Tag Archives: AvePoint

“Giving Back is in Our DNA”: How AvePoint is Driving Social Change in the Tech Industry

Posted on by
Reply

AvePoint (NASDAQ: AVPT) is the global leader in robust data management and governance with over 21,000 customers across the globe, helping them secure their collaboration environments across Microsoft, Google and Salesforce. Using AI, AvePoint enables organizations to modernize their digital workplace and improve data governance, enhancing productivity, collaboration and security. In addition to helping its customers thrive within their digital collaboration systems, AvePoint is dedicated to philanthropy, reflecting a core mission to drive positive change in the technology industry and their communities.

Internal and External Charitable Efforts

AvePoint’s philanthropy efforts reflect the company’s core values of diversity, equity and inclusion (DEI), with a focus on using technology to drive social impact. Recognizing the tech industry’s challenges with underrepresentation, especially for women and people of color, AvePoint supports groups like Girls Who Code to break stereotypes about women in technology. AvePoint also fosters change within the organization through employee resource groups like AvePoint Veterans, Black AvePoint Excellence, Women in Technology (WIT), Latinx and Queers and Allies (Q&A), all aimed at fostering inclusivity and providing a supportive environment.

AvePoint Driving Social Change in the Tech Industry Blog Embedded Image 2024

Community engagement is integral to AvePoint’s mission, with events designed to blend philanthropy and collaboration. For instance, Black AvePoint Excellence (BAE) hosts an annual gala for partners and customers, typically held around Juneteenth. Likewise, during Pride Month, AvePoint’s Queers and Allies group invited a guest speaker to discuss the significance of Pride Month and what the organization could do to be more inclusive and equitable both internally and externally. These events reflect AvePoint’s culture of integrating ongoing education and fostering empathy, so employees can better serve their communities, extending positive change outward.

Beyond internal efforts, AvePoint’s philanthropic events align with Public Sector initiatives by giving back to communities through local charities where events are held. These collaborations not only contribute to community needs but also highlight AvePoint’s commitment to giving back in meaningful, locally impactful ways.

Past contributions include:

  • At the 2023 National Association of State Technology Directors (NASTD) Conference, AvePoint hosted a cornhole game, raising $2,500 for the Boston Children’s Hospital.
  • In 2023, at the TribalNet Conference in San Diego, California, AvePoint had two surfboards for attendees to decorate that were donated to the Groundswell Community Project.
  • AvePoint partnered with Carahsoft at NASTD 2024 and held a mini-golf game, donating $5,000 to The Minneapolis Foundation.
  • Partnering with Carahsoft for the second time, AvePoint hosted another mini-golf challenge at the 2024 Municipal Information Systems Association of California (MISAC) Conference, raising $3,000 for Patriots and Paws.

AvePoint’s recent partnership with Carahsoft’s Doing Good Team has enhanced these initiatives, particularly by streamlining charity verification and maximizing contributions. By combining resources, AvePoint and Carahsoft can expand their philanthropic impact, support reputable charities and foster community support. AvePoint’s ongoing commitment to diversity, inclusivity and technological advancement drives these charitable efforts, aiming to make a lasting difference in the communities they serve.

A Culture of Support and Service

AvePoint’s philanthropic efforts are deeply influenced by CEO, Dr. Tianyi Jiang, who has prioritized giving back to the technology community throughout the company’s 23-year history. This commitment to social responsibility is exemplified by initiatives like a partnership with Cornell University to mentor the next generation of engineers and entrepreneurs. This leadership-driven ethos resonates throughout the company, promoting charitable engagement at both organizational and individual levels, across the U.S. and globally.

Beyond organized company initiatives, AvePoint encourages employees to pursue their own charitable passions with a donation matching program to support causes that resonate personally with team members. Employees are also empowered to volunteer, with flexibility to balance work and service. AvePoint’s support for these independent initiatives illustrates how the company’s culture of giving is woven into its fabric, encouraging employees to contribute both professionally and personally.

AvePoint’s culture of giving is grounded in values that empower employees to engage in meaningful initiatives, both through company-supported efforts and personal causes. Leadership’s passion for community impact inspires employees at all levels to pursue organized and independent philanthropic efforts, always met with AvePoint’s encouragement and resources. As seen in examples across the organization, this culture of service is more than a formal policy—it is embedded in the company’s DNA, guiding AvePoint’s commitment to making a positive difference within and beyond the technology industry.

Explore the AvePoint culture of giving back on our Careers Blog, and learn more about how the company supports the Public Sector with our award winning technology here.

Securing the Digital Workplace: Microsoft 365 Identity Management for Public Sector Leaders

Posted on by
Reply

Zero Trust is a critical focus for public sector organizations as they navigate today’s evolving digital workplace and cybersecurity landscape. But one issue is emerging as increasingly troublesome: insider threats.

The 2022 Cost of Inside Threats: Global Report found incidents involving insider threats surged 44% over the past two years. While some of these threats may be malicious insiders, seeking to misuse their authorized access for personal gain or harm, many are the result of cybercriminals exploiting vulnerabilities in identities to enter your environment. These criminals use tactics like compromised credentials – the leading cause of data breaches – as well as phishing scams and social engineering to impersonate identities and gain unauthorized access.

To effectively counter these increasingly sophisticated threats, organizations must strengthen identity management. When executed properly, identity management not only enhances the security of your digital workplace but enables a Zero Trust strategy.

Let’s discuss what identity management is, how to build a comprehensive strategy in Microsoft 365, and how it can fortify your Zero Trust deployment.

What is Identity Management?

AvePoint Identity Management Blog Embedded Image 2023

Identity management establishes and manages the digital identities of anyone entering your environment – from employees and contractors to guest users. Identities could refer to people, but they could also be services or devices entering your environment.

Identity management enables organizations to implement robust access controls, granting privileges based on roles – which is why identity management is an integral piece of Zero Trust. Without it, you will have no way to verify users and devices are who they say they are, let alone establish proper privileges and access, which are key Zero Trust principles.

When done effectively, identity management provides the right access to the right individuals at the right time for the right reason. This process not only improves your security posture, but can streamline user access, reduce administrative overhead, and help you better meet your compliance obligations.

Building Identity Management in Microsoft 365

When building your identity management strategy in Microsoft 365, remember these three basic elements: identify, authenticate, and authorize.

Here’s how to get started:

  • Identify: The backbone of identity management in Microsoft 365 is Azure Activity Directory (Azure AD). Azure AD provides a cloud identity for users, groups, and resources. It is where you build out your users’ identities and control access to internal and external resources – like your intranet or even Microsoft Teams. The solution will recognize users (based on Microsoft’s powerful machine learning and AI’s understanding of typical user and tenant behavior) and flag risks that fall outside of normal behavior, triggering the next steps of the process.
  • Authenticate: Multi-factor authentication (MFA) is today’s gold standard for authenticating identities. There are a variety of ways to do this, from smart cards to one-time passwords, that add layers of protection to your security. Microsoft’s Authenticator App helps implement MFA across your applications in a convenient and easy way for users, allowing them to verify their and their devices’ identities from their phones.
  • Authorize: It’s critical to grant access privileges based on the conditions specific to your organization. Conditional Access policies take a two-phased approach: first, it collects information about the person (their device, IP address, etc.) and then enforces any policies you have in place. This could mean if it detects a new device, it may enforce multi-factor authentication (MFA) or request the user sign in again. It could also prohibit access under certain conditions, like if a user is attempting access from a mobile device. These policies provide granular control over access while reducing the risk of authorized access.

By following this framework, you can easily begin using the powerful tools Microsoft offers to build your identity management strategy, ensuring only authorized individuals have access to critical systems.

Three Ways to Take a More Proactive Approach to Identity Management

Once you’ve taken the initial steps to start building your identity management approach, take it to the next level to enhance your security:

  • Right-size your policies: Strict, one-size-fits-all rules can hinder productivity; if security is in the way of getting the job done, users will find a way around it. Customizing your policies to specific users, workspaces, or even content creates a more tailored approach to access control, striking a balance between security and productivity.
  • Implement lifecycles: Identities should not permanently exist in your environment. People switch jobs or upgrade their devices. Establish a process to evaluate and recertificate identities – whether users (both external and internal) or devices – to ensure they still require access to your content and workspaces.
  • Monitor your environment: Even with the best-laid security plans, things can still fall through the cracks. That’s why it’s critical to monitor your environment – including users, devices, locations, and behavior – to identify any anomalies or suspicious activities that should be addressed.

These strategies can help you build a more proactive identity management approach that actively reduces risks and attack surfaces, allowing you to go beyond verifying identity to create a secure and efficient digital workplace.

Build a Secure Digital Workplace with Zero Trust

While identity management is an important aspect of building your secure digital workplace, ensuring only authorized individuals have access to your systems, it is not enough to protect your data or the workspaces where it lives in today’s ever-evolving cyber threat landscape.

Public sector organizations must embrace a comprehensive Zero Trust security framework to effectively build a secure digital workplace. To do so, you must combine identity management best practices with other robust security measures, like role-based access controls, workspace governance policies, lifecycle management processes, and risk assessments. Together, these strategies can enhance the protection of your digital environment and minimize your risk of data breach or unauthorized access.

Download the free AvePoint guide, “How to Achieve Zero Trust Standards Without Limiting Collaboration in Microsoft 365,” for more information about protecting your digital collaboration workspaces with a Zero Trust framework.

AvePoint Adds Governance, Management, Data Protection and Migration Support for Microsoft Power Platform

Posted on by
Reply

Carahsoft partner AvePoint Public Sector recently announced its support for the governance, management, migration and data protection of Microsoft Power Platform environments. As more organizations adopt Power Platform to automate processes, build digital solutions, analyze data and create virtual agents, IT leaders need strategies that support their unique governance, security and compliance requirements.

AvePoint’s support for Power Platform helps organizations:

  • Provide scalable management and governance: Access management and risk assessments allow organizations to quickly drive impactful collaboration and sustainable Power Platform adoption. Best practices and productivity can be achieved through automated governance and policies, enforcing proper control of data access and functionality.
  • Protect critical workspaces, apps and flows: AvePoint’s automated backup for Power BI workspaces, Power Apps and flows makes it seamless to avoid accidental data deletion, user error or ransomware. This way, organizations can ensure they’re protected, compliant and prepared for business continuity when using Power Platform.
  • Seamlessly migrate data: Building on AvePoint’s award-winning migration capabilities, organizations can now migrate apps from an environment within the same tenant or between tenants – giving organizations more opportunities to successfully use Power Platform.
AvePoint and Microsoft Integration Blog Embedded Image 2023

Some organizations are already taking advantage of the AvePoint’s Power Platform support. “AvePoint’s support for Power Platform has helped us empower employees to safely build solutions that will enhance their work,” Mike Fettner, Principal Office 365 Engineering at Regeneron, said. “As an organization, this allows us to continue taking smart risks because we know robust governance solutions will put the right guardrails in place, and data protection will ensure none of our data or workflows are lost.”

Register today to join AvePoint and Microsoft for Power Platform Workshop: A Framework to Manage and Govern Power Platform at Scale, coming to a city near you later this Spring.

Connecting Customers with AvePoint and Industry Solutions

It has never been easier to count on Carahsoft and AvePoint. We can help your agency with:

  • Quick quote turnaround and smart spending
  • Industry-expert cloud computing product recommendations
  • 24/7 live assistance to get you up and running faster

Contact a member of the Carahsoft and AvePoint Public Sector team today and discover how we can support your organization.

A New Era in Government Cybersecurity

Posted on by
Reply

Securing government systems was a complex undertaking even before the pandemic. In response to that crisis, agencies rapidly deployed cloud technology, mobile devices and collaboration tools for remote employees — and added new vulnerabilities and IT management challenges to an already long list of cybersecurity priorities. Malicious actors have taken note of the new opportunities and continue to mount increasingly sophisticated attacks on government systems and critical infrastructure. To keep pace with those risks, government teams need multifaceted yet holistic strategies that address a wide range of threats to network endpoints, identity and access management, and data. In addition, agencies must strike the right balance of productivity and security for a mix of on-site and remote employees — a key concern of 75% of the respondents to a recent FCW reader survey. Fortunately, zero trust has been gaining traction because of its ability to address key challenges related to identity management, endpoint security and data protection. Interest in zero trust has skyrocketed thanks to a mandate in the Biden administration’s 2021 Executive Order on Improving the Nation’s Cybersecurity. But although zero trust can play a key role in ensuring that only authorized users have access to IT systems and data, it doesn’t always protect against human mistakes. In addition, security responsibilities have crossed traditional internal boundaries, and agencies are finding that they need to unify the priorities of security teams and mission owners. Learn how agencies can continue to evolve cybersecurity architecture and strategy, given the increased attack rate and creativity of malicious actors in Carahsoft’s Innovation in Government® report.

 

The Power of Real-Time Cyber Intelligence  

“Government agencies are realizing that if they are going to mitigate cybersecurity risks and respond to breaches more quickly, they need access to real-time operational intelligence. However, they also recognize that their security products and intelligence sources must be readily integrated. A security operations center (SOC) can’t function when it has 50 products that don’t talk to one another and whose data can’t be easily fused and normalized. Many organizations try to manually corroborate a notable  security event with other data, such as external threat intelligence, feedback from an endpoint detection and response platform, or information from the Department of Homeland Security. A manual process is slow, inefficient and ultimately doomed to failure.”

Read more insights from Splunk’s chief cybersecurity advisor for public sector, Paul Kurtz.

 

Treating Identity as Critical Infrastructure  

“Agencies can assess the state of their identity infrastructure by continually asking whether they are delivering the right capabilities to their employees, the public and other customers and whether they are doing so in a way that matches how people live and work today. We all have high expectations for capabilities and usability because of our daily interactions with smartphones. We’re used to conducting our business quickly and efficiently, and agencies should likewise be building enterprise systems that support the fast and efficient delivery of government services. Furthermore, agencies should build those systems with a line of sight to the future.”

Read more insights from Okta’s federal chief security officer, Sean Frazier.

 

IIG FCW Cybersecurity September Blog Embedded Image 2022The Importance of Future-Proofing Cybersecurity  

“Access control through multifactor authentication is an important aspect of both directives. The combination of username and password is not sufficient to secure access to IT systems. Agencies also need to deploy strong multifactor authentication that relies on some type of hardware- or software-based token for granting access to the environment and then to the data. Furthermore, the White House executive order mandates the protection of data through encryption not only when it is at rest but also when it is moving to and from the network edge and beyond.”

Read more insights from Thales TCT’s deputy CTO, Gina Scinta.

 

The Game-Changing Nature of Cyber Resiliency

“The COVID-19 pandemic prompted the largest modernization effort the government has ever seen. However, in addition to the many benefits of that modernization, hybrid work environments have added an ever-growing number of endpoints and created new identity-based vulnerabilities for attackers to exploit. Agencies can be more strategic in their approach to endpoint security by focusing on cyber resiliency. Although the term has been around for several years, it has been emphasized recently by the National Institute of Standards and Technology (NIST).”

Read more insights from SentinelOne’s vice president of federal sales, Todd Helfrich.

 

 Galvanizing Agencies into Action on Cybersecurity

“The Executive Order on Improving the Nation’s Cybersecurity has spurred agencies to modernize the way they protect IT systems and data. Now there is a shared commitment to the steps that IT leaders should take, and agencies have been galvanized into action. For example, zero trust was mostly just a buzzword for agencies prior to the executive order, and now it is something that federal agencies are seriously exploring. They’re going beyond reading whitepapers to asking for vendor demos and testing ideas.”

Read more insights from Cribl’s senior director of market strategy, Nick Heudecker.

 

Aligning Your Digital Collaboration to Zero Trust

“Guest access provides people outside your organization access to content inside your M365 workspaces (i.e., Teams, SharePoint and Groups). A health care-focused agency could use guest accounts to collaborate with grantees and their site staff or academic researchers. A defense-focused agency could use guest access to coordinate with local law enforcement to plan incident response or correspond about special event planning. Despite the benefits, agencies need policies and reporting when using features like guest access to ensure your information stays protected.”

Read more insights from AvePoint’s director of federal strategy for public sector, Jay Leask.

 

Download the full Innovation in Government® report for more insights from these digital transformation thought leaders and additional industry research from FCW.

The “Sixth Pillar” of the Zero Trust Maturity Model

Posted on by
Reply

With the swiftly approaching 2024 deadline for Federal IT and security teams to implement zero trust architectures, agencies must enhance their cybersecurity efforts to combat growing risks within user access and authorization to organization assets. At Federal News Network’s recent event, Zero Trust Cyber Exchange, industry and government experts shared insights on implementing zero trust, and topics like “How Zero Trust Extends Defense in Depth,” “Why to Start with a Data Inventory” and “Identity as Critical Infrastructure.” Sessions also examined some agencies progress with their zero trust transition and take-aways from the process.

In 2021, The Cybersecurity and Infrastructure Security Agency (CISA) outlined five foundational pillars of the Zero Trust Maturity Model: Data, Applications Workload, Network/Environment, Device and Identity. However, there is a “sixth pillar” equally as important as the others—the workspace. With a collaborative environment, the workspace is the intersection of data and the user that also promotes positive cybersecurity reinforcement. Public sector organizations should consider the workspace environment while developing strategies and planning to move toward zero trust implementation.

Collaborative Environments are Key

In modern cybersecurity, one cannot assume their content is secure simply because their network is secure. A full zero trust framework should go beyond protecting the network and devices and provide security to workspaces, content and data. These workspaces constantly change as users are added or removed, and content often evolves into different drafts and uploaded by various people with different file names. This can lead to mishaps like unreliable tagging, which disrupts the system from automatically categorizing sensitive information from non-sensitive data.

Additionally, controlling access to workspaces is inherently important to prevent risks such as overprivileged users and increased negative exposure. By adding the “sixth pillar” to an organization’s zero trust planning through appropriate strategies, the risks that come from an unsecured workspace can be avoided. These include having delegated administration with the right-size permissions, sensitivity labels, catalog workspaces, policy enforcement, actionable insights and secure external sharing.

AvePoint Sixth Pillar Zero Trust Blog Embedded Image 2022Understanding Data to Create Efficient Workspaces

When working in these collaborative spaces, the idea is simple. Agencies should regard an entire workspace with a high level of security for every piece of content or data, and only make exceptions for information that is less sensitive to be shared amongst a broader audience. At the beginning of the process of designing zero trust with the “sixth pillar” in mind, organizations should consider the expected level of sensitivity of the information within this workspace. Once determined, administrators can automatically set adequate security parameters and user privileges for each individual workspace that is created.

Customers in the Department of Defense (DoD) need a reliable way to lock down specific data without having to lock down an entire department workspace. If someone tries adding a foreign user to a workspace with data from the International Traffic in Arms Regulations (ITAR), they are immediately incompliant. That workspace, particularly, can be given specific policies to avoid unwanted user access without having to prohibit all users’ access to the sensitive data. This provides a truly collaborative workspace environment while also remaining fully secure.

Easing the Implementation Burden on IT and Security Teams

One of the most significant challenges when implementing any new cybersecurity strategy is finding a balance so as not to put extra strain on organizations’ IT and security teams. Often, requests for changes can increase and overburden staff because their resources and budgets do not grow exponentially with these requests. To save IT teams time, programmatically securing data from users becomes an important first step so they can focus on those exceptions instead of the automatic rules set from the start. Another way to avoid overloading security staff is by delegating the proper administration credentials so the correct users are authorized to share within the centralized environments. Considering the “sixth pillar” allows those administrators to recognize specific sensitivities and department landscapes and create workspaces accordingly, ultimately processing it through the lens of zero trust.

Why the “Sixth Pillar” Works

When approaching the topic, the best way to capture organizations’ attention is to discuss how the “sixth pillar” can enable department administrators to manage their own content and data. Instead of admins having to manually run script, the secure workspace approach allows them to set immediate policies and automatically deploy them, saving time and headaches for the entire organization. On any level, public sector organizations can define their sensitive data and utilize the “sixth pillar” by implementing workspaces without overworking IT and security teams, leading to an enhanced zero trust framework for overall improved security.

 

Visit the AvePoint resources page to learn more about how AvePoint can support your organization’s zero trust mission using the above strategies and procedures.