Better Together: How HPE, AMD and Nutanix Empower Modern Enterprises

The rapid evolution of enterprise technology has made modernization an urgent priority. Businesses today face challenges ranging from complex infrastructure and escalating costs to the rising demands of artificial intelligence (AI) and hybrid cloud environments. Together, Hewlett Packard Enterprise (HPE), Advanced Micro Devices (AMD) and Nutanix provide unified solutions that simplify operations, strengthen security and deliver unmatched performance, empowering organizations to navigate current demands and prepare for the future.


Addressing Market Challenges with Innovation

In a dynamic market where infrastructure complexity and cost pressures are top concerns, the combined expertise of HPE, AMD and Nutanix is driving transformative solutions. Nutanix’s hyperconverged infrastructure (HCI) simplifies multicloud management, enabling organizations to run workloads across on-premises, public and private clouds or colocation sites. With intuitive tools like Prism, Nutanix delivers flexibility, cost efficiency and robust security.

On the hardware side, AMD’s EPYC Central Processing Units (CPUs) have revolutionized the data center market, achieving a 34% market share through scalability (i.e. higher core count options that help reduce server footprint). Designed for diverse workloads, including analytics and hybrid workforce applications, AMD solutions like the 4th Gen EPYC CPUs provide outstanding performance while optimizing total cost of ownership (TCO).

Meanwhile, HPE’s ProLiant DX Gen 11 servers offer fast deployment, tailored configurations and scalable options for diverse business needs. Supported by OpEx models like GreenLake, HPE ensures financial flexibility, making modernization accessible for organizations of all sizes.


Unlocking the Potential of AI

HPE AMD Nutanix Better Together Modern Enterprises Blog Embedded Image 2025

AI is reshaping industries, and the HPE, AMD and Nutanix partnership enables enterprises to meet these infrastructure demands. Nutanix’s HCI platform, paired with AMD’s EPYC CPUs, deliver optimized performance for AI and machine learning (ML) workloads. The Nutanix DX 385 model supports up to four double-wide Graphics Processing Units (GPUs), providing accelerated compute for AI-driven environments. With features like network microsegmentation and automated lifecycle management, Nutanix ensures secure, optimized environments for AI applications.

AMD’s EPYC processors are tailored for AI applications, from small-scale enterprise large language models (LLMs) to large-scale generative AI. High core density and features like Secure Encrypted Virtualization (SEV) ensure robust performance and security. HPE complements this with ProLiant DX servers designed for AI workloads, including their “GPU in a Box” model, which simplifies deployment and scales with demand, making it easier for businesses to meet the demands of AI-driven applications. Together, these technologies provide enterprises with the computational power and flexibility to unlock AI’s potential within hybrid cloud environments.


Simplifying Modernization Across Infrastructure

Modernization is no longer optional—it is a necessity for businesses navigating an evolving IT landscape. Businesses face the dual challenge of balancing legacy infrastructure needs with the demands of the future. HPE, AMD and Nutanix simplify this transition by addressing performance, security, management and integration, ensuring organizations modernize effectively while maintaining operational continuity.

Performance

Nutanix software on AMD EPYC-powered HPE ProLiant DX servers handles workloads like virtualization, analytics, big data and AI/ML with exceptional performance. The 4th Gen EPYC CPUs deliver high performance across metrics including per core and per server, reducing infrastructure costs. High-frequency CPU options enable the provisioning of more virtual machines and workloads without increasing physical cores, ensuring businesses can scale seamlessly as demands evolve. HPE delivers two high-performance NVMe storage options, designed to boost data center performance while ensuring reliability and security. HPE NVMe Mixed Use (MU) SSDs use Peripheral Component Interconnect Express (PCIe) Gen4 to boost performance for Big Data, high-performance computing (HPC) and virtualization with fast transfers and low latency. HPE NVMe Read Intensive (RI) SSDs optimize read-heavy workloads like web servers, storage and caching with high-speed PCIe Gen3 and Gen4.

Security

Nutanix integrates features like automatic auditing, encryption and network microsegmentation to ensure compliance and safeguard IT environments. AMD EPYC processors add another layer of protection with SEV, isolating virtual machines with memory encryption for silicon-level protection. HPE’s Silicon Root of Trust protects firmware from the boot process and continuously monitors the Basic Input/Output System (BIOS), ensuring server integrity and preventing breaches​.

Management

Managing modern IT environments is simplified with Nutanix’s one-click updates and lifecycle management capabilities, which integrate seamlessly with HPE’s Service Pack for ProLiant. Nutanix Prism offers a unified management plane, enabling centralized control for clusters, applications and data. The intuitive management interface reduces complexity, empowering IT teams to handle hybrid cloud environments with ease and efficiency.

Integration

Pre-installed with Nutanix Acropolis OS (AOS), HPE ProLiant DX servers offer out-of-the-box solutions optimized for AMD EPYC processors. These systems support diverse hypervisors, including Nutanix Acropolis Hypervisor (AHV) and third-party options, giving businesses the flexibility to tailor infrastructure setups to specific needs. This collaboration ensures workload-specific performance and seamless integration across various deployment environments, helping businesses modernize without disruption.


HPE, AMD and Nutanix demonstrate the power of collaboration by offering a unified approach to modernization. By combining high performance, robust security, streamlined management and flexible integration, their solutions provide businesses with the tools they need to meet today’s challenges and prepare for tomorrow’s demands. Collectively, they simplify the journey to modernization, proving that they truly are better together.


Discover how HPE, AMD and Nutanix are better together in delivering powerful, secure and scalable solutions for modern enterprises. Watch our webinar, “Modernize Your Infrastructure with HPE & Nutanix – Powered by AMD,” to explore cutting-edge innovations and actionable strategies that transform IT environments.


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HPE, AMD and Nutanix, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Top 10 Cybersecurity Events for Government in 2025

In 2025, assessment, adaptation and agility are key for Government agencies and the tech industry to successfully navigate the growing landscape of cybersecurity. As part of the recently released White House Executive Order, “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” Government agencies are tasked with modernizing polices to meet today’s cyber security challenges which include an emphasis on Zero Trust Architectures, Endpoint Detection and Response, Network Segmentation and advancing Phishing Resistant MFA protocols. Carahsoft is prepared to support and guide the Federal, State and Local Government, as well as Education and Healthcare organizations through this new year in collaboration with our robust network of cybersecurity partners and solutions. Check out these top events to learn more about what to expect in cybersecurity throughout this year. 


Rocky Mountain Cyberspace Symposium 

February 10-13 | Colorado Springs, CO | In-Person Event 

Connecting people and ideas, RMCS25 is an annual forum for the tech industry, academia and Government to discuss and propose solutions to the challenges of cybersecurity, community cyber readiness and homeland defense facing our nation. The theme this year is “Securing the Future: Cyber Capabilities, All-Domain Superiority, and Strategic Advantage.” This event will explore how cyber capabilities and multi-domain strategies are pivotal in achieving and maintaining strategic advantage in the modern landscape. 

Topics for sessions to look out for: 

  • Innovation and Rapid Acquisitions 
  • CJADC2 Strategic Opportunities 
  • Modern Deterrence and Special Ops 
  • Securing Space Through Cyberspace 
  • AI Across the Spectrum of Operations 
  • Posturing and Developing Forces 

Carahsoft will be exhibiting at the event hosting a small pavilion featuring demos from several of our partners. We encourage you to stop by booth #136 to learn more about Carahsoft and our cybersecurity solutions portfolio. Register for our networking reception! Join our vendor partners and their customers at the Lake Terrace Dining Room on February 12 from 5:00-7:00 pm. 


Public Sector Day at RSA Conference 

April 28 | San Francisco, CA | In-Person Event 

Carahsoft Top 10 Cybersecurity Events Carahsoft Blog Embedded Image 2025

Join us for the 12th Annual RSA Public Sector Day at RSA Conference! This year’s program will examine key areas such as developing a strong cybersecurity workforce, understanding the impact of AI on both offensive and defensive cyber operations, and improving the exchange of information among Government entities. Hear directly from top Government leaders and industry professionals as they discuss their perspectives and strategies for enhancing cybersecurity across all levels of Government and healthcare. 

Stay connected with Carahsoft as we prepare for another great presence at this year’s event and stay tuned to our RSA Public Sector Day 2025 website for more information on our agenda. 


AFCEA TechNet Cyber 

May 6-8 | Baltimore, MD | In-Person Event 

This flagship event will feature conversations led by national defense professionals, tech industry experts and academia partners discussing topics focused on policy, strategic architecture, C2 and joint capabilities. Explore global security challenges and solutions with IT professionals and learn about new ways to combat sophisticated cybersecurity threats.  

Carahsoft’s pavilion will feature more than 50 partners showcasing a full range of cybersecurity, artificial intelligence, DevSecOps and cloud solutions. Fed Gov Today with Francis Rose will also be in the Carahsoft booth taping a broadcast TV episode showcasing Government and industry thought leaders at the event. In addition to our pavilion, Carahsoft will be hosting a networking reception on May 7 at Power Plant Live. 


Educause Cybersecurity and Privacy Professionals Conference 

May 19-21 | Baltimore, MD | In-Person Event 

Student safety and security are consistently at the forefront of educator’s minds and discovering innovative and modern ways to ensure those basic requirements are met is imperative. This premier Educause forum connects you with higher education information security and privacy professionals to do just that. Attendees will have the chance to network and discuss the latest cybersecurity trends and current events with peers and solution providers to make a meaningful impact on their individual communities and the education sector as a whole.  

Program tracks to look out for: 

  • Privacy 
  • Risk, Compliance and Policy 
  • Awareness and Education 
  • Technologies and Operations 
  • Leadership and Professional Development 

We are excited to confirm that we will be attending this year’s conference! Carahsoft has100+ vendors who are dedicated to supporting cybersecurity in education and we, along with our partners, are looking forward to connecting during this premier event. For updates, please email EDUMarketing@carahsoft.com 


SANS Government Security Solutions Forum

July 22 | Virtual Event 

The SANS Institute stands on a mission of empowering cybersecurity professionals and honoring the highest standard in cybersecurity education to make the world a safer place. The Government Security Solutions Forum will delve into the latest trends in network protection, AI and cyber defense, supply chain, workforce development and more to help attendees understand how to combat modern threats effectively. At last year’s event, participants engaged with technology experts and listened to unique panel discussions with audience Q&As surrounding invaluable security initiatives across the Public Sector in areas such as Zero Trust implementation, achieving CMMC compliance and harnessing AI. Join us at this year’s event for all this and more! 

Carahsoft looks forward to partnering with the SANS Institute for the fifth year in a row to bring this event to life.  Carahsoft has over 800 employees focused on cybersecurity and partnerships with over 150 vendors. To learn more about the topics discussed at the forum and what to expect in July, read out highlights from last year’s event. 


GovForward ATO and Cloud Security Summit 

July 24 | In-Person Event 

The GovForward ATO and Cloud Security Summit will be back for its 7th year on Thursday, July 24, 2025, at the Waldorf Astoria in Washington D.C. The event will explore the Federal Risk and Authorization Management Program (FedRAMP) changes, and how advancements at the Federal level are impacting the broader Public Sector market. 

With over 1000 registered attendees, more than 30 speakers and 10+ engaging sessions and panels at the 2024 event, Carahsoft is excited to join forces with Government Executive again in 2025 delivering even more valuable insights, expert discussions, and networking opportunities for attendees. View highlights from the 2024 event and check back soon for more information on joining us at the 2025 ATO and Cloud Security Summit.  


Black Hat USA 2025 

August 2-7 | Las Vegas, NV | In-Person Event 

Returning to the Mandalay Bay Convention Center this year, the Black Hat USA 2025 program is packed with cybersecurity excellence in research, development and exploration of trends. Get involved with immersive and interactive trainings, live-in person sessions and demos, on-demand briefings, dynamic networking opportunities in the business hall, as well as the Black Hat Certified Pentester (BCPen) certification program. Join Carahsoft and uncover new ways to support your agency’s or organization’s cybersecurity mission. 

This year, we are exploring the possibility of hosting a breakfast briefing tailored for the Public Sector—stay tuned for updates as plans develop! Additionally, we are excited to announce that we will be hosting a networking reception again this year, providing a great opportunity to connect with industry peers. Check out the events tab on our website for more details closer to the event! 


Billington Cybersecurity Summit 

September 9-12 | Washington, D.C. | In-Person Event 

A long standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions and interactive breakouts for attendees to truly immerse in the world of today’s emerging cybersecurity solutions and trends. In its 16th year running, this leading Government cybersecurity summit promises an exceptional line up of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos. 

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:  

  • Zero Trust 
  • Ransomware 
  • Advancing cyber diplomacy 
  • Learning how to use proactive defenses 
  • Engineering AI into cybersecurity platforms 
  • Implementing an effective risk management approach 
  • Protecting critical infrastructure 

Stay tuned to the website for announcements around the speaker lineup and further summit information. 

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website for more details closer to the event! 


StateRAMP Cyber Summit 

October 2-3 | Chicago, IL | In-Person Event 

Carahsoft is excited to be the presenting sponsor of the 2nd annual StateRAMP Cyber Summit this year. For Public and Private Sector leaders, this is the leading event to come together and examine today’s crucial cybersecurity, risk management and compliance topics.  

Here is an overview of what attendees can expect this fall: 

  • Future-focused insights on framework harmonization & AI 
  • Best practices in supplier risk management & procurement 
  • Real-world case studies from top cybersecurity leaders 
  • Discussions on emerging technologies and their compliance impact 

With over 350 registered attendees, more than 30 esteemed speakers and 10+ engaging sessions and panels, Carahsoft is honored to have been a presenting sponsor at last year’s inaugural summit. Check out highlights from the 2024 event and check back soon for more information on joining us at the 2025 StateRAMP Cyber Summit. 


Carahsoft Cyber Leaders Exchange 

October | Virtual Event 

Presented by Carahsoft in collaboration with Federal News Network, The Cyber Leaders Exchange will dive into how the Government is building cyber resilience, including showcasing tips, tactics and tools to support your organization’s mission-critical cybersecurity efforts. Look forward to sessions about cybersecurity strategy-building, workforce challenges, AI within cybersecurity and informative speakers from trusted technology vendors as well as Government experts. 

Stay tuned for event announcements and more information to be released. Curious about what to expect? Check out highlights from our 2024 Cyber Leaders Exchange. View the events tab on our website for more details closer to the event! 

While the Government and cybersecurity community face a great deal of change over the next year, join Carahsoft at one of these immersive events and be a part of modernization and finding solutions to today’s cyber challenges. 

— 

As technology and the Public Sector’s adoption of Cybersecurity tools advance, the topic remains at the forefront. Our partners are making significant strides in Cybersecurity, and you are invited to join the conversation. Attend these revolutionary events and help shape the future of cybersecurity. 

Fal.con Gov 

February 27, Washington, D.C., In-Person  

Zscaler Public Sector Summit 

March 24 – 25, Washington, D.C., In-Person Event 

Okta Government Identity Summit 

March 5, Washington, D.C., In-Person Event 

Palo Alto Ignite  

April 1, Tysons, VA, In-Person Event 

F5 Public Sector Symposium  

April 8 – 10, Tysons, VA, In-Person Event 

AWS re:Inforce 2025 

June 16 – 18, Philadelphia, PA, In-Person Event 


To learn more or get involved in any of the above events please contact us atcybersecurity@carahsoft.com. For more information on Carahsoft and our industry leading Cyber technology partners’ events, visit our Cybersecurity solutions portfolio and Cybersecurity Events page. 

Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.


Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

  • Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
  • Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
  • Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image
  • Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
  • Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
  • Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
  • Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
  • Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

  • Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
  • Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
  • Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

  • Enhanced security through continuous evaluation and dynamic risk mitigation.
  • Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
  • Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.


To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

  • Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
  • Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

  • Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
  • Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

  • Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
  • Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
  • Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

  • Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
  • Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

  • Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
  • Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
  • Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

  • Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
  • Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
  • Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

  • Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
  • Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
  • Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Cyberattack Trends Impacting Local Government and Education Sectors

Today’s cybercriminals are no longer driven solely by financial gain, the geopolitical impact of attacks has shifted with nation-state actors now targeting critical infrastructure. While Local Governments have long been a part of this, schools have also become key targets, especially after COVID-19. The pandemic’s disruption to education has left a lasting impact, making attacks on schools and Local Governments both physically and psychologically significant. These institutions, essential to society, are under siege not just for their sensitive data but for their societal importance. With advanced capabilities and financial backing, nation-state actors are accelerating their efforts, heightening the urgency for robust cybersecurity.

Why Threat Actors Target Local Government and Education

Local Governments are frequent cyberattack targets due to their political significance and the essential services they provide. When one city is attacked, neighboring cities often become hyper-vigilant, particularly smaller municipalities managing critical services like water supply. These vital functions make them high-value targets. While financial institutions are seen as obvious targets for their direct connection to money, Government agencies hold more financial value than many realize. The stakes are even higher when political positions are involved, making Local Governments attractive to financially motivated attackers and nation-state actors seeking leverage.

Lumu Technologies SLED Cyberattack Trends Blog Embedded Image 2024

Education has also become increasingly vulnerable. Schools were initially targeted for geopolitical reasons, with attackers seeking to influence the “hearts and minds” of society by disrupting education. However, cybercriminals discovered the financial value of student records, which are worth more on the dark web than credit card or healthcare information due to students not checking their credit scores. This extended window for identity theft, combined with the vast amount of data schools hold, makes educational institutions prime targets for cybercriminals.

Both Local Governments and schools face shared challenges in defending their systems. For Governments, Supervisory Control and Data Acquisition (SCADA) networks that manage infrastructure are often isolated but still present large attack surfaces due to their distributed nature. Schools, on the other hand, struggle with the complexity of students bringing their own devices, which introduces uncontrolled entry points into the network. These vulnerabilities make Local Government and education uniquely attractive and susceptible targets in the cyber landscape.

Two Main Attack Vectors: Phishing and Infostealers

Cybercriminals use various tactics to infiltrate Local Governments and schools, exploiting both technological weaknesses and human behavior. People are often the weakest link, making them prime targets for attackers. The rise of artificial intelligence (AI) has further advanced these attacks, making them more difficult to detect. While agencies and schools cannot fully eliminate the risk through training alone, understanding these evolving threats can significantly reduce the chances of successful attacks.

Phishing and information stealing are two of the most prevalent methods used by cybercriminals. Research from Lumu Technologies shows that phishing accounts for 52% of attacks, while information stealing makes up 48%, illustrating their near-equal presence as cyber threats.

Phishing

Phishing is often used to gain initial access into a network, accounting for approximately 90% of attacks. By tricking users into clicking malicious links or downloading malware, attackers establish a presence in the system. The preliminary malware allows them to move laterally, escalate privileges and locate sensitive data. Attackers either sell the data or use it to launch ransomware attacks. In ransomware scenarios, the attacker takes control of the network, encrypts critical data and issues a ransom demand. Phishing is thus the starting point for a larger chain of events leading to data theft and/or financial extortion.

Information Stealing

Infostealers are designed to capture sensitive information, often to sell on the dark web or to facilitate ransomware attacks. Like intelligence operations, they collect data to spread through an environment or identify new attack points. Keyloggers record keystrokes to capture usernames and passwords for unauthorized access. Other methods include form grabbers, which intercept forms and alter them, and browser hijackers, which mimic legitimate sites to bypass multi-factor authentication. Sensitive data from Local Government and education sectors is highly valuable, with threat actors intensifying efforts to exploit it for profit.

In addition to phishing and infostealers, cybercriminals continually find new ways to exploit technology and human behavior, such as man-in-the-middle (MITM) attacks, credential stuffing and supply chain attacks. These often-overlooked attack vectors can cause significant damage to agencies and schools. Recognizing these methods is crucial for developing comprehensive defenses.

Why These Attack Methods are Successful

These attack methods succeed against Local Governments and schools due to the constantly evolving nature of cyber warfare. Like traditional warfare, attackers adapt, finding new ways in after one vulnerability is closed. Defenders must be equally dynamic.

Even with security measures like Endpoint Detection and Response (EDR), attackers find ways to bypass them. EDR relies on behavior analysis, which takes time, while attackers use advanced AI to quickly develop new methods. Local Governments and schools are often slower to adapt, giving attackers an advantage. The challenge is not just implementing security measures but continuously evolving defenses to keep up with new threats.

AI Versus AI

In the battle against evolving cyberattacks, Local Governments and schools must leverage advanced technologies like AI and automation. As attackers adopt AI to improve the sophistication and speed of attacks, defenders need equally powerful tools. Cybercriminals use AI to bypass traditional defenses, identifying weaknesses faster than humans can.

To keep up, Local Government and education sectors must deploy AI-driven systems to detect threats in real time. AI helps identify vulnerabilities, enabling proactive defense, while automation blocks threats at machine speed. For smaller institutions with limited resources, automation is especially crucial to defend against attacks effectively.

In a landscape where cyber threats continually evolve, matching the speed and sophistication of attackers is crucial for a strong cyber defense. Government agencies and educational institutions must stay vigilant, leveraging AI and automation to outpace attackers and protect the critical infrastructure and data that comprise the foundation of society.

Discover the latest trends in cyberattacks and learn how AI and automation are reshaping the fight against modern cybercriminals in Lumu Technologies’ webinar, “Emerging Cyber Attack Trends Targeting Local Government & Education.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Lumu Technologies, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Grammarly and Carahsoft: Elevating Secure, Private Government Communication

Grammarly and Carahsoft have partnered to provide Government agencies with trustworthy AI assistance supported by robust security measures. Thanks to this collaboration, Government agencies gain access to Grammarly’s trusted AI assistant, which can help them improve communication and boost operational efficiency. This partnership marks a notable advancement in supporting Government agencies in navigating the evolving digital landscape.

Unlocking the Benefits for Government Agencies

As a recognized leader in providing IT solutions to the public sector, Carahsoft offers extensive experience navigating the Government procurement process. Combined with Grammarly’s AI assistant, their expertise creates a powerful resource for Government agencies aiming to improve efficiency and productivity. When your agency works with Carahsoft and Grammarly, you’ll experience the following benefits:

Grammarly Government Communications AI Blog Embedded Image 2024
  1. Rapid Implementation: Our streamlined setup process enables agencies to implement Grammarly across their organization in one day. This allows teams to start benefiting from enhanced communication support almost immediately.
  2. Time Efficiency: On average, our users save about 35 minutes per day per person on communication tasks. This time can be redirected toward more strategic tasks, leading to improved project outcomes and better service delivery to the public.
  3. Enhanced Communication Quality: Effective communication is crucial for Government agencies. Grammarly’s tools help teams craft clear, concise, and impactful messages, ensuring that important information is conveyed accurately. With over 70,000 teams already benefiting from our services, our track record speaks for itself.
  4. Boosting Brand Compliance: Our advanced communication tools can help agencies improve brand compliance by a remarkable 71%. This consistency in communication enhances public trust and strengthens the agency’s reputation.

Our Commitment to Privacy, Security, and Compliance

Grammarly’s commitment to enterprise-grade security offers significant benefits for Government agencies. As a trusted partner, Grammarly adheres to the highest industry standards, ensuring that sensitive information remains secure. The collaboration with Carahsoft further underscores this dedication. Grammarly provides tailored AI solutions that meet the specific security needs of the public sector. By emphasizing stringent security measures, Grammarly helps agencies confidently use their tools while safeguarding critical data.

Additionally, Grammarly’s subscription-based revenue model ensures that customer content is never sold, placing a strong emphasis on user privacy and control. This transparency is essential for Government agencies, allowing them to maintain oversight of their data usage at all times. With a solid foundation supported by third-party audits and certifications, Grammarly provides compliance and regulatory support that agencies can rely on, reinforcing their ability to operate within legal and ethical boundaries while maximizing operational efficiency.

Empowering the Public Sector with AI

Through our partnership with Carahsoft, we are dedicated to helping Government agencies lead, learn, and grow amid evolving demands. With Grammarly, your teams can confidently communicate, innovate, and serve the public more effectively.

For more information on implementing Grammarly within your agency, visit our website or contact Carahsoft today! Together, we can enhance Government operations’ efficiency and ensure that every message counts.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Grammarly, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

A Guide to the Continuous Diagnostic and Mitigation Program by CISA

The Continuous Diagnostics and Mitigation (CDM) Program, established in 2012 by the Cyber Security Infrastructure Security Agency (CISA), provides a dynamic approach to fortifying the cybersecurity of Government networks and systems by improving security posture of participating agencies and mitigating risk to the nation’s cyber and physical infrastructure.  

Carahsoft’s long and supportive history of CISA’s CDM program allows Carahsoft to provide cutting edge software to benefit the governments pressing national security requirements. Currently, Carahsoft supports more than 70 vendor partners on the CDM Approved Products List, assisting in completing the submission process and maintaining communication with CISA for APL updates. Our extensive vendor and partner network allows the Government to procure asset and identity management, network security and data protection tools in support of the CDM program. 

How the CDM Program Works 

The goal of the CDM program is to find and prioritize risks in cybersecurity, increasing visibility into the Federal cybersecurity space and improving the Government’s ability to respond to issues or threats. In the past few years, the CDM program has grown to become a proactive, coordinated and efficient entity. In CISA’s projected budget for 2025, $469.8M will be allotted for the CDM program to strengthen the security posture of Federal Government networks and systems. 

Carahsoft CISA CDM Program Update Blog Embedded Image 2024

CISA has a congressional mandate at the national level to extend cybersecurity and the availability of CDM tools. It also supplies capabilities and knowledge into the framework of State and Local Governments and works to protect the nation’s vital infrastructure. Government agencies have specific funding that they can use—in essence as a grant. Different agencies and governmental entities can apply to get funding from the Department of Homeland Security (DHS) to enable the purchase of CDM technologies. DHS and CISA work with emerging, established and developing cyber technologies to counter threats from a wide variety of adversaries. 

The CDM Program APL and Procurement Process 

The CDM program offers a set of certified tools and sensors, known as the APL. To begin the process for a solution to be approved for the APL, a vendor must submit information about its capabilities to CISA. For example, where that tool sits in the network and what it is capable of. Tools that are part of the CDM program provide capabilities in the following 4 areas: 

  1. Asset Management 
  1. Identity and Access Management 
  1. Network Security Management 
  1. Data Protection Management 

The CDM office at CISA evaluates the offeror’s claims for that solution for acceptability and applicability onto the APL. If it meets the defined cybersecurity criteria, it is then classified into a specific category. Products labeled by CDM listed on the GSA MAS IT schedule through GSA Advantage have already been vetted and approved by CISA, signifying that they meet the technical standards needed for Government procurement. Therefore, agencies do not need to repeat the evaluation process when purchasing through GSA. While CISA manages the CDM program, GSA provides the ease of buying and the ability to expedite awards. CDM products can also be acquired through the NASA SEWP CDM catalog and are added to this contract via customer request.  

The CDM program includes cybersecurity tools and sensors reviewed for conformance with Section 508, Federal license users and CDM technical requirements. Each month, the program offers a weeklong submission window for new tools to be submitted for addition to the APL, which allows for unique flexibility for a Government program and strengthens the program over time. Since the acquisition of new and innovative technology can oftentimes lead to longer implementation timelines for the Government, monthly rolling submissions allow for a quicker and more flexible process for agencies obtaining new products. Not only is this a benefit for Government, but for industry, too, as a larger submission window allows technology vendors the opportunity for their products to be added to the APL more frequently.  

Cybersecurity threats are ever evolving—and consequently so are the tools and the defensive measures needed to mitigate them. CDM products expire from the APL every 3 years to ensure the products listed continuously comply with modern cybersecurity standards. For more information on the technical evaluation process, please review the APL Product Submission Instructions. 

Benefits of Acquiring CDM Tools for End Users 

Broad Base of Customers: The CDM program focuses on Federal infrastructure but works with GSA and its broad customer base, including buyers such as the Departments of Agriculture, Transportation, Justice and Education, as well as tribal and territorial Governments, for example. 

High Levels of Support: At CISA, the CDM program delivers high levels of support to Federal civilian agencies. It has direct program management resources, funding resources, and outreach resources, among others. 

Election Security: Election security is top of mind for 2024. The Help America Vote Act (HAVA) is an organization whose funding focuses on securing elections, ensuring confidence in election results, having robust voting technology and withstanding potential cyber threats. This is a bipartisan issue since all parties agree that user experience and cybersecurity require improvement. The CDM program and its robust suite of tools address these crucial objectives. 

Critical Infrastructure: DHS prioritizes protective services to critical infrastructure organizations like power companies, oil refineries and railroads. For example, $130.3M of CISA’s FY25 budget will ensure emergency communication interoperability and assistance.  

Integrators for the CDM Program 

Integrators are an integral part of the CDM Program, providing cybersecurity expertise, consulting, technology, tools, solutions and services to participating Government agencies. These organizations work directly with the agencies to strengthen IT security posture, zero trust maturity and other mission critical cybersecurity needs. The following integrators are currently the contract holders for agencies participating in the CDM Program in groups A-F, which are categorized by the task orders each agency holds. 

To learn more about defending Federal networks and systems with the CDM Program, the partners we support on the CDM APL and how you can sell your products under CDM, visit our CDM Program Overview and contact us today. 

Classified Data Spillage: Considerations for Risk Mitigation and Containment

Classified data spillage has always been a concern to those in the national security community. When sensitive information spills onto an unauthorized medium or network, there can be grave consequences. 

The risk of data spillage continues to rise with the growth of data from broader collection and production, along with increased access to and use of this data for analytics and operations. Digital transformation, AI adoption, and data-driven decision-making have delivered great value to federal agencies, but these trends have made protecting classified data even more challenging than it already was.  

This situation warrants new consideration for how sensitive data can be protected against unintentional exposure, and how spillage is remediated when it occurs. Data sanitization plays an important role in this arena.

How Spillage Occurs

Data spillage is one way that unauthorized disclosure of classified information takes place. According to NIST, it is a “security incident that results in the transfer of classified information onto an information system not authorized to store or process that information.”

Blancco Classified Data Spillage Blog Embedded Image 2024

The spilled data could have been moved to an unclassified environment for nefarious purposes (e.g., espionage) or as a result of inadvertently mishandling the data (e.g., not following classification procedures). Examples of the former would include leaks such as those committed by high-profile conspirators Julian Assange and Chelsea Manning. Examples of the latter would include incidents that involve cleared personnel who physically relocate or improperly dispose of sensitive materials.

Spillage can also happen as an unintended consequence of a loss of control of classified data systems (e.g., an email server misconfiguration). The growing size and complexity of the government’s data management landscape has led to an increase in data spillage risk.

More Data to Protect… and Contain

More classified data is being shared for the benefit of national security decision making and operations. Effectively extracting value from that data means sharing data across more systems and giving access to more people. This can produce long-term national security benefits but also near-term data security challenges.

The sheer volume of classified data is a contributing factor.The rapid emergence of technologies such as artificial intelligence (AI) and internet of things (IoT), more automated data collection, and the government’s digital modernization efforts have exponentially increased the volume of sensitive data being transmitted, processed, and stored, increasing the possibility of spillage.

Some examples of this include:

  • Generative AI (GenAI) that produces sensitive or even classified information before humans can properly manage and classify the outputs.
  • Broadly deployed sensors that gather or contain classified data and transmit that data across broad networks.
  • A growing number of cleared personnel with access to classified information.
  • Large sensitive or classified data sets being fed into large language models (LLM) that may spill during the extract, transfer, load (ETL) process.

The Role of Data Sanitization

There are numerous security controls available to federal agencies to prevent data spillage and respond to it when it occurs. These include data protection measures such as access control, multi-factor authentication (MFA), encryption, data loss prevention (DLP), email security, and employee training.

Data sanitization also plays an increasingly important role. 

According to Gartner, data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable⁠. In other words, a device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will not ever be recovered. Data sanitization can also be performed on individual files, folders, virtual machines, and logical storage (without sanitizing the entire device or drive).

Sanitization of a device at decommissioning and ongoing data sanitization in live environments are both critical steps to reducing an organization’s data attack surface and potential risk of classified spillage. In this way, it helps to both prevent and mitigate it.

Prevention: Permanently removing classified data when it is no longer needed reduces the risk of this data ending up where it should not be. By deploying data sanitization tools, federal agencies can:

  • Remove redundant, obsolete, trivial (ROT), or dark (unused or unknown) data from storage environments.
  • Erase specific network files, folders, logical drives, or virtual environments to comply with classified data protection mandates.
  • Securely remove data from data storage drives or devices before storage or transport of those assets, including those slated for shredding or other physical destruction.
  • Integrate with data classification tools to proactively (and even automatically) identify, contain, and sanitize classified files when they are no longer needed.

Remediation: After a data spillage incident is discovered, action must be taken to ensure it is isolated and contained. Software-based data sanitization (including binary overwrite of all user-accessible and non-accessible partitions of the affected drive) can be applied to permanently remove classified data, even before physical destruction of the device or drive, as a robust risk mitigation measure. When done properly, data sanitization also provides additional assurance through erasure verification and reporting.

In its National Instruction on Classified Information Spillage,the Committee on National Security Systems (CNSS) provides the minimum actions required when responding to a spillage of classified information. According to CNSS, appropriate procedures for sanitizing or remediating the effects of a spill may include:

  • Using the operating system to delete the spilled information.
  • Re-labeling the media containing the spilled information to the appropriate classification/category and transferring the media into an appropriate environment.
  • Removing the classified information from the media by organization-approved technical means to render the information unrecoverable.
  • Erasing operating system, program files, and all data files.
  • Erasing all partition tables and drive formats.
  • Erasing and sanitizing the media.
  • Forfeiting the media.

Many of these procedures can be effectively implemented through a mature data sanitization platform and process.

To note, this guidance was issued before the recent developments in AI, IoT, etc., noted above. Likely, the emphasis on data sanitization in live environments will increase as policy is updated to better reflect—and keep pace with—the sheer volume of sensitive data being shared and processed at scale.

Data spillage is a real and growing risk to national security, demanding a measured response. There are many security controls and associated policies available to prevent spillage and remediate it when it occurs. Robust data sanitization tools are likely to become more widely used, as agencies implement these capabilities in routine end-of-life data and device management, as well as in non-routine data spillage scenarios.

Reach out if you are interested in learning how Blancco’s solutions can help you prevent data spillage.

Unified Security Readiness During the Election Season

Elections are the backbone of American democracy. Every vote counts, and agencies can help protect the integrity of voting by solidifying IT security. Keeping hardware and software updated is vital for successful cybersecurity. Through proper training and inter-organization communication, security industry leaders and Government agencies can help raise awareness on election-related issues.

Cyber Threat Landscape and Security Challenges in Modern Elections

By taking advantage of interest in elections, bad actors use common and highly trafficked websites to distribute remote access tools, allowing them to exfiltrate massive amounts of data. Traffic distribution system (TDS)—which are utilized to target ads to users, their search history and their location—are used by bad actors to push pop-up ads that prompt users to update their computer system or software. These pop-ups, hidden in TDSs, install ransomware and malware on the user’s device when clicked, making them difficult to find and fix. There is an uptick in these non-stop, ubiquitous attacks every election cycle. Bad actors target users that visit websites to stay updated on election news through pop-ups, phishing, web browser alerts and website subscriptions. All these methods lead users to socially engineered, compromised websites. However, agencies can prevent cybersecurity attacks at the office and at home by administering relevant security awareness training as part of a Human Risk Management Program.

Optimize Company Training on Security Awareness

ProofPoint Election Security Blog Embedded Image 2024

Employees trust their organization as a valuable source of security information. Therefore, it is important that agencies communicate training and awareness effectively to all users. Some anti-phishing modules rely on realignment methods such as enrolling employees for anti-phishing training after they are misled by these kinds of threats. This can create an environment where employees question whether to alert IT when they click on false updates or phishing scams. Instead, agencies can focus on promoting positive behaviors such as congratulating employees who report phishing attempts, small bite sized trainings, and focused awareness campaigns around threats in the landscape. Here are several ways agencies can support their employees in learning and implementing security best practices during this election season:

Focus on real-time awareness: Agencies should prioritize keeping employees up to date on live threats. Traditionally, users were encouraged to keep systems up-to-date by accepting update notices.  Now, to keep systems up-to-date while simultaneously discouraging pop-up clicks,

Contextualize email warning tags (EWTs): Emails are a great way to communicate awareness surrounding popular hacking methods. Including banners or visual cues, such as color themes, can help employees recognize company emails, giving them pause when faced with phishing threats. During election cycles, newsletters should focus on deepfakes and their effect on elections.

Utilize modules on demand: People trust their tech company or Government agency’s knowledge more than the news. Security awareness modules, training modules and weekly reminders can all help raise awareness among employees. By allowing users to access education modules at their own pace, agencies can pass on valuable knowledge in a way that is pressure and judgement free.

Focus on relevant topics: Modules should be relevant to employees. For example, training modules should be specific to each user’s job role. Short, one-to-two-minute targeted modules that hold the viewer’s attention can be more valuable than long, untargeted modules. During election cycles, the best modules cover election security, fake updates and safe browsing habits.

Teach at the trainee’s level: Agencies should meet employees at their level. Training should be tailored differently for users who may have more experience using the internet on a regular basis and users who did not have internet as a daily part of their education. Agencies must communicate with employees on security strategies, especially those with higher permission access.

Through all these methods, agencies should focus on the good, positively reinforcing employees and building trust between the individual and their organization. 

Transform Company Culture Through Transparent, Unified Security

Focus on the Why: To protect from fake updates and phishing scams, organizations can implement training and assessment strategies into their work culture. Transparency is key: by explaining the purpose of phishing simulations, employers can get employees on board with cybersecurity training. Agencies can use realistic, election-themed phishing simulations during module assessments, which work best in real-time scenarios rather than during training. By monitoring results, agencies can gauge whether users are adequately equipped with the knowledge to report threats within simulations.

Encourage Feedback and Build Trust: By checking in with users after training modules and simulations, agencies can ensure the training has resonated with users, as well as ensuring users do not view trainings as punitive action. The most important part to training simulations is that employees report phishing or pop-up scams to their organization, regardless of if they clicked on them or not. Trainers and leadership teams should use positive reinforcement as corrective behavior to encourage employees to better understand modern scams and how to spot them. It is important to establish that the employee is not in trouble, lest they feel that they cannot report future scams to the organization. Instead, training administrators should build conversations around the reason for clicking. Whether or not the employee was in a hurry, if they had specific training, if they need help or if scams were fallen for at a particular time of day are all valuable information points for preventing future oversights.

Creating a Security Culture: Visual aids placed in common areas are also a valuable learning reinforcement because repetition can help employees remember the most important details surrounding security. Common-sense posters and announcements can be placed in elevators, breakrooms and even on the back of bathroom stall doors. Additionally, agencies should administer regular updates and ongoing education through newsletters, and programming should be consistent and personable. Agencies can:

  1. Send reminders
  2. Share real-world examples
  3. Encourage discussion
  4. Provide easy action items (such as restarting computers daily)
  5. Provide resources for learning and reporting

Unity is key to transforming organizations’ culture, creating awareness around digital hygiene and cybersecurity. Ultimately, repetition, consistency and discussion can help users stay safe and protect the organization from phishing, pop-up scams and other cybersecurity related risks during the election cycle.

To learn more about election security readiness, visit Proofpoint and Carahsoft’s webinar, Navigating the Cyber Threat Landscape: Election Scams. To learn more about Proofpoint’s Human Risk Reduction Solutions, please visit their website. Check out Proofpoint and Carahsofts’ past webinars into the cyber threat landscape.

Securing Systems Through Segmentation and Zero Trust

Zero Trust is a cybersecurity strategy that recognizes trust as a vulnerability that may potentially allow malicious actors to exploit system environments. Traditionally, systems operated by granting permissions, visibility and trust to a user once they gain access. Rather than minimize trust and opportunity for breaches, Zero Trust eliminates trusted packets, systems and users altogether.

Implementing Zero Trust’s Fundamental Design Concepts

While breaches are inevitable, agencies can equip themselves with a Zero Trust framework to prevent successful cyber-attacks. Zero Trust encompasses identity, access permissions and micro segmentation, per the National Institute of Standards and Technology (NIST) architecture. All three enforcement points are required to complete the Zero Trust model. While security products are a component of Government agency’s implementation of Zero Trust, it is a strategy that requires proper planning.

To successfully implement Zero Trust, agencies must understand its fundamental design concepts.

  • Focus on business outcomes: Determine key agency objectives and design strategies with those in mind.

  • Design security strategies from the “inside out”: Typically, networks are designed from the “outside in,” beginning with the software and moving onto data. This can introduce vulnerabilities. By designing software accessibility around data and assets that need to be protected, agencies can personalize security and minimize vulnerabilities.

  • Determine who or what needs to have access: Individuals should default with the least amount of privilege, having additional access granted on a need-to-know basis.

  • Inspect and log all traffic: Multiple factors should be considered to determine whether to allow traffic, not just authentication. Understanding what traffic is moving in and out of the network prevents breaches.

Fundamentally, Zero Trust is simple. Trust is a human concept, not a digital concept. Once agencies understand the basics of Zero Trust, they can decide which tactics they will use to help them deploy it across their network.

Breaking Up Breaches with Segmentation

Illumio Microsegmentation Zero Trust Blog Embedded Image 2024

In other security strategies, security is implemented on perimeters or endpoints. This places IT far from the data that needs monitoring. The average time between a breach and its discovery is 277 days and is usually discovered by independent third parties. With flat, unsegmented surfaces, once breachers gain access to a network, they can take advantage of the entire system. Zero Trust alleviates this by transforming a system’s attack surface into a “protect surface.” Through proper segmentation, systems make the attack surface as small as possible, then places users adjacent to the attack surface to protect it. This area then becomes a more manageable surface for agencies to monitor and protect, eliminating the time gap between breach and discovery.

Once the strategy method is chosen, agencies must decide which tactics and tools they will use to deploy Zero Trust. Here is a simple, five-step process for deploying Zero Trust.

1. Define the protect surface: It is important to start with knowing what data needs protection. A great first step is to follow the DAAS element—protect data, assets, applications and services. Segmentation can help separate these four elements and posit each on its own protect surface, giving IT employees a manageable surface to monitor.

    2. Map transaction flows: With a robust protect surface, agencies can begin tailoring their Zero Trust environment. Understanding how the entire system functions together is imperative. With visibility into transaction flow mapping, agencies can build and architecture the environment around the protect surface.

    3. Architect a Zero Trust environment: Agencies should personalize their security to best fit their protect surface. That way, Zero Trust can work for the agency and its environment.

    4. Create policy: It is important to ask questions when creating policy, as Zero Trust is a set of granular allowance rules. Who should be allowed access and via what application? When should access be enabled? Where is the data located on the protect surface? Why is the agency doing this? These questions help agencies map out their personalized cybersecurity strategy.

    5. Monitor and maintain the protect surface: By creating an anti-fragile system, which increases its capability after exposure to shocks and violations, agencies can adapt and strengthen from stressors.

    Segmentation is vital to the theory of Zero Trust. Through centralized management, agencies can utilize segmentation to their benefit, positing IT adjacent to the specialized surface they protect. Zero Trust can be a learning curve. By implementing each protect surface individually, agencies can avoid becoming overwhelming. Building from the foundation up allows agencies to control their networks. Additional technologies, such as artificial intelligence (AI) and machine learning (ML), help give defenders the advantage by enabling them to focus on protect surfaces. Through a personalized and carefully planned Zero Trust strategy, agencies can stop breaches and protect their network and data.

    Illumio & Zero Trust

    Zero Trust often incorporates threat-hunting solutions, to detect a problem and then try to block or remove it. But no solution will ever be 100% and it must be assumed that eventually a threat will slip through, undetected. Undetected threats will eventually move between workloads, further compromising the network. Illumio, a cloud computing security company that specializes in Zero Trust micro segmentation, can future-proof agencies against malware.

    While threat-hunting tools focus on the workload, Illumio focuses on the segment, which means that Illumio enforces the Protect Surface via the vectors used by any and all threats that try to breach it. Any complex AI-generated malware which will appear in the near future will also want to move across segments, and Illumio will protect the environment today against threats which will appear tomorrow.

    To learn more about Zero Trust and Segmentation, visit Illumio’s webinar, Segmentation is the Foundation of Zero Trust.