Identity is The Backbone of Secure, Agile DoD Missions

Posted on by Frank Briguglio

I had the opportunity to present to the DoD community at AFCEA TechNet Cyber where where stakes are high and operational tempo is relentless, embedding security into every layer of the digital environment is no longer optional. Identity governance and administration (IGA) has emerged as a cornerstone of cyber resilience, enabling secure modernization, supporting Zero Trust mandates, and accelerating mission impact.

Identity as a Strategic Force Multiplier

Modern warfare and defense readiness extend far beyond kinetic capabilities. Cyber is now a primary domain of operation, and within that domain, identity is the new perimeter. Identity security is not simply about access control; it is about governing who has access to what, when, and under what conditions—across all users, environments, and applications.

A well-implemented IGA program transforms complexity into control. It provides the visibility and automation needed to reduce risk, enforce policy, and enable agility. From onboarding mission partners to ensuring continuous compliance with audit and risk frameworks, identity governance acts as the connective tissue between policy, people, and mission success.

Governance is the Gateway to Zero Trust

The DoD’s Zero Trust Architecture (ZTA) is predicated on one central truth: never trust, always verify. At the core of this paradigm is the concept of least privilege—granting users only the access they need, nothing more.

IGA platforms like SailPoint do more than facilitate access. They enforce policy and establish what access should look like, continuously verifying access needs, and tie the identity to activity. Instead of relying on static credentials or infrequent certifications, identity governance brings continuous verification to life—ensuring users, devices, and applications are validated and flagged in the policy information point before access is granted.

This proactive stance aligns IGA with foundational guidance such as the Risk Management Framework (RMF), and the NIST SP 800-53 controls. Governance is not just a checkbox; it is operational security in action.

FIAR, Compliance, and Continuous Audit Readiness

Passing audits like FIAR (Financial Improvement and Audit Readiness) is more than a bureaucratic exercise. It’s a demonstration of operational integrity and mission readiness. Identity governance simplifies this process by embedding compliance into everyday operations.

IGA platforms automate access certifications, enforce separation of duties (SoD), and maintain immutable audit trails. Instead of scrambling for documentation during audit season, organizations can prove—at any time—that they were always in compliance. This shift from reactive to continuous audit readiness is a game-changer for large DoD organizations.

Mission Agility Through Automation

In the DoD, time is not a luxury. Missions shift quickly, mission partners rotate often, and new technologies are deployed at speed. Manual processes simply cannot keep up.

IGA enables automation across the entire identity lifecycle. From onboarding new coalition partners to deprovisioning departing contractors, governance tools streamline access requests, approvals, and revocations. This not only enhances security but also reduces administrative overhead, freeing resources for mission-critical tasks.

Moreover, by integrating with technologies like the DoD Federation Hub, identity governance extends its reach to federated and cross-domain environments—supporting secure joint and coalition operations at scale.

Real ROI: Security that Pays for Itself

The value of IGA goes beyond risk mitigation. It delivers measurable return on investment (ROI) through operational and financial gains. These include:

Audit cost reductions through automated evidence collection and fewer control failures
License savings by rationalizing unused or redundant entitlements
Operational efficiency through faster onboarding/offboarding and reduced manual workloads
Risk reduction by limiting the window of exposure for insider threats or privilege misuse

This is ROI by design—security investments that drive cost savings while advancing strategic goals.

A Maturity Model for Sustainable Progress

Identity governance is not a one-time deployment—it’s a journey. I have created a maturity model for the DoD that provides a structured path from basic CAC availability to advanced, AI-driven, risk-adaptive governance. Each step builds capabilities that align with Zero Trust pillars, from policy enforcement to real-time threat response.

As organizations mature, they can integrate IGA with other strategic technologies such as Comply-to-Connect, SASE, and XDR, multiplying both security effectiveness and mission agility.

Conclusion: Govern Everyone, Prove Every Access

To secure the mission, you must govern identity with the same rigor used to defend the network. Identity security is no longer a backend control; it is the control plane for modern defense operations.

Govern everyone. Prove every access. This is the blueprint for a Zero Trust future—one where audit readiness is continuous, access is justified, and the mission moves at the speed of trust.

Learn more about how ICAM solutions empower agencies to manage digital identities with precision.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

Posted on by Frank Briguglio

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

Mission partners and contractors get the access they need faster—without creating long-term exposure.
Audit preparation becomes easier, with clear logs of who had access to what, when and why.
Compliance improves, especially in regulated industries, based on NIST and other frameworks.
Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

The Top 10 OSINT Events for Government in 2025

Posted on by Michael Shrader and Marty Gryski

Open Source Intelligence (OSINT) is no longer a niche capability—it is a core component of modern intelligence work. Carahsoft and our partners have spent years attending and supporting the top OSINT events. We have seen firsthand how AI, automation and smarter data strategies are reshaping the way Government teams gather, analyze and act on intelligence.

This list of the top OSINT events for 2025 and beyond highlights the best places to learn, connect and bring new ideas back to your mission.

OSMOSIS: DC

August 6-7 | Reston, VA | In-Person Event

OSMOSIS:DC is a two-day conference held by OSMOSIS, an Association for OSINT Professionals. The theme for this year is “Technology, Trends, and Transformations.” The expo-style event offers participants direct access to leading vendors, hands on experience with the latest tools and expert-led workshops. Attendees will have the opportunity to connect with industry leaders and build career advancement strategies to help stay ahead of emerging OSINT trends. OSMOSIS:DC is a great opportunity to gain transformative insights from the OSINT industry!

Take a look at some of last year’s top themes in preparation for the 2025 event:

Harnessing Location Intelligence: Advanced OSINT Techniques for Cyber Intelligence Investigations

Linguistic Fingerprints: Using Language to Profile Subjects in OSINT Investigation

Digging for Digital Dirt: Unearthing Bad Actors with Open-Source Intelligence

Carahsoft invites our partners to exhibit at OSMOSIS:DC, hosted at our Conference & Collaboration Center in Reston. Whether you are looking to sponsor, speak, exhibit or just attend, reach out to osintverticalmarketing@carahsoft.com to get involved in this intimate networking event!

Billington Annual Cybersecurity Summit

September 9-12 | Washington, D.C. | In-Person Event

The Billington Annual Cybersecurity Summit is the leading forum for cybersecurity professionals, Government leaders and industry executives to discuss emerging threats, best practices and the latest trends. With over 200 expert speakers, 100+ cyber-focused vendors and more than 40 sessions, attendees will have the chance to engage with top specialists, explore state-of-the-art technologies and participate in thought-provoking discussions. The Summit’s strong focus on collaboration between the Public and Private Sectors provides insights that address real-world security challenges. Learn about cybersecurity strategies, AI-driven threat detection and the latest advancements in national defense at this crucial event!

Carahsoft is looking forward to sponsoring and exhibiting at this year’s event. We’re excited to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website  for more details closer to the event!

Intelligence & National Security Summit

September 18-19 | National Harbor, MD | In-Person Event

The Intelligence and National Security Summit (INSS), held by AFCEA International and the Intelligence and National Security Alliance (INSA), gathers thought leaders, policymakers and industry experts dedicated to advancing solutions for shaping the future of intelligence and national security. The two-day event will feature five plenaries, and six breakout sessions focused on AI and emerging technologies, critical infrastructure security, space acquisition and more. Attendees will gain hands on experience with innovative technologies in the Intelligence Community (IC), insights from experts in the field, as well as networking opportunities with Government leaders, technical professionals and leading researchers. Expert-led panels and interactive discussions will cover critical national security challenges and provide actionable strategies for navigating the complex world of intelligence. Join this premier forum to explore the emerging threats, intelligence operations and technological advancements that are redefining the security landscape!

Carahsoft supports INSS by enabling our vendor partners to participate as sponsors and exhibitors, ensuring a strong industry presence at the event.

IACP

October 18-21 | Denver, CO | In-Person Event

The International Association of Chiefs of Police (IACP) is an annual event that brings together public safety professionals from around the world to explore new techniques, share expertise and prepare their departments for future success. The conference features an exposition hall showcasing products from more than 600 vendors, education workshops and networking opportunities with fellow law enforcement professionals. Spanning four days, attendees will have the chance to engage in policy discussions on the latest challenges in policing, leadership and public safety innovation. As one of the largest law enforcement events, IACP 2025 is an essential gathering for agencies looking to enhance their strategies and stay ahead in an evolving security landscape.

Attendees should expect sessions surrounding how to leverage OSINT for criminal investigations, OSINT for threat assessment and risk mitigation, as well as Dark Web and Deep Web investigations.

Carahsoft will have a booth at IACP where several of our vendor partners will demonstrate their solutions and share educational content. We will also be hosting a networking reception with several of our vendor partners, welcoming conference attendees for food, drinks, networking and more! 

OSINT Foundation Awards

November 7 | VA | In-Person Event

The OSINT Foundation Awards recognize individuals and organizations that have made significant contributions to the field of OSINT. Attendees will explore the latest OSINT methodologies, data analysis techniques and the critical role of open source information (OSIF) in national security and risk assessment. This prestigious event highlights major achievements, facilitates professional networking and demonstrates OSINT’s impact on intelligence operations. Join industry experts as they honor innovation, dedication and the future of OSINT!

Awards honored at last year’s ceremony included:

Innovation of the Year

Volunteer of the Year

Practitioner of the Year

Unit of the Year

Catalyst of the Year

Product of the Year

View a more in-depth explanation of the selection criteria here.

Carahsoft is a proud partner of the OSINT Foundation, supporting them annually by hosting the OSINT Foundation Tech Expo. We encourage our partners to get involved with this event by nominating individuals who they believe exemplify excellent service to the nation and contribute to the OSINT discipline.

Global Security Exchange

Sept 29 – Oct 1, 2025 | New Orleans, LA | In-person Event

Global Security Exchange (GSX) 2025 is the premier event for security professionals across the public and private sectors, offering a comprehensive forum to explore the evolving threats and innovations shaping today’s global risk landscape. With immersive education sessions, insightful keynotes and cross-industry networking, GSX brings together leaders and practitioners from around the world to exchange ideas, strategies and best practices. Attendees will gain firsthand insight into the tools and technologies driving the future of physical and cyber security.

Carahsoft is proud to exhibit at GSX 2025 at Booth #2907. Stop by to connect with our OSINT experts and discover the latest open source intelligence technologies designed to help you stay ahead of emerging threats. We look forward to engaging with the security community and sharing how our partners are equipping organizations to be the first line of defense in today’s complex environment.

OSINT Foundation Tech Expo

April 30 – May 1, 2026 | Reston, VA | In-Person Event

The OSINT Foundation Tech Expo is an annual event that brings together professionals and experts in the field, showcasing the latest advancements in OSINT technologies and related services. Attendees can expect a variety of presentations, workshops and networking opportunities designed to enhance knowledge and skills in gathering and analyzing publicly available information. The event aims to foster collaboration and innovation within the OSINT community, making it a must-attend for anyone involved in intelligence and cybersecurity!

Carahsoft is proud to host the OSINT Foundation Tech Expo at the Carahsoft Conference & Collaboration Center in Reston, a space dedicated to ensuring collaboration and support across the technology industry and Government. Carahsoft invites our partners to join the 50 OSINT vendors and agencies already lined up to showcase their own tabletop exhibits. Carahsoft has also collaborated with FedGovToday’s Francis Rose to interview our partners for their Innovation in Government and Video Insights!

GEOINT 2026

May 3-6, 2026 | Aurora, CO | In-Person Event

The Geospatial Intelligence (GEOINT) Symposium is the nation’s largest gathering of industry professionals and Government leaders and will be held at the America’s Center Convention Complex in St. Louis. This year’s theme, “Building a Secure Tomorrow Together,” highlights the collaborative efforts and cutting-edge innovations shaping the future of geospatial intelligence. The symposium will feature industry-leading keynote speakers, main stage panels and hands on training sessions on topics such as mission planning, precision timing and navigation. Attendees will be able to engage with geospatial intelligence experts to deepen their understanding, foster connections and stay at the forefront of innovative technologies. Attend GEOINT 2026 to explore the critical role geospatial intelligence will play in building a secure future!

Carahsoft intends to showcase a Partner Pavilion with our vendors again in 2026. We look forward to attending GEOINT 2026 and join our OSINT customers to learn more about the latest in geospatial open source intelligence.

SOF Week 2026

May 3-8, 2026| Tampa, FL | In-Person Event

SOF Week 2026 is the annual gathering for the international Special Operations Forces (SOF) community. Jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, the event serves as a platform for fostering collaboration, innovation and excellence in modern special operations. SOF Week will feature keynote addresses from senior leaders, professional development workshops, chances to network and sessions focused on non-profit initiatives. Do not miss this key event shaping the future of SOF operations!

Carahsoft and more than 45 partners will attend and showcase solutions in AI, DevSecOps, cybersecurity, cloud technologies and open source intelligence.

TechNet Cyber 2026

June 2-4, 2026 | Baltimore, MD | In-Person Event

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA), is a flagship cybersecurity event bringing together U.S. Cyber Command, the Defense Information Systems Agency (DISA), Joint Force Headquarters-Department of Defense (DoD) Information Network and DoD Chief Information Office (CIO), as well as a mix of military, Government, industry and academic leaders. This conference serves as a platform for collaboration, uniting policy, strategic architecture, operations and command and control to address global security challenges in the digital domain. Attendees can expect a comprehensive program featuring expert panels on cybersecurity advancements, technology demonstrations and networking events aimed at enhancing national cybersecurity efforts. Join us in Baltimore to connect with top decision-makers and help drive solutions for this vital mission!

The event will feature a range of exhibitors, including Carahsoft’s leading cyber technology providers. Carahsoft looks forward to joining our open source intelligence customers at TechNet Cyber in 2026.

Join us at one of our 2025 OSINT events to connect with intelligence leaders and professionals dedicated to advancing OSINT. Do not miss this opportunity to explore innovative OSINT techniques and tools, data analysis, cybersecurity and more!

To learn more or get involved in any of the above events please contact us at OSINTVerticalMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our OSINT solutions portfolio.

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

Posted on by Arham Dowla

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
Dual-region hosting on AWS commercial US East/West regions
Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

A Cloud Migration Manager assigned to each Atlassian Government Cloud project
Migration guides, training resources and toolkits to support end-user adoption
The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

Up to a 53% increase in productivity
47% improvement in cross-functional collaboration
44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

SOC of the Future: Advanced Strategies for Modern Cybersecurity Challenges

Posted on by John McCann

Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

In today’s fast-paced digital world, security teams are under immense pressure to defend against a surge in sophisticated cyber threats. Expanding attack surfaces, driven by new technologies, cloud adoption, remote work and interconnected devices, create countless entry points for attackers. Security Operations Centers (SOCs) must evolve by leveraging automation, AI and machine learning (ML) to stay ahead—cutting through the noise, accelerating threat detection and streamlining responses to provide scalable, real-time defense against ever-evolving risks.

Modern SOC Challenges

As cyber threats continue to rise in both frequency and sophistication, SOCs are coping with an overwhelming volume of security incidents. Check Point Software’s 2025 Security Report reveals a staggering 44% year-over-year increase in cyberattacks, highlighting the urgent need for stronger, more scalable defenses.

Organizations are no longer operating within clearly defined perimeters. Today’s digital environments are sprawling and dynamic, spanning on-premises infrastructure, multi-cloud deployments, software as a service (SaaS) platforms, Internet of Things (IoT) devices and a remote workforce. Each layer adds complexity—and with it, new vulnerabilities. The expanding attack surface increases not only the number of potential entry points but also the volume of activity that must be monitored.

This leads to another major challenge: organizations are now generating unprecedented volumes of security data. SOCs are tasked with analyzing vast, continuous streams of telemetry to detect threats in real time but extracting meaningful insights from this flood of data has become increasingly difficult.

While traditional Security Information and Event Management (SIEM) systems remain a core component of enterprise security, they are struggling to keep up. Many SIEM platforms are constrained by schema designs, database capacity and a limit on the number of detection rules that can be ingested.

As a result, SOCs are often forced to make difficult trade-offs, choosing which data to collect and analyze based on storage and processing limitations. This selective approach creates blind spots, potentially allowing critical threats to go undetected. In fact, 56% of organizations report coverage gaps directly linked to the limitations of legacy SIEM systems, underscoring the need for modernization.

Alert fatigue is compounding the issue. Even well-configured SOCs can generate thousands of alerts daily, overwhelming analysts and increasing the risk of real threats being missed. According to a 2023 RSA survey by Gurucul, 61.37% of security teams report receiving more than 1,000 alerts per day, while 4.29% deal with over 100,000. Alarmingly, 19.74% say the volume is so high they cannot even quantify it.

SOC Prime-SOC of the Future-blog-embedded image-2025

Beyond the operational strain, cost is another major barrier. A medium-sized organization can produce terabytes of log data every day, and storing and processing this information—especially at the scale required for comprehensive threat detection—can cost hundreds of thousands annually. SOC leaders are under constant pressure to strike a balance between broad visibility and tight budget constraints.

In this high-volume, high-velocity environment, traditional manual analysis simply cannot keep up. To close visibility gaps, reduce alert overload and operate efficiently at scale, organizations must adopt intelligent automation. Advanced analytics, ML and AI-driven detection can dramatically reduce noise, prioritize critical alerts and help SOC teams focus on what matters most—responding to real threats in real time.

The Role of Automation in SOC

Automation is a key force multiplier for SOC teams, enhancing threat response speed and accuracy. Over the past decade, security orchestration, automation and response (SOAR) solutions have had mixed success. While these solutions streamline workflows and incident response, they require significant maintenance, including scripting, playbook development and continuous security stack integration. The high total cost of ownership often outweighs initial investments, making long-term sustainability a challenge.

To address these limitations, SOCs are adopting telemetry pipelines, which intercept and filter traffic before SIEM processing, ensuring only relevant security data is analyzed. Advanced enrichment reduces redundant data, improving efficiency while lowering cloud storage costs.

Extended detection and response (XDR) solutions are also gaining traction. XDR integrates multiple security layers, correlates alerts locally and reduces reliance on centralized SIEMs. Vendor-specific XDR stacks work best within their own ecosystems but streamline threat detection and response.

Data lakes are becoming essential for long-term threat hunting, enabling analysts to detect subtle, prolonged attacks by retaining historical data for extended periods. This allows analysts to uncover patterns that might otherwise go unnoticed.

As SOC automation evolves toward autonomous SOC models and “SOCless” SIEM architectures, ML-driven algorithms will handle much of the processing and correlation, facilitating faster threat detection and response. By automating repetitive tasks like log analysis and low-level alert triage, SOC analysts can focus on complex investigations, enhancing security while addressing the skills gap.

Still, Gartner predicts that by 2030, 75% of SOC teams will see a decline in core security analysis skills as they grow too reliant on automation and AI. Therefore, deployments aimed at both augmenting human tasks and adding precision and speed to human investigations will be more effective than single-technique AI analytics. Striking the right balance between machine-driven speed and human insight seems like a feasible solution that keeps security teams agile, informed and in control of threats.

Evolving Technologies and Solutions

AI and ML capabilities enhance predictive analytics and threat-hunting capabilities, keeping SOC teams ahead of attackers. According to Gartner, by 2026, advancements like “action transformers” and the continued evolution of Generative AI (GenAI) will power semi-autonomous platforms that can greatly enhance and support the day-to-day operations of cybersecurity teams.

As cybersecurity AI assistants evolve, they will be used as more sophisticated tools for interactive support and investigation, covering tasks like incident response, risk assessment and code reviews. These tools are expected to boost efficiency and reduce response times, whether in organizations just building their security programs or in mature teams with established processes. These innovations improve threat detection and SOC readiness to withstand modern cyber risks.

Future SOC Operations

Progressive organizations understand the real value of AI/ML-powered SOC technologies that can be reasonably used and shift their focus from single-technique tools to building integrated systems that fuse software, AI and human expertise. Achieving scalable impact means having a clear strategy that targets the most meaningful opportunities.

Additionally, investment in workforce development and upskilling will be essential to bridging the cybersecurity talent gap. Organizations that invest in these areas will elevate their SOC effectiveness, better safeguard critical assets and build a resilient, future-ready cybersecurity posture.

To gain deeper insights into these strategies and hear directly from industry experts, watch SOC Prime’s webinar, solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modern Fraud Threats in Government Relief Programs: How Agencies Can Defend Against Cybercrime

Posted on by Joe Rogers

A recent investigation by CBS News’ “60 Minutes” has highlighted a significant issue: organized crime rings, often operating from overseas, are using stolen identities to steal billions of dollars from the U.S. Federal and State programs. These sophisticated fraud schemes specifically target public assistance initiatives, taking advantage of digital vulnerabilities and overwhelmed systems. The COVID-19 pandemic accelerated the delivery of relief funds, presenting new challenges for security systems still being implemented.

As these cyber-enabled crimes grow in complexity and scale, Public Sector organizations must evolve their defenses. HUMAN Security offers a modern solution that aligns with Public Sector standards and frameworks, like the NIST Cybersecurity Framework, to protect against automated fraud, account takeovers and bot-driven exploitation.

The Expanding Threat Landscape: Government Fraud at Scale

The fraud rings described in the CBS report do not fit the Hollywood stereotype of a lone hacker in a basement. These are industrial-scale operations run by criminal syndicates that:

Use stolen or synthetic identities to apply for public benefits such as unemployment insurance, COVID relief, food assistance and housing vouchers.
Leverage bots and automated scripts to rapidly test stolen credentials against Government login portals.
Host phishing websites and fake document generators to fool verification systems.
Exploit the lack of robust digital defenses in legacy Public Sector infrastructure.

At the height of the pandemic, the U.S. prioritized the rapid distribution of trillions in relief funds to support individuals and businesses in crisis. In the urgency to deliver aid quickly, some agencies adjusted standard fraud controls—creating unforeseen opportunities for bad actors. According to the CBS report, an estimated $280 billion was lost to fraud, with an additional $123 billion categorized as wasted or misused.

The tactics employed have now evolved into permanent tools of financial exploitation. Many cybercriminals continue to exploit social welfare and Government programs by leveraging automation and AI. Fraud isn’t slowing down—it’s scaling up.

Why Public Sector Agencies Are Attractive Targets

Government systems present a unique target profile for attackers due to a combination of high-value data, broad user bases and strained IT resources. Here’s why the Public Sector is particularly vulnerable:

1. High Payout Potential

Each successful fraudulent claim can yield thousands of dollars in benefits. Fraudsters often operate in bulk, submitting thousands of applications using stolen identities.

2. Legacy Infrastructure

Many State and Local agencies still operate on outdated software stacks that lack modern bot detection or behavior-based threat analysis.

3. Lack of Real-Time Monitoring

Fraudulent applications often go undetected until after funds are dispersed. Manual review processes are insufficient to handle the volume of claims.

4. Increased Script & API Vulnerabilities

Fraudsters exploit front-end vulnerabilities, such as JavaScript manipulation or misuse of APIs, to simulate real user activity, bypass verification checks and deploy fake documents.

HUMAN Security: A Modern Solution for a Modern Threat

Carahsoft, HUMAN 60 min, blog, embedded image, 2025

HUMAN Security specializes in protecting organizations from automated attacks, fraud and abuse by distinguishing between real users and malicious bots. HUMAN’s solutions are uniquely positioned to help Public Sector agencies address the specific types of fraud exposed by 60 Minutes.

1. Bot and Automation Mitigation

Fraudsters frequently use bots to submit applications at scale, probe systems for weaknesses and conduct credential stuffing attacks. The HUNAN Defense Platform analyzes over 20 trillion digital interactions weekly to identify real-time anomalies.

Through behavioral analysis, device fingerprinting, and machine learning, we can help public sector clients:

Detect non-human interaction patterns
Prevent fake accounts from being created
Block bot-driven denial-of-service or overload attempts

2. Account Takeover & Credential Abuse Defense

Many fraud schemes begin with access to a real person’s Government credentials. We prevent account takeovers by identifying compromised credentials in real time and helping clients stop unauthorized login attempts.

Our Application Protection Package also integrates into public-facing login portals to block brute-force attempts and detect unusual login behavior.

3. Fake Identity and Synthetic Account Prevention

Fraudsters use fake IDs or generated synthetic identities to bypass identity checks. Our behavior-based analytics distinguish real users from fabricated personas—stopping fake account creation before it starts.

4. Real-Time Threat Intelligence:

By continuously monitoring emerging threats, we equip Public Sector clients with up-to-date information to counteract evolving fraud tactics.

5. Integration with Public Sector Frameworks:

Leading-edge solutions that align with standards like the NIST Cybersecurity Framework, HUMAN facilitates seamless integration into existing Government infrastructures and helps public sector clients with compliance and regulatory requirements.

Real-World Benefits to Government Agencies

By adopting fraud protection solutions, public agencies can:

Minimize Fraud Risk: Real-time prevention minimizes the risk of sending funds to bad actors.
Protect Citizens: Reduce identity theft and unauthorized access to sensitive citizen data.
Build Trust: Demonstrating robust cybersecurity fosters public trust in digital Government systems.
Streamline Compliance: Meet modern standards like PCI DSS 4.0 requirements 6.4.3. & 11.6.1 and NIST CSF with confidence.
Save Taxpayer Dollars: Every fraudulent dollar blocked is money that can be returned to real beneficiaries or saved for future programs.

A Call to Action for Government Leaders

The fraud revealed in the CBS 60 Minutes report isn’t an isolated event—it’s a warning sign. Digital transformation has accelerated across public agencies, but fraud defenses haven’t always kept pace.

Government leaders must take a proactive stance by:

Modernizing fraud detection capabilities
Closing visibility gaps across digital infrastructure
Adopting behavior-based, real-time defenses like HUMAN Security
Aligning security strategy with established frameworks (NIST, PCI DSS)

Fraud is no longer just a compliance risk—it’s a national security issue. As public trust and taxpayer funds hang in the balance, Government agencies must embrace modern, intelligent and automated defense systems to keep fraudsters out.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Nutanix AHV and Rubrik’s Layered Security – The Key to System Resilience and Efficiency

Posted on by Tom Bisbee, Gabriel Flores and Brett Atha

Protecting critical infrastructure from cyber threats and ensuring business continuity in the face of disasters is a top priority for organizations today. Luckily, Nutanix AHV, a modern, secure virtualization platform that powers and enhances virtual machines (VMs), can help. Rubrik’s integrated solutions fortify AHV environments against ransomware attacks and enable efficient disaster recovery. By leveraging features like immutable backups, anomaly detection and on-demand cloud-based disaster recovery, organizations can enhance their cyber resilience and minimize the impact of disruptive incidents.

A Simple and Secure Path to VM Management

Nutanix AHV is simple to use and secure by design. The platform works through a centralized control plane, where AHV is integrated into a single application programming interface (API). This eradicates a complicated setup on the customer side. By maintaining constant management and a virtualization layer, Nutanix AHV allows organizations to fulfill mission objectives.

Nutanix AHV features several built-in security features, such as micro-segmentation, data insights, audit trails, ransomware protection and data age analytics.

Nutanix features:

Built-in, self-healing abilities protect against disk failure, node failure and more
A vulnerability patch summary automatically alerts users about susceptibility risks and anomalies that need to be addressed
A life cycle manager provides readmittance testing and deployment testing
More than one copy of backup data, ensuring that users do not lose valuable information
Multi-site replication including to and from the public cloud.

Securing data in Nutanix AHV requires more than just the basic perimeter defenses, but a multi-layered strategy. With Rubrik’s data protection abilities, which include immutable backups, automatic encryption and logical air-gapping, agencies and organizations can recover information within minutes and resume mission objectives in the event of a breach.

Securing Data with Rubrik’s Rapid Recovery Abilities

Rubrik, a security cloud solution provider that keeps your data resilient, enables the near-instant recovery of virtual machines and data within the Nutanix AHV environment. Rubrik provides multiple recovery options within AHV, such as file-level recovery, live mount, export, mount virtual disks and downloadable virtual disk files. Through Rubrik, businesses can recover files from older hypervisors into newer AHV environments without having older hypervisors online. Once granted access to the AHV environment, Rubrik automatically discovers and integrates protocols and base level policies for VMs. Rubrik’s recovery process restores data in minutes, regardless of VM size. As VMs get larger and larger, frequently hitting 50 terabytes, this speedy and precise response empowers organization’s incident response plans to be swift and efficient. After scanning the meta data, users are granted file level recovery after anomaly detection, allowing users oversight on affected data.

As the data that organizations manage grows exponentially, data security becomes critical to business functions. Rubrik offers comprehensive data security, continuously monitoring and remediating data risks within the network.

Through Rubrik, businesses can recover files from older hypervisors into newer AHV environments without having older hypervisors online. Once granted access to the AHV environment, Rubrik automatically discovers and integrates protocols and base level policies for VMs.Rubrik’s recovery process restores data in minutes, regardless of VM size. As VMs get larger and larger, frequently hitting 50 terabytes, this speedy and precise response empowers organization’s incident response plans to be swift and efficient.After scanning the meta data, users are granted file level recovery after anomaly detection, allowing users oversight on affected data.

Rubrik also provides constant monitoring for backups. Typically, businesses do not regulate data backlogs, which increases the likelihood that they miss attackers that sit in the system environment for a few days before collecting data. With Rubrik’s threat monitoring and hunting, organizations can search through backups and detect when an anomaly entered the environment. Through Nutanix and Rubrik’s integration, IT teams can reduce complexity, gain oversight, cut down on operational costs and improve resiliency and efficiency.

Automation: The Key to a Proactive Incident Response

Modern cyber threats require a proactive approach to incident response. With automation and orchestration, facilitated by the combined capabilities of Nutanix and Rubrik, organizations can detect, respond to and recover from cyber incidents more efficiently.

Rubrik has a built-in anomaly detection, which searches protected data for strange behavior, such as mass deletion or encryption. As the volume of data on a network increases, organizations often have sensitive data they are not actively monitoring or even know sensitive data maybe exposed. Rubrik clusters are always scanning protected data for anomalies, sensitive data, and known IOC’s allowing customers to select resolution options, such as isolating compromised VMs, or the ability to restore product systems from last known good copies.

Readiness impacts recovery time, and recovery time impacts organization operations. Nutanix AHV’s recovery organization authorizes IT teams to organize VMs into a set of templates, which can be used to create blueprints and launch application recovery. Nutanix also provides organizations with the flexibility to apply policy to each workload, taking control of network security and BC/DR policy with VM level granularity. By allowing organizations to map out their application owners, Nutanix AHV enables businesses to move from a reactive to a proactive security posture, minimizing the impact of attacks and ensuring swift recovery.

Nutanix and Rubrik’s integration creates a powerful security and operational synergy, empowering organizations with the tools they need for network safety and, if necessary, a swift and comprehensive restoration of critical systems, empowering organizations to resume business missions. Nutanix AHV enables organizations to reduce complexity, improve security and achieve a higher level of resilience and operational efficiency.

To learn more about how Nutanix AHV and Rubrik’s integration delivers streamlined data protection, rapid recovery and robust incident response capabilities, watch our webinar, Fortifying AHV: Cyber Recovery and Incident Response with Nutanix and Rubrik.

Modernizing Government Workflows: Breaking Down Silos for Faster, Smarter Collaboration

Posted on by Dave Rheaume

State and local government teams are under pressure to do more with less. They’re facing rising demands for digital services, growing cybersecurity threats, and shrinking budgets—but outdated systems slow them down. Siloed tools, manual processes, and limited visibility make it harder to serve communities efficiently.

So how can government teams move faster, work smarter, and improve service delivery?

From silos to seamless collaboration

Many government agencies rely on a patchwork of disconnected tools, legacy systems, and manual workflows to manage critical operations. While these systems may have worked in the past, a lack of modernization and cohesive results leads to wasted time, security risks, and high costs.

Agencies need more than just tools—they need a modern, connected way to work. By modernizing workflows and adopting agile, automated processes, they can:

Deliver services faster with fewer bottlenecks
Boost collaboration across IT, operations, and mission teams
Improve transparency with real-time project tracking
Make smarter decisions with AI-powered insights

How agencies are driving change

Government agencies are moving away from outdated, disconnected systems and adopting modern, integrated workflows to improve efficiency and service delivery. By leveraging automation, cloud-based collaboration, and agile project management, they’re breaking down silos, delivering better citizen services, and increasing productivity.

The California Department of Health Care Services saved $2.2M on one project alone using Atlassian and improved delivery time by 66% with Cloud Enterprise. Read more about how they saved millions.
The State of Utah upgraded to Jira Software and Confluence Cloud, seeing more than 90% faster change reviews after cloud migration and completed migration 2.5 years ahead of schedule. Read more about their cost and time savings.

State and local agencies can apply these same principles to streamline processes, cut costs, and improve citizen services.

Start small, scale fast

Transforming government workflows doesn’t have to be overwhelming. Agencies can start with small, strategic changes that drive immediate impact and scale over time.

Identify bottlenecks. Where are delays slowing things down?
Automate repetitive tasks. Free teams for high-impact work.
Connect teams. Break down silos with transparent workflows.

Government agencies don’t need more tools—they need a smarter, integrated approach to getting work done.

Connecting cloud solutions across an agency with Atlassian’s System of Work

Atlassian Modernizing Government Workflows Blog Embedded Image 2025

Government teams—from California’s Department of Health Care Services to the State of Utah—are accelerating modernization by adopting multiple Atlassian cloud products across their agencies. These solutions aren’t just integrated—they’re connected in a way that creates a shared foundation for how work gets done. That foundation is Atlassian’s System of Work.

Built on the Atlassian Cloud, this System of Work connects tools, teams, and data to provide a unified context across programs and mission goals. It enables agencies to plan, track, and scale work more effectively, creating the clarity and collaboration needed to deliver better outcomes, faster.

Here’s how the Atlassian Cloud System of Work helps agencies work smarter—together:

Align work to goals. Ensuring every task and project is directly connected to strategic objectives enhances visibility and accountability across teams.
Plan and track work collaboratively. Utilizing tools like Jira enables teams to plan, track, and manage work collectively, fostering transparency and coordination.
Harness collective knowledge. Platforms like Confluence facilitate the sharing and organization of information, breaking down silos and promoting informed decision-making.

By adopting Atlassian’s System of Work, agencies can transition from fragmented processes to integrated workflows. With more clarity and collaboration, teams can move faster, collaborate better, and deliver exceptional services.

Ready to cut through the complexity? Learn more about Atlassian’s cloud solutions and join our April 15^th webinar: Smarter Government, Faster Results: How AI & Cloud Are Transforming Citizen Services.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Embracing eSignatures: How the SSA is Modernizing Document Processing in the Digital Age

Posted on by David Wilmer

In an era where digital transformation is reshaping both the public and private sectors, the Social Security Administration (SSA) is taking significant strides to modernize how it processes its vast quantities of mail. With millions of Americans relying on the SSA for benefits and services, the agency has long been burdened by a mountain of paperwork. In response to this challenge, the SSA is turning to eSignatures as a key tool in reducing administrative burdens and enhancing efficiency.

The Need for Change: SSA’s Digital Transformation

When considering disability claims, Social Security benefits, or Medicare enrollments, the processes that must be undertaken by the SSA often require signatures for approval. The SSA handles millions of such transactions each year, which are typically paper-based, contributing to a significant administrative burden.^[¹^]

The agency has been working to digitize its services and reduce its reliance on physical mail. The NARA OCRO’s guidance for federal agencies states that converting documents from “digital to paper and back to digital is inefficient, expensive and introduces risks to the authenticity of the records”, and they “encourage agencies to determine if they can move to all-digital workflows that support electronic or digital signatures in place of wet-ink signatures.”^[2] The ultimate goal is to deliver faster, more secure services to the American public, cutting down on processing times and improving overall user experience.

How eSignatures Are Transforming SSA’s Operations

The introduction of eSignatures at the SSA marks a pivotal moment in the agency’s journey toward full digital modernization.

Electronic signatures offer:

a secure, verifiable method for authenticating documents
Much quicker routing/processing of forms and signatures
Programmatic extraction of form data directly into databases

Electronic signatures also help mitigate or eliminate:

Manual processing of paper forms
Lost/misplaced/overwhelming quantities of paperwork
Incorrect/incomplete responses on a form
Forgery/tampering with the document after signature

This transformation is not just about improving internal efficiency; it also drastically improves the experience for beneficiaries. With eSignatures, claimants can now sign documents from the comfort of their homes, avoiding the need to mail in paperwork or visit SSA offices in person. This digital convenience is particularly crucial for elderly or disabled individuals who may have difficulty traveling to an SSA office or navigating complex forms.

A Broader Push for Digital Modernization

Carahsoft Adobe eSignatures Modernizing Document Processing Blog Embedded Image 2024

The adoption of eSignatures is just one component of a broader push for digital modernization within the SSA. This transformation aligns with the federal government’s broader initiatives, led by the Office of Management and Budget (OMB), to promote a “digital-first” public service experience.^[³^]

Despite the clear benefits, the road to digital modernization is not without its challenges. One major obstacle is the need for robust cybersecurity measures and compliance. As more processes move online, the SSA must ensure that the sensitive personal data of millions of Americans is protected from cyber threats. Government agencies specifically are recommended to focus on eSignature solutions with the following features:^[⁴^]

Desired level of compliance, such as FedRAMP accreditation
End-to-end advanced encryption
CAC/PIV support.

Furthermore, the integration of eSignatures into the SSA’s workflows also requires the development of user-friendly platforms that can accommodate individuals with varying levels of digital literacy. A core pillar of digital experience is to meet the end user where they are, whether by making documents accessible to all users regardless of disability, or by offering choices to the end user as per their preference, such as the option to eSign from a computer or mobile device.

If these challenges can be successfully navigated, the potential for cost and time savings is astounding. Forms and signatures often entail lengthy processes spanning multiple people, thus time savings for one individual can cascade to every other individual in the process, meaning a better experience for all parties.

Conclusion: The Future of SSA in a Digital World

The SSA’s move toward eSignatures and digital modernization is a significant step forward in the agency’s efforts to improve service delivery and reduce administrative burdens. By reducing the reliance on physical mail and embracing digital tools, the SSA is not only enhancing its operational efficiency but also making it easier for Americans to access the benefits and services they rely on. As the federal government continues to push for digital-first solutions across all agencies, the SSA’s example highlights the importance of embracing new technologies to meet the needs of a modern, tech-savvy population.

Check out this on-demand webinar for more information on this series and how Adobe can support your organization’s digital transformation initiatives.

Sources:

[1] Miller, J. (2024, September 4). SSA leaning into e-signatures as way to cut mountain of mail. Retrieved from Federal News Network: https://federalnewsnetwork.com/it-modernization/2024/09/ssa-leaning-into-e-signatures-as-way-to-cut-mountain-of-mail/

[2] Archives, U. N. (2024, June 20). Transition to a Fully Digital Government: Digital Signatures. Retrieved from Records Express: https://records-express.blogs.archives.gov/2024/06/20/transition-to-a-fully-digital-government-digital-signatures/

[3] Martorana, C. (2024, April 17). Progress Towards Delivering a Digital-First Public Experience. Retrieved from White House: https://www.whitehouse.gov/omb/briefing-room/2024/04/17/progress-towards-delivering-a-digital-first-public-experience/

[4] Hajarnis, S. (2024, June 27). Choosing an eSignature Solution? Here’s what government agencies should look for. Retrieved from https://www.americancityandcounty.com/2024/06/27/choosing-an-esignature-solution-heres-what-government-agencies-should-look-for/

Classified Data Spillage: Considerations for Risk Mitigation and Containment

Posted on by Maurice Uenuma

Classified data spillage has always been a concern to those in the national security community. When sensitive information spills onto an unauthorized medium or network, there can be grave consequences.

The risk of data spillage continues to rise with the growth of data from broader collection and production, along with increased access to and use of this data for analytics and operations. Digital transformation, AI adoption, and data-driven decision-making have delivered great value to federal agencies, but these trends have made protecting classified data even more challenging than it already was.

This situation warrants new consideration for how sensitive data can be protected against unintentional exposure, and how spillage is remediated when it occurs. Data sanitization plays an important role in this arena.

How Spillage Occurs

Data spillage is one way that unauthorized disclosure of classified information takes place. According to NIST, it is a “security incident that results in the transfer of classified information onto an information system not authorized to store or process that information.”

Blancco Classified Data Spillage Blog Embedded Image 2024

The spilled data could have been moved to an unclassified environment for nefarious purposes (e.g., espionage) or as a result of inadvertently mishandling the data (e.g., not following classification procedures). Examples of the former would include leaks such as those committed by high-profile conspirators Julian Assange and Chelsea Manning. Examples of the latter would include incidents that involve cleared personnel who physically relocate or improperly dispose of sensitive materials.

Spillage can also happen as an unintended consequence of a loss of control of classified data systems (e.g., an email server misconfiguration). The growing size and complexity of the government’s data management landscape has led to an increase in data spillage risk.

More Data to Protect… and Contain

More classified data is being shared for the benefit of national security decision making and operations. Effectively extracting value from that data means sharing data across more systems and giving access to more people. This can produce long-term national security benefits but also near-term data security challenges.

The sheer volume of classified data is a contributing factor.The rapid emergence of technologies such as artificial intelligence (AI) and internet of things (IoT), more automated data collection, and the government’s digital modernization efforts have exponentially increased the volume of sensitive data being transmitted, processed, and stored, increasing the possibility of spillage.

Some examples of this include:

Generative AI (GenAI) that produces sensitive or even classified information before humans can properly manage and classify the outputs.
Broadly deployed sensors that gather or contain classified data and transmit that data across broad networks.
A growing number of cleared personnel with access to classified information.
Large sensitive or classified data sets being fed into large language models (LLM) that may spill during the extract, transfer, load (ETL) process.

The Role of Data Sanitization

There are numerous security controls available to federal agencies to prevent data spillage and respond to it when it occurs. These include data protection measures such as access control, multi-factor authentication (MFA), encryption, data loss prevention (DLP), email security, and employee training.

Data sanitization also plays an increasingly important role.

According to Gartner, data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable⁠. In other words, a device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will not ever be recovered. Data sanitization can also be performed on individual files, folders, virtual machines, and logical storage (without sanitizing the entire device or drive).

Sanitization of a device at decommissioning and ongoing data sanitization in live environments are both critical steps to reducing an organization’s data attack surface and potential risk of classified spillage. In this way, it helps to both prevent and mitigate it.

Prevention: Permanently removing classified data when it is no longer needed reduces the risk of this data ending up where it should not be. By deploying data sanitization tools, federal agencies can:

Remove redundant, obsolete, trivial (ROT), or dark (unused or unknown) data from storage environments.
Erase specific network files, folders, logical drives, or virtual environments to comply with classified data protection mandates.
Securely remove data from data storage drives or devices before storage or transport of those assets, including those slated for shredding or other physical destruction.
Integrate with data classification tools to proactively (and even automatically) identify, contain, and sanitize classified files when they are no longer needed.

Remediation: After a data spillage incident is discovered, action must be taken to ensure it is isolated and contained. Software-based data sanitization (including binary overwrite of all user-accessible and non-accessible partitions of the affected drive) can be applied to permanently remove classified data, even before physical destruction of the device or drive, as a robust risk mitigation measure. When done properly, data sanitization also provides additional assurance through erasure verification and reporting.

In its National Instruction on Classified Information Spillage,the Committee on National Security Systems (CNSS) provides the minimum actions required when responding to a spillage of classified information. According to CNSS, appropriate procedures for sanitizing or remediating the effects of a spill may include:

Using the operating system to delete the spilled information.
Re-labeling the media containing the spilled information to the appropriate classification/category and transferring the media into an appropriate environment.
Removing the classified information from the media by organization-approved technical means to render the information unrecoverable.
Erasing operating system, program files, and all data files.
Erasing all partition tables and drive formats.
Erasing and sanitizing the media.
Forfeiting the media.

Many of these procedures can be effectively implemented through a mature data sanitization platform and process.

To note, this guidance was issued before the recent developments in AI, IoT, etc., noted above. Likely, the emphasis on data sanitization in live environments will increase as policy is updated to better reflect—and keep pace with—the sheer volume of sensitive data being shared and processed at scale.

Data spillage is a real and growing risk to national security, demanding a measured response. There are many security controls and associated policies available to prevent spillage and remediate it when it occurs. Robust data sanitization tools are likely to become more widely used, as agencies implement these capabilities in routine end-of-life data and device management, as well as in non-routine data spillage scenarios.

Reach out if you are interested in learning how Blancco’s solutions can help you prevent data spillage.