Building a DevSecOps Culture

Posted on by Rich Savage

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in Carahsoft’s Innovation in Government® report.

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

How Generative AI Improves Software Security

“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

Join us in-person for our must-attend DevSecOps Conference—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Making the Most of MultiCloud

Posted on by Will Jones

Experts make a clear distinction between hybrid and multicloud environments. The General Services Administration’s MultiCloud and Hybrid Cloud Guide notes that a multicloud architecture reflects the deliberate integration of services from multiple cloud service providers. By contrast, a hybrid architecture integrates public cloud, private cloud and on-premises infrastructure.

In a recent pulse survey of FCW readers, 49% of respondents said their agencies rely on hybrid cloud environments that combine public and private clouds with on-premises systems, and 39% said their cloud environments were based on private clouds. Only 8% identified themselves as multicloud. Multicloud environments are the natural evolution of the government’s move to the cloud. As technologies become more targeted and sophisticated, it is clear that a single product cannot meet all agency needs. Multicloud represents a highly individualized, fluid approach to capitalizing on everything cloud has to offer. Regardless of where they are on their journeys, agencies continue to benefit from advances in cloud technology. That’s because the same spirit of innovation that gave rise to the cloud is giving rise to new solutions for securing and managing cloud environments. Learn how your agency can determine an optimal cloud strategy in Carahsoft’s Innovation in Government® report.

How the Mission Drives MultiCloud Success

“For government agencies, security is a key consideration when adopting cloud technologies. The latest solutions can actually help agencies improve their security posture because of the specialized and deep focus that cloud providers bring to their mission of providing scalable and secure compute, network and storage infrastructure. At Google, we take a defense-in-depth approach to security and have over 1,000 professionals whose sole job is to ensure the security of our customers’ data and systems. They have made it their mission to prevent bad actors — whether people, companies or nation-states — from accessing customers’ data.”

Read more insights from Scott Frohman, Head of Defense Programs at Google Cloud.

Choosing the Right Cloud Tool for the Job

“Adding multicloud environments into an agency’s IT portfolio does come with challenges. In particular, it can create complexity for security teams that must protect the agency’s identities, devices, data, applications and infrastructure. Traditional cybersecurity tools weren’t designed for multicloud environments, and it can be difficult to transition from existing tools to platform-specific and cloud-native ones, but doing so is essential for taking full advantage of cloud’s market-leading security capabilities.”

Read more insights from Jason Payne, CTO at Microsoft Federal.

Seamlessly Embracing a MultiCloud Environment

“Choosing the right cloud solutions can be a daunting task, but knowing what steps to take can significantly streamline the process. Agencies should begin by clearly identifying their business and functional requirements and considering their security needs. Doing so will make it possible to evaluate which cloud service provider (CSP) is positioned to offer the best capabilities for the best cost. Throughout the process, agencies should keep in mind that enterprise data is their single most important asset.”

Read more insights from James Donlon, Director of Solution Engineering for Government and Education at Oracle.

The Move to MultiCloud by Default

“Automation is essential for multicloud management. Agencies can begin by automating activities and sharpening their skills in their own data centers. Once government IT professionals work with a platform to automate activities in the data center, they can then automate deployments to various clouds and make the process as efficient as possible. When automation is done correctly, agencies also give themselves the ability to move workloads smoothly between environments, whether they want to bring a workload back into the data center or move it to another cloud. The fact that the workload was built on an automation platform means agencies are already a step ahead when it comes to getting that deployment done and reaping the benefits of a multicloud environment.”

Read more insights from Adam Clater, Chief Architect of the North America Public Sector at Red Hat.

A Smarter Approach to Cloud Adoption

“The cloud-smart strategy is to migrate then modernize most workloads because the speed of cloud adoption and the consolidation of operating constructs is crucial. Such an approach also reduces costs, migration manpower and training burdens. In fact, most workloads can move to the optimized cloud of choice as-is if the right abstraction and workload management capabilities are employed. Once applications are in the cloud, they are easier to modernize.”

Read more insights from Jeremiah Sanders, Senior Transformation Strategist at VMware.

Download the full Innovation in Government® report for more insights from these cloud thought leaders and additional industry research from FCW.

Latest VMware FedRAMP Authorizations Show Commitment to US Public Sector

Posted on by The Carahsoft Team

Since 2004, Carahsoft and VMware have partnered to bring federal agencies, state & local governments, educational institutions, and healthcare facilities the highest quality and secure tech products to up-level their capabilities and citizen services.

VMware VMC on AWS Blog Embedded Image 2022

VMware has achieved FedRAMP High Authorization through the Joint Authorization Board (JAB) for VMware Cloud on AWS GovCloud (US), VMware Carbon Black Cloud on AWS GovCloud (US) and VMware SD-WAN on AWS GovCloud (US). This certification allows Carahsoft and VMware to continue to offer state-of-the-art cybersecurity and cloud software to our government customers – which positively impacts our government’s ability to serve and protect our citizens.

Learn more about these FedRAMP Authorized offerings at the High Impact Level below!

VMware Cloud on AWS GovCloud (US)

This solution is the fastest and easiest way for VMware vSphere customers to migrate and modernize their infrastructure without the need to refactor and rearchitect existing applications.

VMware Carbon Black Cloud on AWS GovCloud (US)

Public sector customers can now deploy the modern endpoint security and advanced workload protection required to stay one step ahead of adversaries as geopolitically fueled cyberattacks increase.

VMware SD-WAN on AWS GovCloud (US)

An industry-leading, software-defined WAN solution that connects users across distributed locations safely, reliably, and efficiently to cloud-based applications, cloud services, and agency data centers – supporting a Zero Trust “anywhere workforce” for the public sector.

VMware customers from the US Department of Defense rely on FedRAMP authorizations to understand which solution offerings are best suited for their mission. Carahsoft is proud to support these missions and continues to deliver vital technological solutions to the US public sector.

Want to learn more?

Read VMware’s Press Release about their commitment to Public Sector customers
Check out Carahsoft’s VMware Resource Hub
Visit the VMware Cloud Trust Center

Connect with a dedicated VMware representative and request a quote!

IT Modernization for Campus Re-entry

Posted on by Tim Boltz

Many colleges and universities are poised to emerge from the pandemic stronger than they went in. In large part, they have used the last year to accelerate their adoption of online education where it makes sense, keeping the physical classroom time dedicated to experiential forms of learning. A theme among these institutions is the need to understand what the IT infrastructure can support and how well it’s holding up as institutional demands ebb and flow. A Campus Technology “pulse survey” among IT leaders and professionals found that while the impact of remote learning and work made their jobs harder rather than easier (by 11 percentage points), the outcomes have been worth the effort. Four times as many participants agreed than disagreed that their organization’s response to the pandemic was improving the way they deliver services to students, faculty and staff. Learn how your institution can continue to adapt IT infrastructure in Carahsoft’s Innovation in Education report.

Mastering the Art and Design of Remote Work

“On a traditional physical computing device like a workstation, PC or laptop, a GPU typically performs all the capture, encode and rendering for power complex tasks, such as 3D apps and video. NVIDIA virtual GPU technology virtualizes GPUs installed in the data center to be shared across multiple virtual machines or users. The rendering and encoding are done on the virtual machines’ host server rather than on a physical endpoint device. The basic idea is to share the GPU functionality with multiple users and give them the same experience as they’d have if they were running applications on dedicated workstations. The advantage is this: Instead of having a one-to-one connection — one GPU per computer — you get one-to-many. The physical GPU runs in a server and the vGPU software dynamically slices it up to allow multiple users to access its power (up to as many as 64 users per GPU).”

Read more insights from NVIDIA’s Senior Product Specialist, Ismet Nesicolaci.

Easier Identity and Access Management

“Single sign-on (SSO) has long been a boon for making the authentication process more efficient. Yet, because of their distributed structures, most institutions haven’t gone all the way with SSO. It may be that program control for the identity and access management (IAM) layer is maintained for some applications by central IT and for others by a given college or department. IT may lack the staff to keep up with the programming requirements and/or the sudden influx of new demand. Or the college or university may be working with other institutions, each operating autonomously even as they need to share people, programs and research data. Then there are the security aspects. While SSO makes for a centralized approach to application access, that access also poses a big risk: If a cybercriminal gets unauthorized access through the SSO, they will be able to access all of the associated applications. Embedding multi-factor authentication (MFA) into the login process adds a needed level of protection to authentication processes to keep accounts truly secure. But students are still stuck with multiple logins, and institutions have to try to keep up with a sprawling and complicated IAM system.”

Read more insights from Okta’s Senior CIAM Developer Specialist, Ryan Schaller.

Evolving with IT to Support Research

“While institutions have expressed continuing concern about wobbling tuition and ancillary dollars, one source of revenue remains healthy for higher education: COVID-19 research funded by federal and state programs. The full measure, from community colleges to Research 1s, are at the forefront of projects to develop vaccines; uncover the sources of coronavirus and its evolving replication patterns; create new initiatives for public health response; understand the impact of the virus on various populations; study the physical and mental health and learning effects of prolonged quarantine; and explore numerous other facets.. However, the heightened attention on campus research comes with a continuing challenge: how to keep up with IT infrastructure needs, typically assembled once the grant funding arrives. Since many of these recent grants are shortterm, turnaround time can be tight. In many cases, research teams are going from near-zero infrastructure to running as quickly as possible — and not just serving applications to users, but storing, processing and sharing astronomical amounts of data.”

Read more insights from Red Hat’s Chief Architect for Higher Education for the North America Public Sector, Damien Eversmann.

Your Starting Point for IT Optimization

“The university IT shop doesn’t typically head to Best Buy when it’s time to update infrastructure. Acquisitions have to go through internal planning and approval, budgeting and ordering — and it all takes time. Having visibility into usage trends enables the IT department to better plan, thereby preventing gaps in performance and operations and opening up ample time to line up the funding needed. Best-of-breed monitoring takes that a step further, pulling in information from outside sources, so the IT crew doesn’t have to wonder. SolarWinds Network Configuration Manager, for example, links up with the relevant hardware and software to notify you when a vendor has put an end-of-support notice out. If Cisco has issued an end-of-of life message for a given switch, it serves as an early indicator for you to help plan timing of replacement.”

Read more insights from SolarWinds’ Vice President of Product Strategy for Security for Compliance and Tools, Brandon Shopp.

Building the Virtualized Student Union

“The IT organization has been at the heart of successful pivoting as remote teaching and learning have dominated. As a result, now that campuses are starting to return to normalcy, administration will rely on IT to continue enabling the work of enhancing the student experience. That’s especially true if, as many experts predict, hybrid or blended learning will forevermore be part of the modernized college experience. Integration is a big part of the solution. Forget about forcing students to figure out the dozens of different apps and websites they need to fully partake of college. IT needs to integrate the learning management platform, digital content, student support services, health and wellness, esports, collaboration, campus calendar and student information — enfolding them into a virtual student union. This idea goes beyond the student portal, which has been around for a long time. What’s new is the idea of marrying systems that may be PC-based, on-premise-based and cloud-based into a single hub and then wrapping that in a blanket of security that’s transparent to the user. That becomes a game-changer for the student experience.”

Read more insights from VMware’s SLED Strategist, Herb Thompson; VP of State, Local, and Education, Doug Harvey; and Senior National Director for SLED Business Development, John Punzak.

Accelerating Student Success with AI

“As growth in undergraduate credential earning has come to a standstill over the last year, colleges and universities are seeking new ways to draw in the right candidates while also holding onto the students they have by bolstering student success efforts. Numerous institutions of higher education are finding success in strategic aspects of the academic lifecycle by embedding the use of artificial intelligence and machine learning. There are several areas where Google sees the potential for “quick wins” in student success initiatives: optimized enrollment and admission, such as automating the activities of credit transfer analysis, document analysis and personalized course planning; virtual assistance, for delivering 24/7 online tutoring and support in multiple languages answering common questions about required courses, financial aid and other topical subjects; and student engagement, like tracking engagement and predicting which students are at risk, to maximize retention.”

Read more insights from Google Cloud’s Cloud Strategic Business Executive for Higher Education and Research, Jesus Trujillo Gomez.

A Conversation with Jen Leasure

“As everything went online and was done with technology, institutions needed to invest in new solutions to support their researchers, their faculty, their students, their administration, in conducting their business — and with limited budgets. We know that everyone’s been having particular budget constraints, and they’re looking to maximize the benefits of these types of programs and their discounts. This type of program has been especially important during COVID. And remote and hybrid learning isn’t going away, as we know. It’s difficult to foresee a world where hybrid becomes an option instead of a requirement. Folks don’t like options taken away once they’re there. And so, the investment in these types of solutions is going to continue to support future directions. Cloud access especially has become important for institutions to support their students. That’s one area where we have seen a lot of growth in the last year.”

Read more insights from The Quilt’s President and CEO, Jen Leasure.

Download the full Innovation in Education report for more insights from these thought leaders and additional industry research from Campus Technology.

The Path to Future-Ready Government IT

Posted on by The Carahsoft Team

The COVID-19 pandemic has made it clear that agencies need future-ready technology systems and strategies that enable them to tackle current challenges while incorporating the ability to innovate quickly during future crises. Such strategies rely on certain core components: multi-cloud management, modern app development, 5G, artificial intelligence and new approaches to security. They lead to app development teams that have an unwavering focus on delivering mission value; fine-grained control across public, private and hybrid clouds; better protection of critical assets; and a productive, engaged workforce. Future-ready strategies are fast, scalable and cost-effective – the question is how to build them. By 2023 over 1 billion users are expected to be utilizing 5G, and 36 percent of government CIOs plan to invest more on AI in 2021 than they did in 2020. The Presidential Administration’s May 12 Executive Order on Improving the Nation’s Cybersecurity calls on agency leaders to develop plans to implement zero trust architecture. Many agencies are developing apps for the first time, or reassessing their app development approach. There’s no one way to be future-ready, but there are many considerations; read the latest insights from industry thought leaders in Carahsoft’s Innovation in Government^® report on future-ready tech.

Why 5G is More Than a Telecom Revolution

“Agencies need to generate, analyze and manage massive amounts of data to achieve success on a diverse set of mission goals. The increase in bandwidth that comes with 5G widens the data pipe between devices and platforms to give agencies a faster way to move data and therefore harvest even more valuable insights for decision-making. 5G is not just about increasing bandwidth. It is also about creating new applications and enabling new services that can help agencies maximize the value of digital transformation. That’s because 5G is an enabler and catalyst for other crucial and transformative technologies, such as augmented reality, virtual reality, industrial automation, real-time sensor-based telemetry, drone control, artificial intelligence and automation.”

Read more insights from VMware’s Senior Director, Phil Kippen, and Dell Technologies’ Lead Systems Architect, Chris Thomas.

Beyond Tools: A More Holistic Approach to Security

“To understand the challenge of a given threat or adversary, agencies need to understand the context in which they will be interacting with it. The security team must partner with the infrastructure, applications, networking, end-user and storage teams to gain those insights. Together, those experts can focus on the interactions between systems and define a view of “normal” activity. Then the agency’s IT ecosystem can react to any deviation from that standard. Fortunately, agencies don’t need to start from scratch. Many are adopting an end-to-end security model that leverages security capabilities intrinsic to the systems and solutions that are already in place to create a vision for secure agency operations. This approach allows them to connect context across environments to build a layer of control and intelligence to respond to and remediate threats. Zero trust is a key component of end-to-end security. Zero trust requires organizations to embrace the notion that their systems are already in a state of compromise.”

Read more insights from VMware’s Director of Government, Education and Healthcare Solutions Architecture, Henry Fleischmann.

How to Streamline Modern App Development

“In the commercial world, investment in modern apps is a business imperative, and the companies that focus on it attract the technology world’s best talent. In the government, modern app development is a mission imperative that encourages the use of common tools, saves time and money, enhances cybersecurity, and improves the citizen experience. Users of government software — whether they are citizens or agency employees — can become demoralized by the outmoded and onerous legacy systems that perform business or mission functions, especially when software makes every other facet of our lives easier. During my military career, I saw air operations conducted with pen and paper because manual processes were faster than using legacy software, and I know of many young military members whose decision to leave the service was heavily influenced by the lack of software capabilities on the job.”

Read more insights from VMware’s Federal Strategist, Jeremiah Sanders.

The Importance of a MultiCloud Strategy

“To control costs, improve operational efficiency and make the most of the technology, agencies should take a more holistic approach to managing clouds. Thinking holistically prompts agencies to proactively consider and plan for multiple clouds while reducing the risk and cost of managing, securing and governing them — rather than only developing skills and processes for a single cloud provider. Management tools and practices formed from a multi-cloud perspective allow agencies to focus on the entire life cycle of cloud operations. As a result, they can efficiently and effectively set up, deploy, manage and optimally run infrastructure resources and application services anywhere.”

Read more insights from VMware’s Vice President of Architecture and Engineering, Government, Education and Healthcare Sector, Ranil Dassanayaka.

Bringing AI-Powered Tech to Government

“Artificial intelligence is one of the largest technology transformations we’ve ever seen. As it becomes more widespread, AI will have an impact equivalent to that of the internet. The technology can help with the digital transformation of every facet of government. With the assistance of AI, agencies can rethink and enhance the customer experience by using a number of tools, such as natural language processing and predictive recommendations. In terms of cybersecurity, AI can quickly sift through massive amounts of data, allowing intelligence agencies to react to threats and attacks in real time. It can also improve medical care and public health, and help the government better predict the weather, understand long-range climate trends, and detect and quickly respond to natural disasters.”

Read more insights from VMware’s Director of Product Marketing, Sheldon D’Paiva, and NVIDIA’s Director of Product Marketing, Erik Pounds.

Download the full Innovation in Government® report for more insights from these government tech modernization thought leaders and additional industry research from FCW.

Teaming Up on Emerging Technologies

Posted on by The Carahsoft Team

In recent years, agencies’ growing need for IT modernization has prompted their biggest suppliers — federal systems integrators (FSIs) — to look for innovative ways to meet that need. FSIs’ deep working knowledge of government operations gives them a distinct advantage, but to provide all the expertise an agency needs on a contract, FSIs have always partnered with subcontractors. Now they are broadening their reach by seeking out cutting-edge companies that can help them develop solutions that incorporate the latest innovations in technology and strategy. Those “greater than the sum of their parts” solutions have a profound impact on agencies’ ability to meet mission-critical demands in a wide range of areas. In a recent survey of FCW readers, only 19% said they always know about the latest technologies. Adopting those technologies requires acquisition processes that are fast and flexible. 75% of respondents said their agencies rely on FSIs for complex IT projects. Many agencies are turning to agile methodologies, either on their own or with contractors, to develop and deliver solutions incrementally rather than taking years to launch a complete system. How can FSIs continue to meet these needs by partnering with innovative tech companies and small businesses? Read the latest insights from industry thought leaders in emerging technology in Carahsoft’s Innovation in Government^® report.

A Risk-Adaptive Approach to Data Security

“Protecting data in today’s heterogeneous, highly dynamic IT environments is one of the biggest cybersecurity challenges agencies face, especially now that data is potentially being stored and touched by many people, devices, apps, services and systems. That’s why a strong data protection strategy goes well beyond encryption to incorporate zero trust principles. Rapidly changing IT environments and continuously evolving cyber threats require proactive, high-performing cybersecurity solutions that can adapt on the fly and constantly answer questions about what’s happening to data in terms of who, when, where, what and how. It is essential to create a platform in which tools and analytics can be integrated quickly to respond to current threats. In other words, rather than hundreds of best-of-breed solutions stitched together, agencies require a comprehensive, integrated solution.”

Read more insights from Cloudera’s Senior Director of Global Alliances, Jenn Azzolina, and Raytheon Intelligence and Spaces’s CTO of Cybersecurity and Special Missions, Michael Daly.

Eliminating the Boundaries to Health Care

“The COVID-19 pandemic exposed the reality that our health care system is not a system at all but a series of disconnected providers who struggle to coordinate with one another and support patients on their health journeys. The first generation of health IT was not built around patients. A patient is a different person in every medical system he or she encounters; hence, continuity of care across providers is filled with barriers. The same challenges are pervasive in federal, state and local government health agencies. Even when data comes into a system in a timely manner, it’s often unstructured and cannot be reconciled with the existing record. That puts a heavier burden on doctors, who have to build their own mental model of what a particular patient needs.”

Read more insights from Perspecta’s Chief Medical Information Officer, Shane McNamee, M.D. and Red Hat’s Field CTO for Federal Health, Ben Cushing.

A Framework for Achieving Data Intelligence

“Highly adaptive adversaries confront the U.S. and its allies in every domain: air, sea, space, land and cyber. The aircraft, satellites, ships and ground vehicles that military forces operate collect an abundance of information, but processing and analyzing that amount of data can be daunting, especially given the multiple levels of security in which systems must operate. The Defense Department is pursuing a new way of warfighting based on a concept called joint all-domain operations. By synchronizing major systems and crucial data, DOD provides a complete picture of the battlespace and empowers warfighters to quickly make decisions that drive action so they can disrupt and overwhelm adversaries in seconds versus minutes when seconds really matter. There’s a new asset helping DOD and its allies realize this vision of the future battlespace: data.”

Read more insights from Collibra’s Senior Vice President for Public Sector, Aileen Black, and Lockheed Martin’s Vice President, Mike Baylor.

Partnering to Modernize the Customer Experience

“Working together allows ServiceNow and GDIT to respond to newly emerging capabilities very quickly. Because of its deep understanding of government agencies’ business operations, culture and processes, GDIT can support ServiceNow’s ability to deliver value in new ways. In one example, GDIT saw increasing demand from government customers for solutions authorized at the FedRAMP High level and helped ServiceNow meet this capability. The company now has an offering on Microsoft’s Azure cloud that has been authorized at FedRAMP High and the Defense Department’s Impact Level 5. In another example, GDIT uses insights from initiatives for large federal agencies, such as robotic process automation (RPA) solutions, to drive investments in leading-edge capabilities that have the best chance of achieving the desired outcomes.”

Read more insights from ServiceNow’s Vice President of Solution Consulting, Anto Tossounian, and GDIT’s Vice President of Federal Civilian, Brian Fogg.

Constructing a Next-Generation Data Architecture

“The conversation about data should start and stop with the mission impact and how quality data can improve decision-making and customer services. Once they have a clear understanding of their internal and external data assets — what data they have and how it can be used, along with the owners and sources of that data — agencies can progress toward intuitive AI-driven data catalogs. In addition, agencies should encourage a data-savvy culture across all layers of the organization and continually improve their data so that they can take advantage of modern applications. The volumes of government data would overwhelm any on-premises system, so moving to the cloud is essential for building a modern data architecture. However, simply lifting existing datasets into the cloud doesn’t solve the problem. People will work the way their data is organized, so rather than build data silos and create siloed workforces, agencies must combine data to empower their employees.”

Read more insights from Snowflake’s Chief Federal Technologist, Nicholas Speece, and Deloitte’s Principal of Strategy and Analytics, Vishal Kapur.

A Faster Route to Secure Cloud Adoption for DOD

“Three substantive challenges have made it difficult for Defense Department agencies to adopt cloud technology. First is the complex and lengthy procurement process to obtain cloud services. Second are the networking and security challenges to establish a cloud environment and connection. Third is the costly challenge of refactoring applications for a specific cloud environment. The partnership between DISA’s milCloud 2.0 contract, General Dynamics Information Technology (GDIT) and VMware effectively eliminates all three of these challenges. A native, on-demand milCloud 2.0 VMware environment dramatically simplifies migrations, lowers the risk of cloud adoption by eliminating the refactoring of applications and workloads, and allows users to leverage familiar VMware solutions for a consistent operating model across their enterprise.”

Read more insights from VMware’s Vice President of Federal Sales, Bill Rowan, and GDIT’s Partner Accounts Director for milCloud 2.0, Brian Whitenight.

Download the full Innovation in Government® report for more insights from these government emerging technology thought leaders and additional industry research from FCW.

Innovation in Government: Agency Best Practices: On the Road to IT Modernization

Posted on by The Carahsoft Team

A majority of government officials believe COVID-19 has accelerated their agencies’ digital transformation. Modernization affects every aspect of an agency’s IT operations and involves transforming data centers, eliminating operational silos and creating robust multi-cloud environments that improve the agility, speed and scalability of IT resources. By transforming their IT operations, agencies can boost the public’s satisfaction with government and increase employee engagement while making more effective use of taxpayer dollars. Even before the coronavirus pandemic, the government’s shifting priorities reflected this growing understanding, as in the Modernizing Government Technology Act, which was passed to help federal agencies get the money they need for ambitious modernization projects. Read the latest insights from industry thought leaders in IT modernization in Carahsoft’s Innovation in Government^® report.

The Future of Digital Transformation

“It’s essential to provide all employees with the technology tools to achieve their missions, backed with the right infrastructure. This means offering access to the resources best suited to individual user needs, making technology easy to use and maintaining security from end to end. Taking inventory of an agency’s current technology footprint and what users need to be effective is an important first step. When introducing new technology, making it easy to use enhances productivity. This includes providing necessary digital resources like virtual desktops and applications and, when possible, pre-installing apps and settings. Finally, security needs to protect the full stack — including infrastructure, virtual desktops and applications — in a way that’s resilient and automated. End-to-end security extends to decisions about the appropriate cloud environment for each workload.”

Read more insights from Dell Technologies’ Vice President of Federal Sales, Steve Septoff.

Why the Time to Modernize is Now

“A Government Accountability Office study in 2019 showed that 80% of federal agency IT budgets are spent maintaining legacy applications and systems, and that percentage has been steadily increasing. As a result, only a relatively small amount of money is available for modernization efforts. Agencies need to shift their focus because IT modernization is essential to improving mission outcomes, particularly in terms of customer and employee engagement. By modernizing and bringing data closer to frontline workers, agencies can improve interactions and outcomes. For example, studies have shown that 80% of a call center employee’s time is spent answering the same set of questions. With the help of artificial intelligence and machine learning technology, we can create chatbots and other tools that bring information right to a customer much more quickly. That approach revitalizes the agency’s relationships with customers, and it boosts satisfaction among employees because they’re not stuck doing rote tasks and can instead focus on activities that require innovation and creativity.”

Read more insights from Boomi’s Vice President of Federal, Alan Lawrence.

New Opportunities to Modernize Security

“During the coronavirus pandemic, technology has allowed us to stay connected while being socially distant and to participate in the economy without going to restaurants or retailers. It has also highlighted the need for agencies to deliver critical services even when government offices are closed to the public. Furthermore, technology has an essential role to play in helping leaders make decisions about how to manage a pandemic. With a modern IT infrastructure, the government can boost its ability to correlate data and gain critical insights into understanding who is at higher risk of contracting the disease, the most likely means of pathogen transmission, the best containment and mitigation practices, and the most effective way to do contact tracing, for example. A modern IT infrastructure is an essential tool in enabling the government to respond to current and future challenges.”

Read more insights from Secureworks’ CTO, Jon Ramsey.

The Right Approach to Secure Cloud Migration

“Cloud technology is essential to IT modernization because it enables agencies to rapidly adapt to fluctuating environments. User expectations, compliance requirements and workloads can change very quickly these days. By utilizing expert cloud managed services, agencies can accelerate their pace to stay a step ahead. In fact, a recent study from Forrester, “How Expert Managed Services Accelerate Benefits of Multicloud,” shows that the top benefits for using managed services for multicloud strategies include more time for IT staff to work on high-priority initiatives and overall faster time to value. Agencies need their applications and data to be secure as they strive to modernize their IT environments. Successful cloud deployments hinge on creating partnerships with cloud providers that are based on the tenets of trust: Security, compliance, privacy and transparency.”

Read more insights from Virtustream’s Chief Trust and Security Officer, Pritesh Parekh.

Building a Future-Ready IT Infrastructure

“Agencies are making progress in several key modernization areas, most recently in workforce mobility. Teleworking accelerated tremendously due to the pandemic. For example, the Department of Veterans Affairs increased the number of mobile devices for clinicians from about 80,000 to 220,000 in March, when the pandemic began to have an impact. Also in March, a combatant command with strict security requirements was able to shift thousands of onsite workers to remote work almost overnight. In addition to mobile devices, agency users need modern apps that are designed to run on any cloud. Many agencies are creating software factories so they can build their own applications based on containers and microservices. That approach gives agencies a tremendous amount of flexibility to add features and change their applications almost in real time — rather than the weeks, months or even years it takes to update agencies’ traditional, monolithic applications.”

Read more insights from VMware’s Senior Director of the DOD Sales Team, Michael Houlihan.

Succeeding with Software in the Modern Digital World

“It can be difficult to differentiate between true Agile software delivery and what the Defense Innovation Board (DIB) refers to as “Agile BS.” VMware Pivotal Labs uses the following four questions to measure their efforts in alignment with DIB recommendations. 1. A re you in production? Is your software accredited and available in your operational environment today? 2. Do you have user adoption? Are actual users getting operational value from your software today? 3. Who cares? Is your software capability moving the needle for the mission or business? 4. What is your cycle time? How frequently are you delivering functioning, accredited software into users’ hands?”

Read more insights from VMware‘s Directors of Strategic Programs, Mikey McCormack and Aaron Swain.

Download the full Innovation in Government® report for more insights from these IT modernization thought leaders and additional industry research from FCW.

Best of What’s New in Health and Human Services

Posted on by The Carahsoft Team

The COVID-19 pandemic is forcing dramatic modernization. Driven by urgent social distancing requirements, Health and Human Services (HHS) organizations virtualized an array of services that traditionally have been performed face-to-face, and unlike typical HHS modernization projects, these changes happened with unprecedented speed. And although these moves were made in immediate response to the COVID pandemic, they’re likely to have long-term impacts on the digital experience for HHS clients, how and where HHS staff members work, and how these organizations purchase and deploy technology. Pandemic-driven uptake of virtual work and digital services could have long-term positive impacts on HHS workforces and the clients they serve; internally, these changes could improve employee satisfaction and retention within HHS organizations. Learn the latest insights from industry thought leaders in healthcare in Carahsoft’s Innovation in Government® report.

Focusing on Outcomes that Matter

“One place that organizations get stuck is in ‘good enough.’ Unless something’s horribly broken, they stay with what works today instead of pursuing continuous improvement cycles that include customer satisfaction. Organizations that are satisfied with their current operation and their current level of service tend not to want to adopt — or can’t adopt quickly — opportunities that digital technology can offer. Change is exponentially more difficult to execute without a culture that pursues excellence in service quality. To foster a culture that responds to and embraces change, it’s important to adopt a quality approach like Lean or another continuous improvement cycle.”

Read more insights from Salesforce’s Health and Human Services Industry Executive, Rod Bremby.

Using Data to Lead Through Change

“The reality is there will never be a truly perfect dataset. Early in the pandemic, I supported agencies that knew their data wasn’t perfect, but they also knew they had to save lives. They executed without hesitation; they built analytical dashboards and evolved them as processes and data collection capabilities improved. That approach enabled them to make increasingly better, more rapid decisions. Other agencies are still working through multiple iterations to get their data and reporting just right; meanwhile they are not making data-informed decisions. This pandemic has proven that it’s the unknown questions that we discover along the way that create change and ultimately drive progress.”

Read more insights from Tableau’s Senior Manager of Solution Engineering, Anthony Young.

Virtualization: Rapid, Flexible and Cost-Effective Path to Digital Transformation

“Organizations that are most effective in modernizing their application portfolios do three things well: 1) crafting an application modernization strategy to identify what to modernize and how to do it; 2) crafting a cloud strategy to determine how to integrate cloud services into their modernization strategy; and 3) standardizing on a single platform to build, run, manage and secure applications running in a multi-cloud environment. This platform provides a single pane of glass through which organizations can develop and deploy modern container-based applications across a multicloud environment. Virtualization technologies for things like cloud load-balancing, firewalls and software-defined networking further enable organizations to integrate cloud services with their on-premises workloads while providing robust end-to-end security.”

Read more insights from VMware’s State and Local EducVMwareation Strategist, Herb Thompson.

Integrating the Continuum of Care

“Enterprise iPaaS helps integrate disparate or hybrid architectures across the continuum of care. It provides a single instance, multitenant architecture that frees organizations from having to do things like manage code versions. iPaaS also lets organizations modernize without replacing everything they currently use. They can augment and move forward to support low code, agility, and intelligence and insights. That creates a very high return on investment because organizations can focus on their business initiatives and clinical or business outcomes instead of undertaking enterprise IT projects.”

Read more insights from Dell Boomi’s Healthcare CTO Evangelist, John Reeves.

Improving Citizens’ Digital Journey Through HHS

“The two key pillars of creating exceptional digital experiences are content and data, and artificial intelligence (AI) and machine learning (ML) can help with both. Using AI and ML, organizations can automate repetitive tasks that prevent them from producing and personalizing content at scale and on every single device. For example, organizations can use the Dell Boomi Enterprise IPaaS platform to automate aspects of website design, layout and creation, as well as the conversion of PDFs to adaptive interactive forms. In terms of data, organizations can use AI to sift through volumes of data and unlock insights that help them understand customers, predict trends, monitor unusual activity and act faster.”

Read more insights from Adobe’s Health and Human Services Director, Megan Atchley.

Re-Imagining Healthcare

“Organizations can use AI and ML to look at data in its entirety and automate processes that improve the patient experience and patient care. In addition, AI and ML can help healthcare organizations understand and improve revenue cycle management and internal operations. Chatbots are another emerging technology. With the appropriate bot framework, organizations can quickly develop intelligent, automated questionnaires that patients can step through to find out whether they need a COVID test or a checkup, for example. The chatbot uses their responses to move them to the next appropriate step in the care plan. Collaboration technologies also have become more important for effective virtual visits with patients and for virtual consultations between clinicians.”

Read more insights from Microsoft’s U.S. Chief Medical Officer, Clifford Goldsmith.

Download the full Innovation in Government® report for more insights from these healthcare thought leaders and additional industry research from GovTech.

Your Guide to Mission-Driven Cybersecurity

Posted on by The Carahsoft Team

Over the years, the federal government has created a series of mandates to promote better cybersecurity practices and solutions. Today, three such mandates guide most agency efforts: the Federal Risk and Authorization Management Program (FedRAMP) for cloud security; the Continuous Diagnostics and Mitigation (CDM) program for network visibility and data security; and the Trusted Internet Connections (TIC) program for internet-based security. These mandates are increasingly seen as interlocking pieces of a larger puzzle. That puzzle is this: How can agencies create a more agile IT environment without compromising the security of their networks, systems and data? Learn more insights on how these mandates support flexible cybersecurity strategies in “Your Guide to Mission-Driven Cybersecutity”, a guide created by GovLoop and Carahsoft featuring insights from the following technology thought leaders. Continue reading →