Excellence at Scale: Transforming AI Infrastructure with F5 and MinIO’s Secure Data Delivery

Today’s enterprises face both a challenge and an opportunity to transform vast amounts of data from AI, autonomous systems and emerging workloads into meaningful business outcomes. Secure, optimized data delivery and high-performance object storage are essential to accelerate insights, optimize business performance and maintain a competitive edge.

The expanded F5 and MinIO partnership brings together MinIO AIStor’s high-performance, highly-scalable, S3-compatible object storage with the secure, intelligent traffic management of the F5 Application Delivery and Security Platform (ADSP). This joint solution delivers a comprehensive, secure and scalable foundation for AI workloads, enabling businesses to achieve optimized data management, strengthened security and flexible migration across cloud, on-premises and hybrid environments.

F5 and MinIO offer a joint solution designed to enhance performance, resilience and security for customers’ most demanding AI and enterprise workloads.

Understanding S3 and its importance for scalable data management

Simple Storage Service (S3) is the standard protocol for modern object storage, fully supported by AIStor and a key component of today’s data architectures. Unlike traditional storage, S3 stores data as discrete objects in logical containers called buckets, paired with metadata for efficient organization and retrieval, which is critical for AI workloads.

Operating over HTTP/S, S3 is ideal for scalability, distributed deployments and seamless cloud integration. It’s widely used in data lakes, archives, media repositories, static websites, backups and especially AI and machine learning pipelines, making S3-compatible storage a strategic business investment. Because S3 leverages HTTP/S as its transport protocol, businesses can directly benefit from F5’s deep expertise and apply its industry-leading Layer 4-7 capabilities to S3 storage traffic.

Optimizing storage traffic with F5 BIG-IP for MinIO AIStor

As organizations utilize real-time and large-scale data for AI and enterprise workloads, efficient traffic management is critical. Powered by F5 ADSP, F5 BIG-IP’s intelligent load balancing technologies (e.g., LTM and DNS) prevent storage bottlenecks by distributing queries and traffic evenly, reducing latency, eliminating hotspots and enabling consistent scalability.

BIG-IP also provides robust delivery and security for S3 storage traffic:

  • Protect against HTTP/S-based threats with an advanced web application firewall (WAF) to safeguard critical business data and minimize risks.
  • Defend against DDoS attacks to maximize availability and ensure continuous uptime.
  • Offload SSL/TLS encryption to optimize security without impacting MinIO performance.

Across cloud, on-premises or hybrid deployments, F5 and MinIO’s unified approach simplifies management, ensuring consistent performance and security.

Simplifying cloud-to-on-premises migration: The repatriation advantage

Businesses are increasingly moving workloads from public clouds back on-premises due to rising costs, compliance demands, data sovereignty and performance predictability. This cloud-to-on-prem repatriation often requires significant application refactoring and architectural changes.

F5 BIG-IP and MinIO AIStor simplify this transition: AIStor’s consistent S3-compatible API enables applications to migrate smoothly, while BIG-IP intelligently orchestrates incremental traffic shifts through DNS routing, allowing for phased, disruption-free migrations with minimal adjustments.

Extending strategic advantage across industries

From managing autonomous vehicle training data to powering healthcare analytics and financial compliance, the flexibility of the F5 and MinIO solution translates into a clear competitive advantage for organizations across industries.

For example, a major global automotive manufacturer is using the joint solution provided by F5 and MinIO to securely and reliably deliver and manage proprietary data from its vehicle fleets worldwide to AI factories. This enables continuous improvements to their AI models, providing significant business advantages. This powerful solution has enabled the manufacturer to save millions of dollars annually by repatriating the data from the public cloud. It has also reduced downtime, enhanced reliability, maximized ROI on AI infrastructure and ensured secure management of exascale data. These benefits have empowered the automotive manufacturer to boost innovation and maintain a strong competitive edge.

F5’s secure traffic management capabilities collect and route vehicle-generated data through F5-powered regional points of presence (PoPs), delivering it seamlessly into a centralized data lake powered by MinIO AIStor. MinIO’s high-performance object storage solution forms the essential foundation for training AI models. Once models are trained and validated, they are delivered securely back to vehicle systems, with every step of the cycle delivered and protected by F5 infrastructure.

A global automotive manufacturer is using the joint solution from F5 and MinIO to securely route AI data across its systems, ensuring rapid processing and uninterrupted availability.

This large-scale deployment illustrates the significant advantage organizations in other industries can gain when adopting the joint approach of F5 and MinIO. For example, healthcare providers use secure, high-performance storage to enhance predictive analytics and medical imaging, improving patient outcomes through rapid, reliable data access. Financial institutions leverage BIG-IP’s security and MinIO’s security and scalability for compliant storage of large amounts of sensitive data, enabling AI-driven fraud detection and risk management. And companies with edge computing deployments count on F5 and MinIO for secure, low-latency data processing and storage—critical for IoT and smart industry use cases.

In short, F5 and MinIO together bring exceptional security, scalability and straightforward repatriation capabilities to virtually any industry looking for transformative data management strategies.

F5 and MinIO provide resilient, secure and scalable Al data delivery for any industry.

Next steps: Unlocking strategic agility with F5 and MinIO

In today’s dynamic business environments, gaining a strategic advantage means confidently navigating the digital transformation landscape. Together, F5 and MinIO provide high-performance, resilient, secure object storage and intelligent traffic orchestration optimized for today’s most ambitious AI projects and mission-critical data workloads across many industries.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including F5 we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on F5.com, and is re-published with permission.

Transforming Federal AI Adoption: How Google’s OneGov Agreement Delivers Enterprise-Grade Intelligence

The General Services Administration’s (GSA) OneGov strategy represents a fundamental shift in Federal procurement, moving from fragmented, agency-by-agency purchasing to a unified enterprise approach that leverages the Government’s collective buying power. Google’s new Gemini for Government agreement provides Federal agencies with access to cutting-edge artificial intelligence (AI) capabilities at an unprecedented $0.47 per agency price point. This strategic partnership builds upon Google’s previous Workspace agreement with GSA, establishing a procurement framework that treats the Federal government as a single unified customer.

Breaking Down Silos with Purpose-Built AI Infrastructure

Gemini for Government addresses one of the most persistent challenges in Federal operations: the need for sophisticated automation tools that can operate securely across diverse Government environments. The platform serves as a developer-focused suite specifically designed for Federal agencies, enabling the building, deployment and management of advanced automated AI agents that perform complex, multi-step workflows across an organization’s internal data. Unlike commercial solutions that require extensive customization for Government use, Gemini for Government comes purpose-built with integrated security features and compliance standards that meet Federal requirements from day one.

The platform’s comprehensive approach eliminates the traditional barriers that have prevented agencies from adopting enterprise-grade AI solutions. By providing both prepackaged AI agents and the capability to create custom solutions, agencies can immediately begin automating business processes while maintaining the flexibility to develop specialized applications as their needs evolve.

Democratizing AI Development Across Federal Agencies

One of the most significant advantages of the Gemini for Government offer lies in its accessibility to agencies with varying levels of technical resources. The solution incorporates no-code capabilities through products like Agentspace, enabling Government users to leverage sophisticated AI tools without requiring extensive programming expertise. This democratization of AI development ensures that smaller agencies or those with limited technical staff can participate in digital transformation initiatives.

The platform includes Google’s best-of-breed commercial AI tools, including Agentspace and NotebookLM, all engineered specifically for Federal use. These tools provide agencies with immediate access to advanced AI capabilities while maintaining the security and compliance standards required for Government operations.

Security and Compliance Built into the Foundation

Federal agencies operate under stringent security requirements that often create barriers to adopting innovative technologies. Gemini for Government addresses these concerns through built-in security features, including identity and access management, threat detection, data privacy protections and advanced compliance standards such as SOC2 Type 2. Google Cloud’s extensive portfolio of FedRAMP High-authorized products provides the underlying infrastructure, ensuring that agencies can confidently deploy AI solutions without compromising their security posture.

This comprehensive security framework eliminates the lengthy and expensive process of retrofitting commercial solutions to meet Federal requirements. Instead of spending months or years on compliance validation, agencies can immediately begin leveraging AI capabilities while maintaining full compliance with Federal security standards.

Streamlined Procurement Through Strategic Partnerships

The GSA OneGov Gemini for Government promotional agreement demonstrates how strategic partnerships can dramatically simplify federal procurement processes. Available through Carahsoft’s GSA MAS contract, the deal provides standardized pricing and terms that eliminate the need for individual agency negotiations. The $0.47 per agency pricing includes a standard provisioning of 1,000 users, with the ability to add additional users at no cost during the promotional period.

Google has also provided flexibility to match promotional discounts on other Government contract vehicles based on specific agency procurement requirements. This approach ensures that agencies can access the technology through their preferred contracting mechanisms while still benefiting from the OneGov pricing structure. The promotional agreement runs through September 30th, 2026, providing agencies with ample time to evaluate and implement the solution.

The Path Forward for Federal AI Transformation

The Gemini for Government OneGov agreement represents more than just a procurement vehicle—it is a blueprint for how Federal agencies can access and implement cutting-edge technologies while maintaining security, compliance and cost-effectiveness. As agencies continue to face increasing demands for efficiency and innovation, solutions like Gemini for Government provide the foundation for meeting these challenges while maintaining the highest standards of security and compliance.

Ready to leverage this agreement to access best-of-breed AI tools that can transform your agency’s operations? Contact our Google team at Carahsoft today or call us at (888) 662-2724 to learn more and take advantage of this limited-time promotional offer.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Google we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Streamlining Federal Identity Management: How Okta Workflows Accelerate Cost Savings for Government 

The U.S. General Services Administration’s (GSA) OneGov strategy signals a major shift toward unified, efficient Government operations, breaking down technology silos and enabling agencies to work as a coordinated entity. At the core of this change is the need for modern identity management solutions that can automate complex processes while upholding top security standards. Automation can save agencies time, budget and drive outcomes for tool consolidation efforts. Okta Workflows provides Federal agencies with a no-code automation platform that simplifies identity operations and promotes collaboration across agencies. 

Breaking Down Identity Silos Through No-Code Automation 

Traditional identity management in Government often involves fragmented, manual processes that create operational bottlenecks and security vulnerabilities. Okta Workflows directly addresses these challenges by providing a unified automation engine that connects disparate systems without requiring custom coding. The platform’s pre-built connectors, reusable templates and Application Programming Interface (API) integrations enable agencies to orchestrate identity lifecycle events across multiple applications and cloud environments seamlessly. 

This approach eliminates the need for point solutions and manual workarounds that have historically contributed to siloed operations. By centralizing identity automation, agencies can ensure consistent policy execution across business units while maintaining complete audit trails for compliance reporting. 

Enhancing Cross-Agency Collaboration and Security 

Okta Workflows excels in supporting the OneGov vision of cross-agency collaboration through its robust security framework and automation capabilities. With FedRAMP High authorization and Federal Information Processing Standard (FIPS) 140-2 validated cryptography, the platform meets the Government’s most stringent security requirements while enabling streamlined operations. 

The solution automates essential identity processes, including: 

  • Joiner/mover/leaver workflows using Human Resources (HR) data and custom triggers 
  • Complex account creation with automated app assignments based on user attributes such as organizational unit and clearance level 
  • Real-time provisioning and deprovisioning across Software-as-a-Service (SaaS) applications, including Azure AD, Office 365 and Salesforce 

These automated workflows greatly reduce the workload on IT staff by decreasing password-reset tickets and access requests, while ensuring consistent policy enforcement across all systems. 

Accelerating Productivity While Maintaining Security Standards 

Government agencies face mounting pressure to deliver services more efficiently while maintaining strict security protocols. Okta Workflows addresses this challenge by dramatically reducing the time and effort required for routine identity management tasks. The platform’s automation capabilities free IT personnel from repetitive administrative work, allowing them to focus on mission-critical initiatives. 

The solution’s alignment with Zero Trust principles further enhances security posture by enforcing least privilege access, enabling continuous authentication and providing automated deprovisioning capabilities. This ensures that access rights are consistently managed throughout the user lifecycle, reducing security risks associated with delayed access revocations when personnel change roles or leave the organization. 

Simplified Procurement and Deployment 

Recognizing that Federal agencies often operate with limited technical resources, Okta Workflows is designed for rapid deployment and easy adoption. The no-code interface enables teams to build and implement identity automation processes without specialized programming skills. Pre-built templates and connectors accelerate time to value while minimizing the technical burden on agency staff. 

The solution is readily accessible through the General Services Administration (GSA) Schedule, providing Federal buyers with a compliant procurement path featuring pre-negotiated pricing and terms. This streamlined approach eliminates lengthy contract negotiations and enables agencies to acquire the tools needed to support their modernization objectives quickly. Carahsoft and Okta have collaborated to ensure the solution is available across major contracting vehicles with pricing structured to deliver optimal value, including: 

  • GSA 
  • Solutions for Enterprise-Wide Procurement (SEWP)  
  • Information Technology Enterprise Solutions (ITES)  
  • 2nd Generation Information Technology (2GIT) 

Supporting the Modern Federal Workforce 

As Government agencies continue their digital transformation journey, the need for sophisticated yet accessible automation tools has become increasingly critical. Okta Workflows provides the foundation for agencies to modernize their identity operations while supporting the broader OneGov vision of unified, efficient Government services. 

The platform’s combination of enterprise-grade security, intuitive automation capabilities and seamless integration with existing Government systems positions it as an ideal solution for agencies seeking to enhance productivity while maintaining strict compliance requirements.  

Ready to transform your agency’s identity management and join the OneGov movement? Contact our Okta team at Carahsoft today or call us at (833) 674-3990 to learn more and take advantage of this limited-time offer. 

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Okta we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The End of Manual Inspections? How AI and Dashcam Imagery Are Redefining Roadway Management

Years ago, as I waited at a traffic light, I wondered why infrastructure maintenance still leaned so heavily on manual inspections and reporting. That question sparked an idea: What if roads could tell us when something was wrong?

Today, that vision has become a reality. Dashcam imagery—passively captured from vehicles already on the road—is now powering automated AI models that detect issues like fading lane paint, damaged signs, and debris. Looking ahead, the integration of expansive imagery sources, such as Google Street View, promises to further enhance this capability, offering broader and more detailed coverage. It’s a shift from scheduled inspections to constant awareness, from sending crews out to bringing insight in.

Automation with Real Impact

Traditional inspections are resource intensive. They usually involve deploying extra staff and specialized equipment, and scheduling work during off-hours to avoid disrupting traffic. AI-driven visual intelligence of dashcam footage can reduce the number of manual surveys required by more than 90%, saving considerable time and money.

Take Fort Worth. Dashcam imagery gave the city a fresh look at lane striping and sign visibility, but from the driver’s perspective, not an aerial map. It’s how people experience the road daily, and it’s the same view automated vehicles rely on to safely navigate.

Instead of waiting months for a full inspection cycle, cities can spot and act on issues within days. Enabling faster response and more strategic use of limited resources.

Smarter Operations. Less Fieldwork.

While field checks are still common for most agencies, the model is shifting. With dashcam footage collected by vehicles already in motion and analyzed automatically, teams can now monitor more of the network without constantly dispatching field crews.

In Alaska, for example, dashcam data is used to monitor remote routes that are difficult and sometimes dangerous for crews to inspect in person. This kind of visibility can be a game changer for regions with tough geography or tight budgets.

Instead of following a fixed schedule or responding to complaints, agencies can now rely on AI-driven alerts to flag when conditions change. It’s a shift from routine patrols to focused action, and it means fewer trips to the field, less fuel, and better outcomes with the same (or smaller) team.

Compliance without the Complexity

Staying compliant with FHWA, MUTCD, and other federal standards typically requires a lot of paperwork. However, with AI-based monitoring, those checks can happen automatically in the background. Retroreflectivity, sign placement, and line clarity are continuously reviewed and documented.

Each data point is visual, time-stamped, and ready for audits, grant applications, or internal reviews. Even better, it’s easy to share. Operations, maintenance, and planning teams can stay aligned without sifting through emails or outdated spreadsheets.

A New Model for Infrastructure

The future of road operations isn’t about more inspections. It’s about smarter ones. Or, in many cases, none at all. When roads can essentially report their condition using dashcam footage and AI, agencies don’t have to guess or wait. They already know what’s happening.

And this is only the beginning. As capabilities such as historical imagery access and visual change detection over time emerge with Google Street View and become integrated, transportation teams will gain even deeper insight into how their infrastructure evolves. These images will empower agencies to identify long-term patterns, track degradation over time, and intervene before minor issues escalate into costly repairs.

For public teams expected to cover more ground with fewer resources, this isn’t just about saving time. It’s about working in a more intelligent, sustainable way, built for the demands of today’s infrastructure and ready for tomorrow’s.

Ready to stop checking and start knowing?

Identity is The Backbone of Secure, Agile DoW Missions

I had the opportunity to present to the DoW community at AFCEA TechNet Cyber where where stakes are high and operational tempo is relentless, embedding security into every layer of the digital environment is no longer optional. Identity governance and administration (IGA) has emerged as a cornerstone of cyber resilience, enabling secure modernization, supporting Zero Trust mandates, and accelerating mission impact.

Identity as a Strategic Force Multiplier

Modern warfare and defense readiness extend far beyond kinetic capabilities. Cyber is now a primary domain of operation, and within that domain, identity is the new perimeter. Identity security is not simply about access control; it is about governing who has access to what, when, and under what conditions—across all users, environments, and applications.

A well-implemented IGA program transforms complexity into control. It provides the visibility and automation needed to reduce risk, enforce policy, and enable agility. From onboarding mission partners to ensuring continuous compliance with audit and risk frameworks, identity governance acts as the connective tissue between policy, people, and mission success.

Governance is the Gateway to Zero Trust

The DoW’s Zero Trust Architecture (ZTA) is predicated on one central truth: never trust, always verify. At the core of this paradigm is the concept of least privilege—granting users only the access they need, nothing more.

IGA platforms like SailPoint do more than facilitate access. They enforce policy and establish what access should look like, continuously verifying access needs, and tie the identity to activity. Instead of relying on static credentials or infrequent certifications, identity governance brings continuous verification to life—ensuring users, devices, and applications are validated and flagged in the policy information point before access is granted.

This proactive stance aligns IGA with foundational guidance such as the Risk Management Framework (RMF), and the NIST SP 800-53 controls. Governance is not just a checkbox; it is operational security in action.

FIAR, Compliance, and Continuous Audit Readiness

Passing audits like FIAR (Financial Improvement and Audit Readiness) is more than a bureaucratic exercise. It’s a demonstration of operational integrity and mission readiness. Identity governance simplifies this process by embedding compliance into everyday operations.

IGA platforms automate access certifications, enforce separation of duties (SoD), and maintain immutable audit trails. Instead of scrambling for documentation during audit season, organizations can prove—at any time—that they were always in compliance. This shift from reactive to continuous audit readiness is a game-changer for large DoW organizations.

Mission Agility Through Automation

In the DoW, time is not a luxury. Missions shift quickly, mission partners rotate often, and new technologies are deployed at speed. Manual processes simply cannot keep up.

IGA enables automation across the entire identity lifecycle. From onboarding new coalition partners to deprovisioning departing contractors, governance tools streamline access requests, approvals, and revocations. This not only enhances security but also reduces administrative overhead, freeing resources for mission-critical tasks.

Moreover, by integrating with technologies like the DoW Federation Hub, identity governance extends its reach to federated and cross-domain environments—supporting secure joint and coalition operations at scale.

Real ROI: Security that Pays for Itself

The value of IGA goes beyond risk mitigation. It delivers measurable return on investment (ROI) through operational and financial gains. These include:

  • Audit cost reductions through automated evidence collection and fewer control failures
  • License savings by rationalizing unused or redundant entitlements
  • Operational efficiency through faster onboarding/offboarding and reduced manual workloads
  • Risk reduction by limiting the window of exposure for insider threats or privilege misuse

This is ROI by design—security investments that drive cost savings while advancing strategic goals.

A Maturity Model for Sustainable Progress

Identity governance is not a one-time deployment—it’s a journey. I have created a maturity model for the DoW that provides a structured path from basic CAC availability to advanced, AI-driven, risk-adaptive governance. Each step builds capabilities that align with Zero Trust pillars, from policy enforcement to real-time threat response.

As organizations mature, they can integrate IGA with other strategic technologies such as Comply-to-Connect, SASE, and XDR, multiplying both security effectiveness and mission agility.

Conclusion: Govern Everyone, Prove Every Access

To secure the mission, you must govern identity with the same rigor used to defend the network. Identity security is no longer a backend control; it is the control plane for modern defense operations.

Govern everyone. Prove every access. This is the blueprint for a Zero Trust future—one where audit readiness is continuous, access is justified, and the mission moves at the speed of trust.

Learn more about how ICAM solutions empower agencies to manage digital identities with precision.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

  • Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
  • Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

  • Mission partners and contractors get the access they need faster—without creating long-term exposure.
  • Audit preparation becomes easier, with clear logs of who had access to what, when and why.
  • Compliance improves, especially in regulated industries, based on NIST and other frameworks.
  • Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Top 10 OSINT Events for Government in 2025 

Open Source Intelligence (OSINT) is no longer a niche capability—it is a core component of modern intelligence work. Carahsoft and our partners have spent years attending and supporting the top OSINT events. We have seen firsthand how AI, automation and smarter data strategies are reshaping the way Government teams gather, analyze and act on intelligence.  

This list of the top OSINT events for 2025 and beyond highlights the best places to learn, connect and bring new ideas back to your mission. 

OSMOSIS: DC 

August 6-7 | Reston, VA | In-Person Event 

OSMOSIS:DC is a two-day conference held by OSMOSIS, an Association for OSINT Professionals. The theme for this year is “Technology, Trends, and Transformations.” The expo-style event offers participants direct access to leading vendors, hands on experience with the latest tools and expert-led workshops. Attendees will have the opportunity to connect with industry leaders and build career advancement strategies to help stay ahead of emerging OSINT trends. OSMOSIS:DC is a great opportunity to gain transformative insights from the OSINT industry!  

Take a look at some of last year’s top themes in preparation for the 2025 event: 

  • Harnessing Location Intelligence: Advanced OSINT Techniques for Cyber Intelligence Investigations 
  • Linguistic Fingerprints: Using Language to Profile Subjects in OSINT Investigation 
  • Digging for Digital Dirt: Unearthing Bad Actors with Open-Source Intelligence 

Carahsoft invites our partners to exhibit at OSMOSIS:DC, hosted at our Conference & Collaboration Center in Reston. Whether you are looking to sponsor, speak, exhibit or just attend, reach out to osintverticalmarketing@carahsoft.com to get involved in this intimate networking event! 

Billington Annual Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

The Billington Annual Cybersecurity Summit is the leading forum for cybersecurity professionals, Government leaders and industry executives to discuss emerging threats, best practices and the latest trends. With over 200 expert speakers, 100+ cyber-focused vendors and more than 40 sessions, attendees will have the chance to engage with top specialists, explore state-of-the-art technologies and participate in thought-provoking discussions. The Summit’s strong focus on collaboration between the Public and Private Sectors provides insights that address real-world security challenges. Learn about cybersecurity strategies, AI-driven threat detection and the latest advancements in national defense at this crucial event!  

Carahsoft is looking forward to sponsoring and exhibiting at this year’s event. We’re excited to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website  for more details closer to the event! 

Intelligence & National Security Summit 

September 18-19 | National Harbor, MD | In-Person Event 

The Intelligence and National Security Summit (INSS), held by AFCEA International and the Intelligence and National Security Alliance (INSA), gathers thought leaders, policymakers and industry experts dedicated to advancing solutions for shaping the future of intelligence and national security. The two-day event will feature five plenaries, and six breakout sessions focused on AI and emerging technologies, critical infrastructure security, space acquisition and more. Attendees will gain hands on experience with innovative technologies in the Intelligence Community (IC), insights from experts in the field, as well as networking opportunities with Government leaders, technical professionals and leading researchers. Expert-led panels and interactive discussions will cover critical national security challenges and provide actionable strategies for navigating the complex world of intelligence. Join this premier forum to explore the emerging threats, intelligence operations and technological advancements that are redefining the security landscape! 

Carahsoft supports INSS by enabling our vendor partners to participate as sponsors and exhibitors, ensuring a strong industry presence at the event.  

IACP 

October 18-21 | Denver, CO | In-Person Event 

The International Association of Chiefs of Police (IACP) is an annual event that brings together public safety professionals from around the world to explore new techniques, share expertise and prepare their departments for future success. The conference features an exposition hall showcasing products from more than 600 vendors, education workshops and networking opportunities with fellow law enforcement professionals. Spanning four days, attendees will have the chance to engage in policy discussions on the latest challenges in policing, leadership and public safety innovation. As one of the largest law enforcement events, IACP 2025 is an essential gathering for agencies looking to enhance their strategies and stay ahead in an evolving security landscape. 

Attendees should expect sessions surrounding how to leverage OSINT for criminal investigations, OSINT for threat assessment and risk mitigation, as well as Dark Web and Deep Web investigations.  

Carahsoft will have a booth at IACP where several of our vendor partners will demonstrate their solutions and share educational content. We will also be hosting a networking reception with several of our vendor partners, welcoming conference attendees for food, drinks, networking and more!  

OSINT Foundation Awards 

November 7 | VA | In-Person Event 

The OSINT Foundation Awards recognize individuals and organizations that have made significant contributions to the field of OSINT. Attendees will explore the latest OSINT methodologies, data analysis techniques and the critical role of open source information (OSIF) in national security and risk assessment. This prestigious event highlights major achievements, facilitates professional networking and demonstrates OSINT’s impact on intelligence operations. Join industry experts as they honor innovation, dedication and the future of OSINT! 

Awards honored at last year’s ceremony included:  

  • Innovation of the Year 
  • Volunteer of the Year 
  • Practitioner of the Year 
  • Unit of the Year 
  • Catalyst of the Year 
  • Product of the Year 

View a more in-depth explanation of the selection criteria here

Carahsoft is a proud partner of the OSINT Foundation, supporting them annually by hosting the OSINT Foundation Tech Expo. We encourage our partners to get involved with this event by nominating individuals who they believe exemplify excellent service to the nation and contribute to the OSINT discipline. 

Global Security Exchange

Sept 29 – Oct 1, 2025 | New Orleans, LA | In-person Event

Global Security Exchange (GSX) 2025 is the premier event for security professionals across the public and private sectors, offering a comprehensive forum to explore the evolving threats and innovations shaping today’s global risk landscape. With immersive education sessions, insightful keynotes and cross-industry networking, GSX brings together leaders and practitioners from around the world to exchange ideas, strategies and best practices. Attendees will gain firsthand insight into the tools and technologies driving the future of physical and cyber security.

Carahsoft is proud to exhibit at GSX 2025 at Booth #2907. Stop by to connect with our OSINT experts and discover the latest open source intelligence technologies designed to help you stay ahead of emerging threats. We look forward to engaging with the security community and sharing how our partners are equipping organizations to be the first line of defense in today’s complex environment.

OSINT Foundation Tech Expo 

April 30 – May 1, 2026 | Reston, VA | In-Person Event 

The OSINT Foundation Tech Expo is an annual event that brings together professionals and experts in the field, showcasing the latest advancements in OSINT technologies and related services. Attendees can expect a variety of presentations, workshops and networking opportunities designed to enhance knowledge and skills in gathering and analyzing publicly available information. The event aims to foster collaboration and innovation within the OSINT community, making it a must-attend for anyone involved in intelligence and cybersecurity! 

Carahsoft is proud to host the OSINT Foundation Tech Expo at the Carahsoft Conference & Collaboration Center in Reston, a space dedicated to ensuring collaboration and support across the technology industry and Government. Carahsoft invites our partners to join the 50 OSINT vendors and agencies already lined up to showcase their own tabletop exhibits. Carahsoft has also collaborated with FedGovToday’s Francis Rose to interview our partners for their Innovation in Government and Video Insights! 

GEOINT 2026 

May 3-6, 2026 | Aurora, CO | In-Person Event 

The GEOINT Symposium is the nation’s largest annual gathering of Government, industry and academic professionals advancing the tradecraft of geospatial intelligence and will be held at the Gaylord Rockies Resort & Convention Center in Aurora, Colorado, May 3-6, 2026. Each year, the Symposium underscores the collaborative efforts and cutting-edge innovations shaping the future of GEOINT. The Symposium will feature industry-leading keynote speakers, main stage panels and hands-on training sessions on topics such as mission planning, precision timing and navigation. Attendees will be able to engage with geospatial intelligence experts to deepen their understanding, foster connections and stay at the forefront of innovative technologies. Attend GEOINT 2026 to explore the critical role geospatial intelligence will play in building a secure future!

Carahsoft intends to showcase a Partner Pavilion with our vendors again in 2026. We look forward to attending GEOINT 2026 and join our OSINT customers to learn more about the latest in geospatial open source intelligence.  

SOF Week 2026 

May 3-8, 2026| Tampa, FL | In-Person Event 

SOF Week 2026 is the annual gathering for the international Special Operations Forces (SOF) community. Jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, the event serves as a platform for fostering collaboration, innovation and excellence in modern special operations. SOF Week will feature keynote addresses from senior leaders, professional development workshops, chances to network and sessions focused on non-profit initiatives. Do not miss this key event shaping the future of SOF operations! 

Carahsoft and more than 45 partners will attend and showcase solutions in AI, DevSecOps, cybersecurity, cloud technologies and open source intelligence.  

TechNet Cyber 2026 

June 2-4, 2026 | Baltimore, MD | In-Person Event 

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA), is a flagship cybersecurity event bringing together U.S. Cyber Command, the Defense Information Systems Agency (DISA), Joint Force Headquarters-Department of Defense (DoD) Information Network and DoD Chief Information Office (CIO), as well as a mix of military, Government, industry and academic leaders. This conference serves as a platform for collaboration, uniting policy, strategic architecture, operations and command and control to address global security challenges in the digital domain. Attendees can expect a comprehensive program featuring expert panels on cybersecurity advancements, technology demonstrations and networking events aimed at enhancing national cybersecurity efforts. Join us in Baltimore to connect with top decision-makers and help drive solutions for this vital mission! 

 The event will feature a range of exhibitors, including Carahsoft’s leading cyber technology providers. Carahsoft looks forward to joining our open source intelligence customers at TechNet Cyber in 2026. 

Join us at one of our 2025 OSINT events to connect with intelligence leaders and professionals dedicated to advancing OSINT. Do not miss this opportunity to explore innovative OSINT techniques and tools, data analysis, cybersecurity and more! 

To learn more or get involved in any of the above events please contact us at OSINTVerticalMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our OSINT solutions portfolio

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

  • FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
  • Dual-region hosting on AWS commercial US East/West regions
  • Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

  • A Cloud Migration Manager assigned to each Atlassian Government Cloud project
  • Migration guides, training resources and toolkits to support end-user adoption
  • The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

  • Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
  • California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

  • Up to a 53% increase in productivity
  • 47% improvement in cross-functional collaboration
  • 44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

SOC of the Future: Advanced Strategies for Modern Cybersecurity Challenges

Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

In today’s fast-paced digital world, security teams are under immense pressure to defend against a surge in sophisticated cyber threats. Expanding attack surfaces, driven by new technologies, cloud adoption, remote work and interconnected devices, create countless entry points for attackers. Security Operations Centers (SOCs) must evolve by leveraging automation, AI and machine learning (ML) to stay ahead—cutting through the noise, accelerating threat detection and streamlining responses to provide scalable, real-time defense against ever-evolving risks.

Modern SOC Challenges

As cyber threats continue to rise in both frequency and sophistication, SOCs are coping with an overwhelming volume of security incidents. Check Point Software’s 2025 Security Report reveals a staggering 44% year-over-year increase in cyberattacks, highlighting the urgent need for stronger, more scalable defenses.

Organizations are no longer operating within clearly defined perimeters. Today’s digital environments are sprawling and dynamic, spanning on-premises infrastructure, multi-cloud deployments, software as a service (SaaS) platforms, Internet of Things (IoT) devices and a remote workforce. Each layer adds complexity—and with it, new vulnerabilities. The expanding attack surface increases not only the number of potential entry points but also the volume of activity that must be monitored.

This leads to another major challenge: organizations are now generating unprecedented volumes of security data. SOCs are tasked with analyzing vast, continuous streams of telemetry to detect threats in real time but extracting meaningful insights from this flood of data has become increasingly difficult.

While traditional Security Information and Event Management (SIEM) systems remain a core component of enterprise security, they are struggling to keep up. Many SIEM platforms are constrained by schema designs, database capacity and a limit on the number of detection rules that can be ingested.

As a result, SOCs are often forced to make difficult trade-offs, choosing which data to collect and analyze based on storage and processing limitations. This selective approach creates blind spots, potentially allowing critical threats to go undetected. In fact, 56% of organizations report coverage gaps directly linked to the limitations of legacy SIEM systems, underscoring the need for modernization.

Alert fatigue is compounding the issue. Even well-configured SOCs can generate thousands of alerts daily, overwhelming analysts and increasing the risk of real threats being missed. According to a 2023 RSA survey by Gurucul, 61.37% of security teams report receiving more than 1,000 alerts per day, while 4.29% deal with over 100,000. Alarmingly, 19.74% say the volume is so high they cannot even quantify it.

SOC Prime-SOC of the Future-blog-embedded image-2025

Beyond the operational strain, cost is another major barrier. A medium-sized organization can produce terabytes of log data every day, and storing and processing this information—especially at the scale required for comprehensive threat detection—can cost hundreds of thousands annually. SOC leaders are under constant pressure to strike a balance between broad visibility and tight budget constraints.

In this high-volume, high-velocity environment, traditional manual analysis simply cannot keep up. To close visibility gaps, reduce alert overload and operate efficiently at scale, organizations must adopt intelligent automation. Advanced analytics, ML and AI-driven detection can dramatically reduce noise, prioritize critical alerts and help SOC teams focus on what matters most—responding to real threats in real time.

The Role of Automation in SOC

Automation is a key force multiplier for SOC teams, enhancing threat response speed and accuracy. Over the past decade, security orchestration, automation and response (SOAR) solutions have had mixed success. While these solutions streamline workflows and incident response, they require significant maintenance, including scripting, playbook development and continuous security stack integration. The high total cost of ownership often outweighs initial investments, making long-term sustainability a challenge.

To address these limitations, SOCs are adopting telemetry pipelines, which intercept and filter traffic before SIEM processing, ensuring only relevant security data is analyzed. Advanced enrichment reduces redundant data, improving efficiency while lowering cloud storage costs.

Extended detection and response (XDR) solutions are also gaining traction. XDR integrates multiple security layers, correlates alerts locally and reduces reliance on centralized SIEMs. Vendor-specific XDR stacks work best within their own ecosystems but streamline threat detection and response.

Data lakes are becoming essential for long-term threat hunting, enabling analysts to detect subtle, prolonged attacks by retaining historical data for extended periods. This allows analysts to uncover patterns that might otherwise go unnoticed.

As SOC automation evolves toward autonomous SOC models and “SOCless” SIEM architectures, ML-driven algorithms will handle much of the processing and correlation, facilitating faster threat detection and response. By automating repetitive tasks like log analysis and low-level alert triage, SOC analysts can focus on complex investigations, enhancing security while addressing the skills gap.

Still, Gartner predicts that by 2030, 75% of SOC teams will see a decline in core security analysis skills as they grow too reliant on automation and AI. Therefore, deployments aimed at both augmenting human tasks and adding precision and speed to human investigations will be more effective than single-technique AI analytics. Striking the right balance between machine-driven speed and human insight seems like a feasible solution that keeps security teams agile, informed and in control of threats.

Evolving Technologies and Solutions

AI and ML capabilities enhance predictive analytics and threat-hunting capabilities, keeping SOC teams ahead of attackers. According to Gartner, by 2026, advancements like “action transformers” and the continued evolution of Generative AI (GenAI) will power semi-autonomous platforms that can greatly enhance and support the day-to-day operations of cybersecurity teams.

As cybersecurity AI assistants evolve, they will be used as more sophisticated tools for interactive support and investigation, covering tasks like incident response, risk assessment and code reviews. These tools are expected to boost efficiency and reduce response times, whether in organizations just building their security programs or in mature teams with established processes. These innovations improve threat detection and SOC readiness to withstand modern cyber risks.

Future SOC Operations

Progressive organizations understand the real value of AI/ML-powered SOC technologies that can be reasonably used and shift their focus from single-technique tools to building integrated systems that fuse software, AI and human expertise. Achieving scalable impact means having a clear strategy that targets the most meaningful opportunities.

Additionally, investment in workforce development and upskilling will be essential to bridging the cybersecurity talent gap. Organizations that invest in these areas will elevate their SOC effectiveness, better safeguard critical assets and build a resilient, future-ready cybersecurity posture.

To gain deeper insights into these strategies and hear directly from industry experts, watch SOC Prime’s webinar, “The SOC of the Future: Advanced Strategies to Evolve SOC for Modern-Day Enterprise Cybersecurity.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SOC Prime we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modern Fraud Threats in Government Relief Programs: How Agencies Can Defend Against Cybercrime

A recent investigation by CBS News’ “60 Minutes” has highlighted a significant issue: organized crime rings, often operating from overseas, are using stolen identities to steal billions of dollars from the U.S. Federal and State programs. These sophisticated fraud schemes specifically target public assistance initiatives, taking advantage of digital vulnerabilities and overwhelmed systems. The COVID-19 pandemic accelerated the delivery of relief funds, presenting new challenges for security systems still being implemented.

As these cyber-enabled crimes grow in complexity and scale, Public Sector organizations must evolve their defenses. HUMAN Security offers a modern solution that aligns with Public Sector standards and frameworks, like the NIST Cybersecurity Framework, to protect against automated fraud, account takeovers and bot-driven exploitation.

The Expanding Threat Landscape: Government Fraud at Scale

The fraud rings described in the CBS report do not fit the Hollywood stereotype of a lone hacker in a basement. These are industrial-scale operations run by criminal syndicates that:

  • Use stolen or synthetic identities to apply for public benefits such as unemployment insurance, COVID relief, food assistance and housing vouchers.

  • Leverage bots and automated scripts to rapidly test stolen credentials against Government login portals.

  • Host phishing websites and fake document generators to fool verification systems.

  • Exploit the lack of robust digital defenses in legacy Public Sector infrastructure.

At the height of the pandemic, the U.S. prioritized the rapid distribution of trillions in relief funds to support individuals and businesses in crisis. In the urgency to deliver aid quickly, some agencies adjusted standard fraud controls—creating unforeseen opportunities for bad actors. According to the CBS report, an estimated $280 billion was lost to fraud, with an additional $123 billion categorized as wasted or misused.

The tactics employed have now evolved into permanent tools of financial exploitation. Many cybercriminals continue to exploit social welfare and Government programs by leveraging automation and AI. Fraud isn’t slowing down—it’s scaling up.

Why Public Sector Agencies Are Attractive Targets

Government systems present a unique target profile for attackers due to a combination of high-value data, broad user bases and strained IT resources. Here’s why the Public Sector is particularly vulnerable:

1. High Payout Potential

Each successful fraudulent claim can yield thousands of dollars in benefits. Fraudsters often operate in bulk, submitting thousands of applications using stolen identities.

2. Legacy Infrastructure

Many State and Local agencies still operate on outdated software stacks that lack modern bot detection or behavior-based threat analysis.

3. Lack of Real-Time Monitoring

Fraudulent applications often go undetected until after funds are dispersed. Manual review processes are insufficient to handle the volume of claims.

4. Increased Script & API Vulnerabilities

Fraudsters exploit front-end vulnerabilities, such as JavaScript manipulation or misuse of APIs, to simulate real user activity, bypass verification checks and deploy fake documents.

HUMAN Security: A Modern Solution for a Modern Threat

Carahsoft, HUMAN 60 min, blog, embedded image, 2025

HUMAN Security specializes in protecting organizations from automated attacks, fraud and abuse by distinguishing between real users and malicious bots. HUMAN’s solutions are uniquely positioned to help Public Sector agencies address the specific types of fraud exposed by 60 Minutes.

1. Bot and Automation Mitigation

Fraudsters frequently use bots to submit applications at scale, probe systems for weaknesses and conduct credential stuffing attacks. The HUMAN Defense Platform analyzes over 20 trillion digital interactions weekly to identify real-time anomalies.

Through behavioral analysis, device fingerprinting, and machine learning, we can help public sector clients:

  • Detect non-human interaction patterns
  • Prevent fake accounts from being created
  • Block bot-driven denial-of-service or overload attempts

2. Account Takeover & Credential Abuse Defense

Many fraud schemes begin with access to a real person’s Government credentials. We prevent account takeovers by identifying compromised credentials in real time and helping clients stop  unauthorized login attempts.

Our Application Protection Package also integrates into public-facing login portals to block brute-force attempts and detect unusual login behavior.

3. Fake Identity and Synthetic Account Prevention

Fraudsters use fake IDs or generated synthetic identities to bypass identity checks. Our behavior-based analytics distinguish real users from fabricated personas—stopping fake account creation before it starts.

4. Real-Time Threat Intelligence:

By continuously monitoring emerging threats, we equip Public Sector clients with up-to-date information to counteract evolving fraud tactics.

5. Integration with Public Sector Frameworks:

Leading-edge solutions that align with standards like the NIST Cybersecurity Framework, HUMAN facilitates seamless integration into existing Government infrastructures and helps public sector clients with compliance and regulatory requirements.

Real-World Benefits to Government Agencies

By adopting fraud protection solutions, public agencies can:

  • Minimize Fraud Risk: Real-time prevention minimizes the risk of sending funds to bad actors.

  • Protect Citizens: Reduce identity theft and unauthorized access to sensitive citizen data.

  • Build Trust: Demonstrating robust cybersecurity fosters public trust in digital Government systems.

  • Streamline Compliance: Meet modern standards like PCI DSS 4.0 requirements 6.4.3. & 11.6.1 and NIST CSF with confidence.

  • Save Taxpayer Dollars: Every fraudulent dollar blocked is money that can be returned to real beneficiaries or saved for future programs.

A Call to Action for Government Leaders

The fraud revealed in the CBS 60 Minutes report isn’t an isolated event—it’s a warning sign. Digital transformation has accelerated across public agencies, but fraud defenses haven’t always kept pace.

Government leaders must take a proactive stance by:

  • Modernizing fraud detection capabilities

  • Closing visibility gaps across digital infrastructure

  • Adopting behavior-based, real-time defenses like HUMAN Security

  • Aligning security strategy with established frameworks (NIST, PCI DSS)

Fraud is no longer just a compliance risk—it’s a national security issue. As public trust and taxpayer funds hang in the balance, Government agencies must embrace modern, intelligent and automated defense systems to keep fraudsters out.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.