Grips With a New Priority – Securing the Supply Chain

Posted on by
Reply

Software supply chain hacks are now the most prevalent form of cyberattack. According to the latest Verizon Data Breach Investigations Report, 62% of system intrusion incidents came through a third-party, highlighting the difficulties that many organizations – including federal agencies – face in securing their supply chain. A recent flurry of legislative activity demands that CISOs step-up their supply chain due diligence – and fast.

Key among these directives and guidance is the Enduring Security Framework (ESF). Developed by NSA, ODNI, and CISA, and modeled on the NIST Secure Software Development Framework (SSDF), ESF aims to harmonize previously disparate Cyber Supply Chain Risk Management (C-SCRM) policies and procedures across the federal government. A key tenet of ESF – and also a requirement of a new White House Memo (M-22-18) – is vendor self-attestation to software developed in accordance with NIST standards.

Yet, despite directives from the highest levels of government, questions remain:

  • Does every ESF recommendation and control have to be met by software vendors?
  • Are some C-SCRM practices and standards a priority over others?
  • Will OMB require point-in-time or continual attestation?
  • When will the standardized self-attestation form be released?

Until we have answers, one thing is clear – software supply chain security can’t be solved by directives and guidelines alone. The reality is, a threat can only truly be mitigated through increased cooperation between the public and private sectors. As head of government affairs at SolarWinds here’s my take on how the agencies and industry can join forces to collaborate.

Cooperation Must Occur – CISO to CISO

SolarWinds Securing the Supply Chain Blog Embedded Image 2023

Typically, software purchases are one-time transactional exchanges. After all, the goal is to make procurement, installation, and deployment as quick and efficient as possible. In this model, relationships between the software vendor or supplier and the procuring agency aren’t nurtured. It’s an approach I believe needs to change.

To protect our shared infrastructure from evolving threats, federal security leaders must build lasting and meaningful relationships with software vendors.

Creating these partnerships is the future of C-SCRM in the federal government. Indeed, following the 2020 SUNBURST hack, we set out on a mission to lead the way to safer IT with our Secure by Design initiative. This effort included launching a new model for secure software development to strengthen the integrity of build environments.

Crucially, we also committed to establishing new standards in information-sharing and public-private partnerships. Government security leaders should communicate frequently and continuously with their industry counterparts about enterprise software security, the development process, and adherence to ESF standards. When it comes to their vendors, Federal CISOs must also have a dedicated person to call at any time – not just a toll-free number.

Screen Vendors in Seven Steps

Self-attestation may be mandated, but it won’t fix everything. After all, most agencies lack the resources to evaluate every software vendor’s self-declaration, opening the doors to abuse. The compliance framework may also seriously hinder the procurement process.

Until OMB issues further guidance, agencies can screen their suppliers’ security measures using a set of seven questions developed by our CISO, Tim Brown, and DHS CISO Ken Bible in the aftermath of the SUNBURST. Those questions are:

  • How do your vendors secure software code?
  • What type of environment do you build your software in?
  • Have they established secure software development framework roles and responsibilities?
  • Are they using automation and DevSecOps to automate developer and security toolchains?
  • What policies and measures do they have in place to prevent malicious or vulnerable software from affecting their customer base?
  • How are they monitoring risk in their own supply chain?
  • If a breach occurs, what’s their process for notifying customers?

Defending Together

Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.

Download our Whitepaper to learn more about how this model can be used to secure the software supply chain, or to learn more about SolarWinds Secure by Design initiative, SolarWinds’ recently launched Next-Generation Build System, a model for secure enterprise software development.

Modernizing Licensing and Regulatory Processes with Thentia Cloud

Posted on by
Reply

To ensure they are continuously meeting high standards and engaging in ongoing learning in their fields, licensed professionals must renew their license at regular intervals with the applicable regulatory body. Due to the diversity of licenses across industries, licensing agencies manage their processes in a variety of ways. However, across the board, it is important to meet people where they are comfortable: online. Thentia Cloud, an industry-leading, full-service platform for licensing and permitting, provides the perfect solution for regulatory agencies.

Efficient licensing requires shift from manual to digital processes

As the IT landscape continuously changes, industries work to change with it. One recent impactful industry shift has been the switch from paper-based to digitized licensing processes. Previously these manual processes caused long wait times for licensees, which, in extreme cases, prevented them from practicing. On the regulatory side, this often created a large backlog and increased workload for staff, which prevented them from focusing on other important tasks. The inefficiency was heightened especially during the COVID-19 pandemic. With such a large backlog of license applications and renewals, it could take days, or even weeks, for licensees to resolve issues with their applications or receive approval.

Thentia Cloud’s secure online portal makes licensing easier for both regulatory staff and licensees

Thentia Cloud Blog Embedded Image 2023

Licensing services are more efficient when processed digitally. Agencies should move to transform manual licensing into secure, cloud-based services that can be easily utilized by both regulatory staff and licensed professionals. Through Thentia Cloud’s secure and convenient online portal, both parties can manage licensing processes more smoothly. On the licensee-facing side, practitioners can easily make payments and view their invoices, track continuing education requirements, and submit documents related to their license application or renewal. They can also use the web-based portal to securely see all their personal information—such as their name, address, contact information and license status — and make changes if necessary. This eradicates the need for physically mailing forms, payments and documents back and forth, which can add unnecessary time and costs to the process. Another added benefit is that licensees receive an estimated response time. On the agency side, all licensee information is easily accessible and complete. Rather than relying on an annual paper form, all vital information is securely saved in a portal system. This eliminates the need to resubmit the same information, which bogs down staff time.

Thentia Cloud’s powerful data virtualization capabilities enable better reporting and performance measurement

As key performance indicators vary from agency to agency, performance expectations will vary. For some regulatory agencies, the highest priority may be license application turnaround time. For others, it may be how complaints are handled between processing and resolution. Currently, many agencies are limited by their technological maturity. When regulators rely entirely on paper-based processes, their reports tend to be time-consuming, coarsely written, not machine-ready, or completely incompatible with reports from external organizations. Agencies with discrete databases will all face a variety of difficulties generating reports. The process of pulling and analyzing data from multiple different data sets can be tedious and time consuming.

This can be alleviated with data virtualization, which can greatly reduce the time and cost needed to gain information. With licensing solutions, regulators’ comprehensive reporting capabilities can instantly be used to pull new types of queries and export the data from these queries.

Thentia Cloud can also help agencies measure their success. The platform’s powerful analytics and reporting tools can virtualize information from whatever existing database the agency uses, compile information on different queries, and then convert it from discrete data sets into a singular language. With cloud licensing, all agencies need to do is scan and digitize their information. Solutions with reporting capabilities add an additional benefit of robust analytical reports. Thentia Cloud offers 35 custom reports, as well as customer service providers who can help agencies utilize the software to create their own structured query language. This allows regulators to create reports that are specialized to their unique requirements.

Thentia Cloud enables easy communication and information-sharing

Thentia’s cloud-based solution facilitates easy communication and information sharing between government agencies, education providers, licensees and the public. Cloud virtualization allows several groups to meet and collaborate to keep up with changing regulatory requirements. These licensing solutions can perform a variety of functions to aid this, such as schedule meetings, provide reminders, allow areas for documentation, etc. A proper cloud solution removes the difficulties in organizing these elements and provides an easy place for stakeholders to access the information. This can encourage a data-driven decision-making approach for all parties involved. Features such as predictive analytics can help stakeholders avoid potential harm by ensuring licensees are properly tracked, trained and licensed.

Thentia Cloud provides an all-in-one solution to streamline key regulatory processes

With Thentia Cloud, stakeholders have a one-stop location to complete all their licensing needs. Thentia’s cloud-based solution helps regulatory agencies digitize and streamline key regulatory processes, from license registration and renewals, to payments and finance, to analytics and reporting, and more. With the changing expectations of agencies and regulators, Thentia Cloud can maintain pace by providing limitless configurations, automated workflows, centralized data and extensive insights.

Fill out the form to access Thentia’s informative brochure, “Thentia Cloud: Cloud-based licensing and permitting software designed exclusively for regulators, by regulators,” to learn how Thentia can support your organization’s cloud journey.