Building a Foundation for an AI Future

Posted on by Mike Adams

It might seem like agencies are hesitant to adopt artificial intelligence. But really, it is quite the opposite. As Lori Wade, the Intelligence Community’s chief data officer, put it: “It is no longer just about the volume of data, it is about who can collect, access, exploit and gain actionable insight the fastest.” The realization is clear: Humans alone cannot keep pace. They need AI so they can make decisions based on the most relevant and most current information — and make those decisions in a timely manner. It is really as simple as that. Download the guide, “Building the Foundation for Your AI Future,” to pick up pointers on data management and AI, plus take a glimpse at the latest technology developments, tips for best practices and an explanation of the early value that AI is delivering to agencies across government.

How to Revolutionize Government Translation with Generative AI

“In situations where accurate and timely translations are crucial, the shortage of qualified and vetted linguists poses significant challenges. Equally, non-linguist analysts are not equipped with secure, at-desk tools to translate foreign language material at the speed of relevance. For example, during the ongoing war in Ukraine, there has been a scarcity of linguists available to provide real-time updates on the ground. This shortage not only has affected the ability to gather vital intelligence but also hindered the timely dissemination of information to national security and defense agencies in the U.S. and abroad.”

Read more insights from Jesse Rosenbaum, Vice President of Business Development and National Security at Lilt.

How Graph Databases Drive a Paradigm Shift in Data Platform Technology

“Federal agencies are awash in data. With recent modernization efforts, including the wide-scale adoption of cloud platforms and applications, it is easier than ever for agencies to receive streaming data on everything from logistics to finances to cybersecurity. But that volume of data requires new solutions to process and analyze it. Older methods like SQL and NoSQL simply are not up to the task of analyzing all of the connections between the government’s many massive databases. That is where the new graph paradigm of data platform technology comes in.”

Read more insights from Michael Moore, Principal for Partner Solutions and Technology at Neo4j.

How Agencies Can Upskill in AI to Achieve a Data Mesh Model

“Data mesh behavior actually goes a step further. AI has become so easy to use, business owners can actually join in the development alongside the data scientists. Therein lies the challenge: Upskilling subject matter experts across an entire organization is a big lift. The way it works best is to start with a center of excellence, a small group of people who begin working with business owners across the enterprise, office by office. They can then prove the value and evangelize it, and then the agency can move to a hub-and-spoke model, where the data scientists are co-developing alongside business owners. As successes pile up, the data scientists can take a step back and allow frontline workers to do the development, governing the new data products on their own.”

Read more insights from Doug Bryan, Field Chief Data Officer at Dataiku.

How Agencies Can Build a Data Foundation for Generative AI

“Generative artificial intelligence tools are making waves in the technology world, most famously ChatGPT. Although the code of these tools is significant, their real power stems from the data they are trained on. Gathering and correctly formatting the data, then transforming it to yield accurate predictions, often represents the most challenging aspect of developing these tools. Federal agencies that want to start leveraging generative AI already have massive amounts of data on which to train the technology. But to successfully implement these tools, they need to ensure the quality of their data before trusting any decisions they might make.”

Read more insights from Nasheb Ismaily, Principal Solutions Engineer at Cloudera.

How to Democratize Data as a Catalyst for Effective Decision-Making

“One of the key best practices in the Office of Management and Budget’s Federal Data Strategy calls for using data to guide decision-making. But that is easier said than done when the ability to analyze the data, much less access it, is limited to an agency’s often overworked and understaffed data science specialists. But now that every line of federal business has their own data silo and a mandate to use that data to guide decisions, agencies need a way to democratize access to that data and empower every federal employee to become an analyst.”

Read more insights from Kevin Woo, Director of Federal Sales at Alteryx.

Download the full Expert Edition for more insights from these artificial intelligence leaders, additional government interviews, historical perspectives and industry research.

People Plus Technology: Building a Resilient Federal Cyber Workforce

Posted on by Alex Whitworth

Filling cyber jobs in Federal agencies is complicated – it requires competing with industry salaries, retaining existing talent and navigating the Federal hiring process. It’s a far-reaching challenge that affects every agency – the administration knows that, the Office of Personnel Management knows that, and agency technology and human resources leaders know that. And federal C suite leaders realize how the government recruits, hires and retains people for cyber jobs has to change. In partnership with FNN, our Federal Cyber Workforce guide takes a look at what the government is doing to tackle this problem on a sweeping federal level and also on a more agency-specific level. We also get industry perspective on the technologies that affect cyber workforce resiliency. We hope it provides some guidance and help as your agency works to beef up its cybersecurity, both through investments in people and technology.

3 Key Rallying Points for a Resilient Cybersecurity Team

“Agencies are currently operating in a high-threat environment, but that doesn’t mean they can’t implement a reasonable amount of information assurance. It may not be perfect, but it doesn’t have to be. The idea is to make it so that adversaries have to work extremely hard to penetrate the infrastructure. The adversaries are good, but agencies can be better with a resilient cybersecurity team, said Mark Bowling, chief risk, security and information security officer for ExtraHop. The key to achieving this is to have a risk reduction perspective.”

Read more insights from Mark Bowling, Chief Risk, Security and Information Security Officer at ExtraHop.

Do not Wait for a Breach: Why to Adopt Proactive Approach to Cyber Resilience

“When most people talk about cyber resilience, they’re referring to post-breach recovery — the means, methods and speed with which an organization can get its systems and services back online after a cyber incident. But Felipe Fernandez, federal chief technology officer at Fortinet, views resiliency more holistically. His advice? Agencies need to take a proactive stance on cyber resilience and include not only recovery from breaches but also when their planning for non-malicious threats and other operational disruptions, including those associated with cloud-based services.”

Read more insights from Felipe Fernandez, Federal Chief Technology Officer at Fortinet.

Proactively Improve Digital Employee Experience Though Automation

“Digital modernization and the adoption of collaboration tools is supposed to make work easier, especially in a hybrid environment. Employees want the flexibility to be productive in whatever manner best suits them. Unresolved technology issues can impede productivity. In its latest survey of industry employees and IT professionals, Ivanti found that 49% of employees are frustrated with the tools they use and 26% are considering leaving their jobs because of that. Employee experience is a top priority in government right now, and employees are internal customers of an agency’s IT services. By improving their experience your agency can realize gains in productivity and retention.”

Read more insights from Mareike Fondufe, Product Marketing Director at Ivanti.

Download the full Expert Edition for more insights from these cyber workforce leaders and additional government interviews, historical perspectives and industry research.

Why AppExchange Use Offers Agencies Untapped Opportunity

Posted on by Bethany Blackwell

In our first Insider’s Guide, we’re pulling back the curtain on the world’s largest cloud app marketplace, the Salesforce AppExchange, to offer a look at what it is, how it works and how it can provide value to agencies in extending their investment in the Salesforce platform. With the government’s increased focus on improving service delivery — particularly public-facing services per the presidential administration executive order on customer service — taking advantage of possible software-as-a-service integrations with the Salesforce customer relationship management platform makes logical sense. Download the guide to learn how AppExchange helps organizations increase productivity, eliminate risk and save time.

Nintex DocGen for Document Creation, Automation and Management

“A great example would be voter registration cards. Every year, you need to update it. We make it really easy to go out and maintain it with our solution and not have to go into code to make updates. It becomes easy to create, easy to maintain going forward and not having to spend budget on development cycles or development resources to build these solutions. The alternative is to write and maintain custom Apex code, which requires an advanced skill set and takes more time. This is a faster way to develop it and an easier way to maintain it.”

Read more insights from Steve Witt, Director of Public Sector at Nintex.

FormAssembly for Secure Online Forms

“Specifically, we’re the most secure and compliant platform in the entire marketplace. That is how we go to market, that’s what we pride ourselves on: being good stewards of our data, being thought leaders in that space. Government organizations should use us because, doubling down on the security and compliancy, we’re tailored for highly sensitive data. We’re built for that. We hold the distinction of being the only FedRAMP-ready platform on the marketplace in this category. We also hold SOC 2, ISO 27001, PCI DSS and GDPR compliance. And really, what that means for our customers and partners is that we’re experts in this space, and that will mitigate any risk and collecting data for your organization, whether it’s here in the United States or abroad.”

Read more insights from Paul Lazatin, Director of Partnerships at FormAssembly.

WalkMe for No-Code Digital Adoption

“What makes us unique is that we have the ability to overlay on any enterprise application in the tech stack, commercial off-the-shelf (COTS), government off-the-shelf (GOTS) or custom-built. By doing so, we’re able to create better user experiences, drive employee productivity and monitor digital adoption on any enterprise application that’s being deployed out to the federal government, whether those applications are internal to employees or externally facing for taxpayers and constituents.”

Read more insights from Carl Wright, Director of Public Sector of Federal Sales at WalkMe.

Odaseva for Enterprise Data Protection

“Many federal and state organizations have questions that need answers when it comes to managing their Salesforce data. How do Salesforce users archive data that is no longer needed? How do they comply with regulations such as those from the National Institute of Standards and Technology or in the California Consumer Privacy Act? That’s why we at Odaseva consider the data management lifecycle. Odaseva helps organizations comply with the strictest data regulations and guard against data failure — all with precise control on a field-tested platform to scale with ease. And we deliver this with the strongest data security features that exceed the requirements of even the most complex, highly regulated businesses in the world.”

Read more insights from Matt Carstensen, Senior Solutions Engineer at Odaseva.

Conga Apps for Contract and Workflow Management

“Conga offers a flexible platform and set of solutions built natively on top of Salesforce that address a broad set of needs for federal, state and local government entities. Our products include Composer, the number one downloaded application on Salesforce’s AppExchange. Conga Composer allows public sector customers to automate document generation to get work done faster and easier in Salesforce. Users can create documents with dynamic data from Salesforce in the correct template, then send it, store it and trigger the next business process. Conga Sign is a modern and highly secure e-signature solution. We now offer a FedRAMP-certified version of our e-signature solution, which is getting quite a bit of attention.”

Read more insights from Eric Daggett, Vice President of Sales for Public Sector at Conga.

Download the full Insider’s Guide for more insights from these AppExchange leaders and additional interviews, research and infographics.

How to Achieve your Agency’s Customer Experience Goals

Posted on by Tiffany Goddard

Customer experience pervades every aspect of what the government does — and some might argue, why it exists. What’s more, it has become profoundly clear that everyone is a customer. There are the obvious customers, people across the nation. But then there are current and former federal employees, businesses large and small, the government’s contracting community, other agencies and even other nations. Likely, there are more. Unlike a private company, a federal agency often has no competitor for its services. That fact has created a lag in the evolution of federal CX and digital services — relative to what businesses and nongovernment organizations typically provide today and what people now expect. Agencies are on it now though. The presidential executive order on customer experience of December 2021 targets the need to evolve CX and points up the destructive affect that poor service delivery has on public trust. Download the guide to learn how to meet the expectations of the public, as well as the many other customers agencies serve, with a multipronged strategy that focuses on culture, processes and technology.

Want to Enhance Customer Experience? Here’s Where to Start

“The key to the success of Farmers.gov is its simplicity, Bremby said. USDA has put all the information farmers need in a single place and made it easy for them to complete the necessary processes to receive services. USDA consolidated seven digital systems and 150 web resources into one intelligent platform that follows a user’s progress. And that, Bremby noted, is the biggest metric for success in customer experience: Did the customer complete the transaction? Or did they drop off somewhere in the middle of the process, like abandoning a cart while shopping online?”

Read more insights from Rod Bremby, Regional Vice President for Global Public Sector at Salesforce.

Meaningful Communication Creates the Foundation for Good Customer Experience

“Agencies are familiar with traditional communications media. They engage with public relations firms and the news media to promote stories. They conduct public awareness campaigns across every available platform, from bus stop advertisements to social media, and they tend to be pretty good at driving broad awareness. Where they fall short though, Peterson said, is more granular, personalized messaging.”

Read more insights from Angy Peterson, Vice President at Granicus.

How Federal Agencies can Pivot to Experience-driven Government

“People who rely on government services are usually accessing them at critical junctures in their lives, often moments of profound need. They’re looking for relief in the aftermath of a natural disaster, for public health data during an epidemic, for financial stability in retirement, and for ways to prepare for growth or cope with losses affecting their families and businesses. That’s why agencies need to pivot to experience-driven government, meeting citizens where they’re at in their journeys and connecting them with the right services at the right time.”

Read more insights from James Hanson, Head of Industry Strategy for the Public Sector at Adobe.

Don’t Let a Cyber Staff Shortage Weaken Your Defenses

“Federal agencies are taking note and have started making significant strides toward digital transformation, driven in no small part by recent directives, including the president’s executive order on customer experience. While competitive pressures often motivate private sector enterprises to invest in innovation, the government’s greatest competition is usually the status quo. Agencies have been delivering services in the same way for so long that impacting change requires redirecting institutional inertia — to say nothing of overcoming budgetary obstacles. One way for agencies to get started on this journey is to begin digitizing agreements.”

Read more insights from Michael “MJ” Jackson, Vice President and Global Head of Industries at DocuSign.

Here are 3 Phases to Begin Modernizing Customer Experience Right Away

“For years, agencies have been researching, modernizing and overhauling how customers experience doing business with the federal government. Over the course of several presidential administrations, with the help of Office of Management and Budget mandates, presidential executive orders and an influx of customer experience talent, there has been a noticeable shift toward organizational CX management approaches. Agencies have an opportunity to take full advantage of technological advances to improve customer experience management capacity at scale. Advances in cloud technology, data analytics and new communications channels have opened up new avenues to improve an agency’s capability to design and deliver services for both customers and federal employees.”

Read more insights from Matt Chong, Vice President of Federal at Qualtrics.

Download the full Expert Edition for more insights from these customer experience leaders and additional government interviews, historical perspectives and industry research.

Best Practices for Implementing DevSecOps

Posted on by The Carahsoft Team

It’s not surprising that the development, security and operations approach to building software is the darling of IT teams across the government. It’s essential given the current mandate that agencies move toward zero trust environments. Having secure software is fundamental, and DevSecOps helps agencies get there and deliver user-tailored applications faster. Less clear is the best path for implementing DevSecOps. That’s in part because the missions and goals of agencies vary. No matter where your agency is on adopting DevSecOps, it’s critical to realize that — like most things IT — moving to a methodology for software that integrates development, security and operations is not just a matter of making the right technology choices. There’s a major people and workflow component that requires people teaming up and collaborating in new ways. Download the guide to learn how the lessons learned by federal agency and industry experts will help you as your agency embraces DevSecOps.

5 Essential Ingredients to Make DevSecOps the Heart of Your Agency’s Digital Transformation

“There’s no denying the value of a development, security, operations approach to creating software and applications. Here’s why: ‘The government is building better quality software. They are getting it deployed faster. Security teams are involved in the beginning, middle and end — every step along the way,’ said Adam Clater. But beyond the blending of an agency’s development, security and operations teams, what are those must-haves to make DevSecOps succeed and drive digital transformation? Clater identified five critical elements necessary to DevSecOps and establishing a continuous integration and continuous deployment pipeline. That CI/CD pipeline serves as the agile workflow conduit for DevSecOps, he said.”

Read more insights from Adam Clater, Chief Architect for North America Public Sector at Red Hat.

How Effective DevSecOps Enables More Secure Software Development

“The legacy model of software development is one of the biggest roadblocks to delivering secure applications at the speed that modern consumers and citizens expect. Taking a manual approach to security after the initial development build can leave teams with a remediation timeline measure in weeks, if not months. That’s why it’s important for federal agencies to adopt a development, security and operations (DevSecOps) approach, which weaves security into every step of software development from design to build and beyond. Unifying development and security processes while also automating scanning throughout the application lifecycle — not just during development — can help agencies deliver more secure software faster and at a lower cost, better positioning themselves to adopt a zero trust architecture.”

Read more insights from Ted Rutsch, Federal Sales Manager at Invicti Security.

Embracing DevSecOps Requires a Mindset Shift and Simple (Not Simplistic) Tools

“DevSecOps — development, security and operations — is the new standard for delivering secure software at the pace that customers and citizens expect from their government today. This is accomplished by integrating security with development and operations teams at the start of the process. But despite its focus on delivering technology-enabled solutions that ensure security is considered from the very beginning rather than an afterthought, what often gets lost in the shuffle is that technology is only one component. DevSecOps requires a mindset shift that revolves around people and processes just as much as technology.”

Read more insights from Joe Bleich, Director of Sales at Datadog.

Lesson Plan for Accelerating Adoption of DevSecOps in Your Agency

“DevSecOps teams have a reputation for being able to ship secure software quickly, and that has a lot to do with software being assembled from open source libraries and not built from scratch. A recent Gartner report shows 70% of software is built using open source packages, and an average of 75% of these packages have vulnerabilities at any point in time. Teams that don’t prioritize continuous visibility on their security posture are at risk. And they could be building on top of vulnerable systems with unresolved day zero vulnerabilities. But it’s possible to mitigate the risk by leaning into continuous transparency throughout the development stack.”

Read more insights from Atlassian’s Senior Designer, Nupur Aggarwal, and Senior Product Manager, Andrew Pankevicius.

How to Structure a Successful Software Factory

“One of the best ways government can begin to facilitate this mindset shift is to cultivate the right leadership. Oti said the first step is to hire leadership based off capabilities rather than career field. It doesn’t matter if a software development team is led by an engineer, data scientist or program manager. What matters is that person has the vision and skill sets to lead a cross-functional team. If delivering high-quality software is the highest priority for a development team, then a proven ability to deliver needs to be the highest priority in choosing its leadership. And because DevSecOps requires the integration of multiple (traditionally stove-piped) job functions, cross-disciplinary empathy and understanding is also an important metric in gauging potential leadership for a development team. Degrees and seniority are irrelevant, Oti said. In the Air Force, successful software development teams are led by officers, enlisted Airmen, civilians and even contractors.”

Read more insights from Enrique Oti, Chief Technology Officer at Second Front Systems.

Download the full Expert Edition for more insights from these DevSecOps thought leaders and additional government interviews, historical perspectives and industry research.

The “Sixth Pillar” of the Zero Trust Maturity Model

Posted on by Jay Leask

With the swiftly approaching 2024 deadline for Federal IT and security teams to implement zero trust architectures, agencies must enhance their cybersecurity efforts to combat growing risks within user access and authorization to organization assets. At Federal News Network’s recent event, Zero Trust Cyber Exchange, industry and government experts shared insights on implementing zero trust, and topics like “How Zero Trust Extends Defense in Depth,” “Why to Start with a Data Inventory” and “Identity as Critical Infrastructure.” Sessions also examined some agencies progress with their zero trust transition and take-aways from the process.

In 2021, The Cybersecurity and Infrastructure Security Agency (CISA) outlined five foundational pillars of the Zero Trust Maturity Model: Data, Applications Workload, Network/Environment, Device and Identity. However, there is a “sixth pillar” equally as important as the others—the workspace. With a collaborative environment, the workspace is the intersection of data and the user that also promotes positive cybersecurity reinforcement. Public sector organizations should consider the workspace environment while developing strategies and planning to move toward zero trust implementation.

Collaborative Environments are Key

In modern cybersecurity, one cannot assume their content is secure simply because their network is secure. A full zero trust framework should go beyond protecting the network and devices and provide security to workspaces, content and data. These workspaces constantly change as users are added or removed, and content often evolves into different drafts and uploaded by various people with different file names. This can lead to mishaps like unreliable tagging, which disrupts the system from automatically categorizing sensitive information from non-sensitive data.

Additionally, controlling access to workspaces is inherently important to prevent risks such as overprivileged users and increased negative exposure. By adding the “sixth pillar” to an organization’s zero trust planning through appropriate strategies, the risks that come from an unsecured workspace can be avoided. These include having delegated administration with the right-size permissions, sensitivity labels, catalog workspaces, policy enforcement, actionable insights and secure external sharing.

Understanding Data to Create Efficient Workspaces

When working in these collaborative spaces, the idea is simple. Agencies should regard an entire workspace with a high level of security for every piece of content or data, and only make exceptions for information that is less sensitive to be shared amongst a broader audience. At the beginning of the process of designing zero trust with the “sixth pillar” in mind, organizations should consider the expected level of sensitivity of the information within this workspace. Once determined, administrators can automatically set adequate security parameters and user privileges for each individual workspace that is created.

Customers in the Department of Defense (DoD) need a reliable way to lock down specific data without having to lock down an entire department workspace. If someone tries adding a foreign user to a workspace with data from the International Traffic in Arms Regulations (ITAR), they are immediately incompliant. That workspace, particularly, can be given specific policies to avoid unwanted user access without having to prohibit all users’ access to the sensitive data. This provides a truly collaborative workspace environment while also remaining fully secure.

Easing the Implementation Burden on IT and Security Teams

One of the most significant challenges when implementing any new cybersecurity strategy is finding a balance so as not to put extra strain on organizations’ IT and security teams. Often, requests for changes can increase and overburden staff because their resources and budgets do not grow exponentially with these requests. To save IT teams time, programmatically securing data from users becomes an important first step so they can focus on those exceptions instead of the automatic rules set from the start. Another way to avoid overloading security staff is by delegating the proper administration credentials so the correct users are authorized to share within the centralized environments. Considering the “sixth pillar” allows those administrators to recognize specific sensitivities and department landscapes and create workspaces accordingly, ultimately processing it through the lens of zero trust.

Why the “Sixth Pillar” Works

When approaching the topic, the best way to capture organizations’ attention is to discuss how the “sixth pillar” can enable department administrators to manage their own content and data. Instead of admins having to manually run script, the secure workspace approach allows them to set immediate policies and automatically deploy them, saving time and headaches for the entire organization. On any level, public sector organizations can define their sensitive data and utilize the “sixth pillar” by implementing workspaces without overworking IT and security teams, leading to an enhanced zero trust framework for overall improved security.

Visit the AvePoint resources page to learn more about how AvePoint can support your organization’s zero trust mission using the above strategies and procedures.

Federal News Network Expert Edition: DevSecOps

Posted on by The Carahsoft Team

The trend across civilian and defense agencies when it comes to software development is clear. People and culture matter the most when changing the way an agency develops software. Even with reskilling and training employees, agencies still aren’t guaranteed success in using DevSecOps. Many agencies need to become more comfortable with automating the security controls as well as change the way these projects are funded. Hear from leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency on how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers in the latest Federal News Network Expert Edition report.

Applying DevOps Principles to Achieve Software Supply Chain Security

“A recent survey sponsored by CloudBees showed that software supply chain security is top of mind for many senior executives right now. The problem is a general lack of clarity on what to do about it. A recent executive order from President Joe Biden’s administration charges several agencies, including the National Institute of Standards and Technology, with releasing guidance around this very issue. NIST’s preliminary guidelines were due in early November and not yet released at the time of this article.”

Read more insights from CloudBees’ CISO, Prakash Sethuraman.

5 Ingredients for Successful Mobile DevSecOps

“Applying DevSecOps principles to mobile app development is somewhat different from web. ‘If you think about a web application, it basically runs in any browser on any desktop or device in the world. So in terms of developing and testing it, you really just need to test it once or twice for one or two browsers. And in terms of coding, the browser and server provide a ton of security built in and easy for the developer to use,’ said Brian Reed, chief mobility officer at NowSecure. ‘For mobile apps, you have to choose iOS or Android. And if you do both, you have to write it twice, effectively. Unlike web browsers, to build apps for mobile devices, the developer has to understand how the mobile device and operating system works, how secure data storage works, how crypto works, how secure network communications works and a myriad of other security application programming interfaces (APIs).’”

Read more insights from NowSecure’s Chief Mobility Officer, Brian Reed.

Software Bill of Materials is the First Step to Improve Software Supply Chain Security

“A confluence of events, including the SolarWinds breach and the subsequent White House executive order on cybersecurity, has pushed software supply chain security center-stage for the federal government and the ecosystem of contractors that do business with it. It’s a top priority for many executives, but traditional notions of cybersecurity are proving inadequate to the current landscape, and the path forward isn’t always clear. So where do they start?”

Read more insights from Anchore’s Solutions Architect and Technical Lead, Jeremy Bryan.

4 Strategies to Overcome Obstacles in Adopting DevSecOps in Your Agency

“A recent survey conducted by Federal News Network in partnership with Atlassian revealed a large disconnect between IT and non-IT staff at federal agencies. Fewer than 10% of respondents said their business or mission area was heavily involved in setting project requirements for IT services. Two-thirds of respondents said they don’t get to comment on or review new technology capabilities during development or before they are launched. And 63% said collaboration within the agency was difficult.”

Read more insights from Atlassian’s Director of Technology for Public Sector, Ken Urban.

Download the full Federal News Network Expert Edition report for more insights on the future of DevSecOps from Carahsoft’s technology partners and leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency.

The DoD’s Move to 5G Infrastructure and Devices

Posted on by The Carahsoft Team

Over the last several years, the discussion around 5G moved from hope and planning to pilots and test beds. Now agencies and industry are on the cusp of a 5G reality. Agencies already are spending billions of dollars on these 5G tests and now the Federal Communications Commission and others are providing more money to further roll out 5G infrastructure. Taken altogether, 5G is close to that tipping point where a technology become ubiquitous. The FCC has allocated $9 billion to roll out 5G infrastructure across rural America. Meanwhile, the Defense Department and the Coast Guard already are seeing the benefits of 5G to servicemembers. Hear from leaders at DoD, the Coast Guard, FCC and CISA on how 5G can bring new capabilities and innovations that allow agency personnel to experience data, training and operations in ways not possible before in the latest Federal News Network Expert Edition report.

Enterprise-Grade Security Is Vital for Secure 5G Infrastructure

“Top of mind regarding 5G benefits is security. To be fair, 5G also comes with its own risks: The rapid proliferation of endpoint devices enabled by 5G means a massive expansion of the threat surface. And because most of those devices are mobile or sensors, they’re not secure to begin with. But 5G also enables the solution to these problems. For one thing, it adds heightened authentication, which is important because the biggest vulnerability to a network is the user. Users can add malicious software to devices, which can access data they’re not supposed to or influence the way the network operates.”

Read more insights from Palo Alto’s Senior Systems Engineering Specialist for 5G and Mobility, Bryan Wenger.

How DoD, IC Can Adopt Commercial Tech in the Mission Space Through Industry Co-Innovation

“From an operational perspective, technologies like 5G are going to exponentially increase the amount of data available within the enterprise, because nearly anything can become a sensor. That means, for example, in the area of contested logistics, the DoD will be able to have greater understanding and visibility into its supply chain nodes. More accurate inventory and consumption levels will provide better insight into the demand signal and allow for automation through a logistics system. It’s a smart depot all the way down to the individual soldier, but this makes it all the more critical to properly manage this data. This is an area where commercial technologies are well established and proven to work.”

Read more insights from SAP NS2’s CTO, Kyle Rice.

Neutral Host Networks, Private LTE Can Give Agencies Greater Flexibility, Security

“Neutral host networks can provide agencies with more autonomy and control over their networks. For example, a federal facility can set up a neutral host LTE network to mimic security controls they would usually use on their enterprise Wi- Fi. That also provides an infrastructure separate from service carriers in that area, but that is also capable of supporting and extending the service range of those carriers. In many remote or rural areas, there aren’t enough subscribers to justify investment in a large-scale LTE deployment. Federal agencies could potentially sublease a network as a revenue stream or cost offset. It’s like paving a road with private funds, then setting up a toll booth to cover the cost.”

Read more insights from Dell’s Lead System Architect, Chris Thomas.

JMA Brings Savings, Flexibility to 5G with Software Virtualization

“Virtualization is when you take something that used to be done in hardware, and you do it in software. Take your phone as an example: You used to have a dedicated iPod to do your music, and now it’s an application on your phone. The same thing can be said now in mobile wireless. At a cell site, you used to deploy numerous racks of equipment, to do what’s called the RAN function, the radio access network function. We at JMA take those racks of equipment, and we’ve now converted that into a 100% software solution that we call XRAN. Others in the industry have also converted RAN into software, but they still rely on specialized hardware accelerators. JMA’s is unique in that it provides 100% 5G capability in software.”

Read more insights from JMA’s Senior Vice President for the Federal Market, Andrew Adams.

Download the full Federal News Network Expert Edition report for more insights on the future of 5G from Carahsoft’s technology partners and leaders at DOD, the Coast Guard, FCC, and CISA.

Federal News Network Expert Edition: FedRAMP

Posted on by The Carahsoft Team

When the Office of Management and Budget first conceived the Federal Risk Authorization Management Program (FedRAMP) back in 2010 and launched it in 2011, the concept was supposed to make it easier for agencies to move to secure cloud instances. Unfortunately for agencies and vendors alike, turning that proposal into reality has been more difficult than imagined. At the same time, the FedRAMP program management office saw and heard—sometimes quite loudly—the calls to simplify its processes without losing any security rigor. That’s why FedRAMP issued a white paper in February asking for feedback on the threat-scoring methodology with the goal of ensuring that consistency and rigor while continually reducing the burden of FedRAMP. Brian Conrad, the acting director of FedRAMP, said the latest set of initiatives strive to continually improve the government-wide program. Hear from leaders at FedRAMP, CISA, NIST, GSA, DoD and DHS on how changes such as automation and simplification are likely to impact the cloud security program in the latest Federal News Network Expert Edition report.

For Digital Communications, Cloud Meets Agency Needs for Security, Scalability

“Much has been made of the government’s pivot to a mostly telework environment last year, especially with regards to how to enable government employees to maintain their mission and collaborate effectively. But less attention has been paid to the equally important subject of how agencies interact with their constituents, across agencies and out to businesses and consumers. The journey to providing digital services has been happening for years, but much like telework, the COVID pandemic acted as an accelerator to these efforts. Agencies have multiple ways of communicating with their constituents, each with their own specific requirements. For example, agencies that publish information for public consumption need to be able to host this information on their websites, and it has to be available to and consumable from a myriad of devices to suit the needs of the public. Likewise for email newsletters, where people can sign up to hear the latest information an agency has to offer. But those are one way communication channels, agency to public. Communication also has to move the other way, to allow constituents to get in touch with agencies.”

Read more insights from Adobe’s Vice President and Public Sector CTO, John Landwehr.

How Government can Innovate at the Speed of the Private Sector

“Governments have unique security needs for a reason. No other entity has such diverse, unique missions or collects such a huge volume of data – such as scientific, medical, tax, Social Security, defense and classified intelligence. But the idea that these security needs can prevent government agencies from innovating at the speed of the private sector is a myth. Think for a moment about all of the varied ways that data collected by federal agencies can be used. Take a very simple example: GPS location data. While most people think of that data in terms of being able to use their smartphone to find the best path from point A to point B, governments may use it for a variety of missions. But Salesforce has also used that data to develop maps that allow agencies to track the locations of wildfires and the deployment of first responders, helping those agencies protect lives and prevent property damage.”

Read more insights from Salesforce’s Principal Solutions Engineer, Matt Goodrich.

Social Media is Increasingly Important to Federal Agencies. Here’s How They Can Do it Right.

“The COVID-19 pandemic forced massive changes in the way the government does business. In the beginning, all efforts were focused on enabling a primarily telework environment for federal employees, and securing that environment from outside threats. But after a year, those changes are spreading into other areas of business, forcing federal agencies to continue to adapt. Not least among those new challenges is the way agencies communicate with their constituents Many traditional brick and mortar locations are closed, shutting off that avenue for citizens to contact their government. In response, federal agencies are turning to digital communication methods to fill the gap. Websites and portals are one way citizens can find information published by agencies or access services. But the average American now spends two hours a day on social media, and federal agencies have to go where their citizens are. That means developing a strategy for communications, including new workflows and measures to ensure their security.”

Read more insights from Hootsuite’s Global Principal Solutions Consultant, Ben Cathers.

Agencies Need Better Data Intelligence – FedRAMP is Giving Them the Opportunity

“One of the biggest challenges agencies have to deal with when it comes to securing their data is their budget. Even if Congress were to increase funding for cybersecurity, that budget still has to be spent in the most efficient and effective way possible. That means agencies need to know their data inside and out: what it is, where it is, and what degree of security is appropriate to ensure its integrity and confidentiality. That’s important, because bad actors are targeting the data itself. They don’t care what infrastructure or platform it’s sitting on. They just want to exploit the data. That means agencies need a governance model. ‘Agencies are using many different types of technologies and varied database sources. And they’re operating very heterogeneous environments. They need technology that allows them to connect into all of those various data sources, and identify and understand what data exists in those locations,’ said Mike Lyons, chief information security officer at Collibra, a leading Data Intelligence software vendor. ‘Government agencies should be looking at cloud-based technologies for the purposes of securing their information, understanding their information, and frankly, trusting it.’”

Read more insights from Collibra’s Chief Information Security Officer, Myke Lyons.

Okta Can Be the Zero Trust Broker for Cloud Services

“When most people think about IT modernization, what they’re really thinking about is adopting cloud services. That’s true both for the innovation side of things and on the security side. The National Security Agency and other agencies heavily involved in cybersecurity recommend going to zero trust for modernizing identity and access management, and using cloud services to do so. That’s especially important in today’s environment, where workforces have been operating at maximum telework for almost a year. Most agencies’ network boundaries are no longer in their office buildings where they have total control, but are now in people’s homes. ‘A good friend of mine talked about this in the beginning of the lockdown. He basically said my agency went from 100 branch offices to 10,000 branch offices,’ said Sean Frazier, federal chief information security officer at Okta. ‘That’s exactly the mindset you have to take, which is now all of a sudden, I’m managing endpoints further out than I thought I was managing it. And zero trust is really the perfect security architecture for that use case.’”

Read more insights from Okta’s Federal Chief Security Officer, Sean Frazier.

Download the full Federal News Network Expert Edition report for more insights on the future of FedRAMP from Carahsoft’s technology partners and leaders at FEDRAMP, CISA, NIST, GSA, DoD and DHS.

Leaders In Innovation: Identity and Access Management

Posted on by The Carahsoft Team

Agencies have been learning the importance of identity and access management for nearly two decades, but, like many technological evolutions, the coronavirus pandemic has encouraged adoption on an entirely new scale. As remote work became the norm, agencies adapted to use technology like smart identity cards in new ways, enabling capabilities like digital signatures. These new features are secured by the common access card (CAC) in the Department of Defense (DoD) or the Personal Identity Verification (PIV) card in the civilian environment, and all follow the principles and strategies of identity and access management.

Learn more: 8 cybersecurity experts from across the Federal government and industry discuss identity and access management in the latest Leaders in Innovation report.

Shane Barney, the Chief Information Security Officer at the U.S. Citizenship and Immigration Services in the Homeland Security Department, said as agencies move to the cloud, a new common framework focused on data around identity credentialing and access management is necessary.

“I know GSA is working toward that. I’m excited to see where we are heading with that, honestly, because we’ve been working in the identity world for quite a while now, very early on adopting some of those frameworks and trying to figure out a standard and hoping we are getting it right, and I think we’ve made good decisions, we made a couple of errors along the way and more good lessons,” he said in an executive brief sponsored by RSA and Carahsoft.

COVID-19 Has Also Highlighted Challenges

While agencies adapted to renewing or extending smart card authorizations, the pandemic made clear that other form factors must play a larger role in the months and years ahead, especially as agencies move toward a zero trust architecture.

Steve Schmalz, the Field Chief Technology Officer of the Federal Group at RSA, said agencies, like the commercial world, are starting to understand how cloud and remote workers are making the perimeter disappear.

“Zero trust is a fantastic conceptual way of dealing with that and talking about how you have to make sure to authenticate closer to the resource or make use of attributes and entry based access control to determine whether or not somebody should be allowed access to a particular resource,” Schmalz said, “That process of implementing attribute-based access control, looks like what you would have to do to implement a full zero trust architecture, where before individuals or processes get access to another resource, you have to check, you have to do some authentication.”

The Future of FIDO

The changes happening, whether at DoD, the U.S. Army or across GSA’s shared services, are not going unnoticed by the National Institute of Standards and Technology (NIST). David Temoshok, the NIST Senior Policy Advisor for Applied Cybersecurity, said the standards agency is updating the Federal Information Processing Standards (FIPS) 201 document to allow for new kinds of tokens such as those from FIDO Alliance.

“As FIDO continues to mature as an organization in standardizing secure authentication processes, one of the things that they have established is a certification program for devices to both be certified for conformance to the FIDO specifications, but also to evaluate the security because FIDO tokens and the FIDO authentication processes use cryptographic keys for cryptographic authentication processes, which are very secure, very resistant to man-in-the-middle and phishing attacks,” he said. “We would be recommending their use for both external authentication processes, but also internal, where it’s convenient for agencies to use that.”

Connecting the Dots with ICAM

Along with NIST’s FIPS-201 update, the Homeland Security Department has made identity the center of its continuous diagnostics and mitigation (CDM) program. Rob Carey, the vice president and general manager for global public sector solutions at RSA, said what continues to become clear throughout this discussion and use of identity credential and access management (ICAM) is the old way of “one type of approach for all” continues to be proven unworkable.

“We’ve used the term to any device, anytime, anywhere, and DoD for probably 20 years now. Now we’re at the precipice of delivering that. As you validate, authenticate, the question is the back end, how are the systems and the business processes embracing this authorization to move forward to allow the right people to access the ERP or the financial management system,” Carey said, in a panel discussion sponsored by RSA and Carahsoft. “How are we connecting those dots with this somewhat new and better framework that we’ve talked about using role-based access, attribute-based access control?”

As agencies continue to prioritize zero trust architecture, the growth of identity and access management will only become more prevalent. Download the full Leaders in Innovation report to hear from agency leaders at UCIS, CISA, U.S. Army, DHS, DoD, GSA and NIST on how they’re tackling the challenges and reaping the benefits of identity and access management.