Tag Archives: State and Local Government

Innovation in Cybersecurity: Technology Modernization and Improving Public Safety in Florida

Posted on by
Reply

From emergency response to IT teams, technology modernization plays a key role in improving cyber resiliency and efficiency in Florida’s state and local government agencies. At the Carahsoft Digital Transformation Roadshow in Tallahassee, Florida, Government IT and industry leaders engaged in dynamic discussions around transforming Florida through technology in three different sessions.

Leveraging Technology for Data-Driven Government

The use of emerging and innovative technologies is transforming legacy systems to better respond to citizens and facilitate digital services. Using cloud-ready architectures, agile methods and data interoperability, Florida is tapping top technology talent to redesign aging technology systems and deliver better outcomes for Floridians. The governor of Florida established the Florida Digital Service with the goal to deliver better government services and transparency to Floridians through design and technology. This goal expands the role of technology for delivering secure digital government services across the state.

When examining information technology at the Office of Inspector General, the key focuses are management, risk and internal audit. The inspector general community plays a critical role in offering assurance services for cybersecurity management, which was acknowledged by Florida governing bodies in 2021 with legislation requiring every inspector general to have a dedicated cybersecurity audit plan as part of their normal workflow. This expanded the focus from IT-specific audits to planning ahead with cybersecurity through an enterprise-wide audit.

Carahsoft Florida State and Local Roadshow Blog Embedded Image 2023Modernizing the procurement process has drastically changed the technology environment within the City of Tallahassee. By examining more than just business processes, identifying where to improve and how to implement those changes, agencies can set better standards, meet security compliance and improve overall efficiency. Investing in the correct tools allows agencies to leverage the interoperability of these solutions to improve communication and optimize performance. Whether that be a singular platform or different point solutions which are tied together, agencies need to find a solution that minimizes cost and maximizes output.

The ultimate goal for Florida agencies is to prioritize the modernization of their technology to leverage their hybrid environments while maintaining efficiency and combating cybersecurity attacks. Taking a hybrid approach builds up a level of comfort with the technology for agency teams as they tackle legacy modernization. With this approach, both internal teams and the public will gain understanding of these new systems all while scaling for future growth.

The Roadmap to Emergency Response through Technology

As natural disasters seem to be increasing in intensity and frequency, emergency response capabilities are critical to the safety of communities. Americans’ health, security and economic wellbeing are tied to climate and weather. In a state that often faces natural disasters such as hurricanes and flooding, recovery depends on fast, secure IT resources to match manpower and machinery with the locations most in need, while delivering fast and secure assistance to victims. The ability to collect, analyze and communicate data is critical for effective and efficient emergency management.

Throughout the pandemic, State and Local Government Agencies have leveraged new technologies and fast tracked their digital transformation. This journey of maturing technology quacking moving into smaller agencies in order to maximize their potential. The quality of video and efficiency for sharing photos and data within emergency management and first response has become a high priority for technology partners. The simplicity and frictionless aspect of video platforms have become critical for emergency management to provide transparency and safety to those individuals in the field.

AI, machine learning and voice recognition are just some of the technologies that can help improve the quality of communication and response time within emergency management. When dealing with phone calls, an agency can mature their voice recognition and AI to cut down the workload of call operators and encourage more people in the field to help with disaster response.

Combating Cyber Threats in Government

Federal, State and Local Agencies stand together in the fight to prevent and recover from cyberattacks, as their communities increasingly become targets of hackers and other cyber criminals. Cybersecurity risks range from data exploitation, insider threats and third-party practices as outsourcing increases ransomware, identity theft and fraudulent access to state government services.

Innovative policy and cyber resiliency have become some of the top priorities for public sector agencies. Over the past few years, agencies have seen how these bad actors are becoming more sophisticated, attacks are growing in scale and new techniques are being used to infiltrate Government systems. Wanting to prevent injuries and intrusions, cybersecurity teams have had to evaluate how to detect and respond quickly in this new hybrid workplace environment.

There is no more network perimeter as employees work from anywhere, so traditional on-prem technology has now had to expand to other point solutions, VPNs and mobile device management. Agencies now want to reach unified endpoint management in order to manage devices in the air, in office, on the field or at home. By leveraging automation and multiple cloud providers, agencies can improve security posture while eliminating manual effort which in turn cuts down cost and human error.

The massive migration to cloud and multicloud environments as well as computing from the edge to include the telecommuting and remote connected devices has fundamentally changed the way state and local agencies look at protecting their data. Taking on Zero Trust when it comes to identities, endpoints, applications, network data and infrastructure has become imperative for every government agency to move past perimeter-based security and into the future.

 

Learn more about Carahsoft’s experiences at the State and Local Roadshow Series: Digital Transformation at carah.io/slg-roadshow-series

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the Carahsoft Digital Transformation Roadshow.*

States Can Build Economic Efficiencies Into Complex, Sophisticated IT Environments

Posted on by
Reply

Modernizing IT is a priority for all levels of government. Despite its importance, a recent National Association of State Technology Directors study found only 50% of the 38 states surveyed have “budget mechanisms for specifically addressing IT modernization.” At the same time, 84% reported they had increased cloud services—and 76% increased their network infrastructure and bandwidth—because of the pandemic. To put it mildly, growing and scaling services without a budget isn’t ideal. However, building economic efficiencies into an increasingly complex, sophisticated IT environment is possible.

One way to approach cost containment is to build it into the approach taken when developing cloud-native applications and instilling the management of these applications with this mindset. This will likely pose challenges—developers are rarely responsible for the decisions about how their apps are implemented, used, or scaled. Likewise, those responsible for making decisions about infrastructure resources, maintenance, and operations may not understand or account for how much it costs to keep these cloud-native apps going. Here’s a look at how developers and operations management teams can better understand and manage the cost of application modernization programs:

SolarWinds Economic Efficiency Blog Embedded Image 2023The Relationship Between Cost Containment and the Modern Developer

The application development phase offers an opportunity to lay the foundation for cost containment and is a vital part of developer maturity.

An easy way to move toward cost-effective, sustainable applications is to adopt the underpinning of reliable operations—monitoring and observability. When developers ensure new and modernized applications include monitoring from the outset, DevOps and site reliability engineering (SRE) teams can better understand the state of their systems and proactively debug systems in production. This benefits the organizations who own these applications in the long run.

Here’s an example: suppose an application relies on platform-managed serverless or orchestrated containerization. There’s no shortage of opportunities to provide rich performance data for both developers and operations using commercial cloud-native or open-source monitoring options.

Through monitoring, developers can quickly get a sense of application durability and develop more sustainable applications to support cost containment. Considering sustainable cost containment during the dev phase isn’t best left to IT leaders; agency leaders will greatly appreciate the developer who builds the foundation into their apps.

Keys to Containing Cost

It’s also crucial to address agency leaders’ responsibility for ensuring the high performance of cloud-native applications once deployed. As much as we’d like them to, cloud-enabled technologies don’t maintain a minimum latency or uptime on their own. IT and network operations teams continuously monitor the health of cloud applications, infrastructure, and the networks they rely on to ensure a quality user experience and an uninterrupted mission.

They need full-stack observability without added costs for procuring and managing multiple monitoring tools and accommodating new reporting, alerting, and automation needs as time progresses. IT leaders can control costs in a cloud-native future by ensuring their developers and IT operations teams utilize the same centralized and automated monitoring tools—from launch to sunset.

By consolidating tools and achieving observability across services and agencies from a single integrated pane of glass, these teams can occupy the same monitoring domain and ensure peak performance of the entire application, infrastructure, and network environment while saving time and containing costs.

The cost-containment advantages of automation also can’t be overstated. Instead of IT pros spending hours trying to identify, diagnose, and fix hard-to-find performance issues, modern monitoring tools run in the background, automatically identifying performance issues and recommending optimization fixes.

As new systems and cloud-native applications come online, these systems allow agencies to quickly and easily scale their monitoring capabilities without additional expense, no matter how complex their cloud, multicloud, or hybrid environment becomes.

The results? A pathway for states without the budget for cloud and IT modernization to create economic efficiencies.

To learn more about SolarWinds’ observability platform, click here.

How to get StateRAMP Ready Faster with Security Snapshot

Posted on by
Reply

Security is of utmost importance to government agencies because they have access to the sensitive information of millions of people. To ensure this information stays private, StateRAMP (State Risk and Authorization Management Program) offers several guidelines to help.

StateRAMP is a nonprofit launched in 2021 and modeled after FedRAMP, a government-wide program that promotes secure cloud usage across the Federal government. State and local governments created StateRAMP to extend this authorization to the relationships between cloud service providers (CSPs) and state and local governments to improve cybersecurity posture. As an independent  nonprofit organization, StateRAMP has created a process for continuous cybersecurity improvement to efficiently and cost-effectively verify the cybersecurity of cloud service providers.

Carahsoft StateRAMP Security Snapshot Blog Embedded Image 2023A main initiative is evaluating the data security capabilities of cloud solution providers that sell to state and local governments. StateRAMP ensures CSPs meet minimum security requirements and helps them obtain verification and achieve certification. These verification statuses were created by StateRAMP and must be certified by a third party. To simplify this certification process, StateRAMP has introduced “Security Snapshot.”

Hurdles to Attaining StateRAMP Verification

StateRAMP has had an Authorized Product List since 2021,updated at the end of every business day. This list is comprised of verified providers who meet the minimum security requirements and provide an independent audit conducted by a Third Party Assessment Organization (3PAO). StateRAMP recognizes three verified statuses:

  1. Ready: The product meets minimum requirements.
  2. Provisional: The product exceeds minimum requirements and has a government sponsor.
  3. Authorized: The product satisfies all requirements and has a government sponsor.

There are 38 cloud service offerings (CSOs), 4 local government agencies, 2 universities and 17 states that are qualified in the above three tiers.

A Simpler Future with Security Snapshot

After StateRAMP’s verification process was introduced, providers encountered several questions. For some CSPs, it wasn’t easy to know if they could achieve a StateRAMP-Ready approval. The fear that CSPs would be left with a public, poor StateRAMP score induced anxiety in starting the approval process. Many agencies were unsure if they were making progress in the right direction. To combat this, StateRAMP released a new solution in early January 2023—the “Security Snapshot.”

Security Snapshot provides detailed information on how companies can get StateRAMP-certified. The snapshot offers a preliminary numerical score that CSPs can share with prospective government clients, which will not appear on the CSP’s record.

This resource acts as an early-stage security maturity assessment tool for cloud products. The intent of the service is to provide a first step toward achieving StateRAMP security status. The criteria are designed to help agencies validate minimum requirements and provide controls and additional benchmarks that would further aid in certification.

The Security Snapshot also helps providers gain quality insight into security postures and third-party cloud solutions such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) products. Ultimately, it provides insights for providers and the government branches they serve.

With the introduction of Security Snapshot, CSPs can ease their concerns, knowing they will receive detailed, personalized support to help them qualify for StateRAMP’s verification.

 

For more information on StateRAMP’s security approach, visit our StateRAMP resource hub and watch our Carahsoft briefing at carah.io/StateRAMP.