Custom AI Without the Complexity: How Automated Fine-Tuning Accelerates Mission-Ready Models

Posted on by Shane Shaneman and Ryan Simpson

In the evolving era of generative artificial intelligence (AI), pre-packaged AI often falls short in the Public Sector. Off-the-shelf models typically lack the context needed to perform at the standards required by Government use cases, and building AI models from scratch remains too resource-intensive for most agencies.

However, a middle path has emerged powered by advancements in fine-tuning, accelerated computing and security-conscious infrastructure. This new approach enables agencies to adapt robust foundation models to mission-specific needs quickly, securely and without the traditional complexity of AI customization.

What’s changing isn’t just technology; it’s the framework for how Government thinks about AI readiness. By grounding strategy in full-stack development principles and AI lifecycle management, Public Sector AI leaders can begin moving from research to real-world impact at mission speed.

Accelerated Fine-Tuning, Engineered for Agility

Traditional approaches to AI model development often fail to transition from proof-of-concept to production. They can’t keep pace with mission timelines or infrastructure constraints. This is where automated, accelerated fine-tuning plays a transformative role.

By enabling targeted optimization of foundation models, teams can iterate quickly and cost-effectively. This significantly reduces compute requirements and accelerates iteration cycles, enabling rapid experimentation using sensitive data.

These capabilities allow Federal teams to develop and refine models using their existing infrastructure, removing a major roadblock to operational AI. When fine-tuning is seamlessly integrated with the hardware and orchestration stack, model updates are no longer bottlenecks. They become core to a continuous delivery process.

Security Built In, Not Added On

For Federal leaders, security is not negotiable. It’s foundational. AI platforms must be designed from the ground up to operate securely, not simply comply with policy.

Modern development stacks address this by combining containerized workloads, Zero Trust access control and built-in compliance with frameworks like FISMA and NIST 800-53. These capabilities allow agencies to maintain control of sensitive data while leveraging state-of-the-art model development tools.

Equally important is the ability to trace every stage of a model’s lifecycle. Visibility into data lineage and model provenance is essential for building public trust, ensuring transparency and simplifying audit and ATO processes.

Unifying the AI Lifecycle Under One Stack

The journey from raw data to mission-ready application spans preprocessing, evaluation, deployment and real-time monitoring. Without a unified platform to manage this lifecycle, Government teams face silos, drift and duplication of effort.

The most effective AI solutions deliver a full-stack environment where teams collaborate on the same infrastructure. This alignment ensures that experimentation is not only fast but replicable; models don’t need to be rebuilt for deployment, they’re ready to ship by design.

Operational continuity is especially important in Federal settings, where changes in leadership or mission can disrupt priorities. A unified lifecycle platform provides the flexibility to pivot quickly while maintaining compliance and consistency and can help overstretched teams scale AI impact without proportionally scaling headcount.

Mission-Tuned AI for Complex Government Domains

Generic models often struggle to perform in specialized domains. These challenges are amplified in Government, where datasets are often sparse, highly structured or privacy-restricted.

Fine-tuning large language models using domain-specific data is the most effective way to close this gap. When paired with synthetic data generation and tools like retrieval-augmented generation (RAG), agencies can create models that operate with high accuracy without increasing exposure to outside data sources.

These models can be deployed across diverse environments thanks to the flexibility of modern accelerated computing platforms, whether in the cloud, on premises or at the tactical edge. This portability, achieved through containerized AI microservices and optimized orchestration, is critical for Government teams.

From Exploration to Execution

The case for custom AI in Government is no longer theoretical. Advances in hardware-accelerated fine-tuning, lifecycle-integrated orchestration and secure, portable inference environments have made the once-difficult possible and practical.

The goal isn’t simply to deploy AI faster but to deploy AI that is trustworthy, domain-aware and cost-efficient, with solutions that enhance mission effectiveness without compromising governance.

As Public Sector leaders navigate tight budgets, workforce reductions and mounting oversight, platforms that streamline AI delivery can provide much-needed relief. Rather than requiring new teams or expensive retraining, agencies can scale with existing staff and systems.

This moment represents a shift from experimentation to operationalization. The agencies that act now—building their capabilities on a modernized, full-stack AI architecture—will not only realize early wins but will be best positioned to adapt to the accelerating pace of AI innovation in the years ahead.

Keep More, Store Less: The Case for Advanced Compression in Federal EDR

Posted on by Richard Verwers

How agencies can retain full-fidelity data without overspending on storage

Endpoint detection and response (EDR) depends on data. The more telemetry you collect, the more context you have to detect threats, investigate incidents and meet Federal compliance requirements.

But data volume is also the problem. Federal agencies generate massive amounts of endpoint telemetry every day. Process activity. File changes. Network connections. User behavior. Multiply that across thousands of devices and storage requirements quickly grow beyond what many teams can sustain.

Security teams often face a difficult tradeoff: retain full-fidelity data and absorb higher storage costs, or limit retention and risk losing critical visibility.

That tradeoff is no longer necessary. Advanced data compression changes the economics of endpoint visibility. Agencies can retain unfiltered telemetry for extended periods without expanding storage budgets or adding operational complexity.

The Visibility–Storage Tradeoff is No Longer Sustainable

Federal cybersecurity requirements continue to raise the bar for telemetry collection and retention. Agencies must support Zero Trust initiatives, continuous monitoring programs and audit readiness. Modernization efforts increase the number of connected endpoints, including cloud workloads, remote systems and contractor-managed devices. Each new endpoint expands the telemetry footprint.

At the same time, budgets remain under scrutiny. Storage infrastructure must compete with other mission priorities and security leaders must justify every dollar. When storage costs climb, teams often respond in predictable ways:

Reduce retention windows
Sample or filter telemetry
Drop lower-priority event types
Offload data to external archives that are difficult to query

Each of these approaches creates blind spots. Shorter retention windows limit historical investigations and filtered data weakens threat hunting while fragmented storage slows response times.

In a threat context where adversaries can dwell quietly for months, incomplete data is a liability. Agencies need a way to collect and retain comprehensive telemetry without creating unsustainable storage growth.

Compression-First Architectures Improve Data Retention

Traditional security platforms treat compression as an afterthought. Data is collected at scale, stored in raw or lightly optimized formats and compressed later in the pipeline. By then, infrastructure costs are already locked in.

A compression-first architecture takes a different approach. Advanced compression techniques reduce data size at ingest. Telemetry is optimized as it enters the platform, not after it has consumed storage resources. The result is a significantly smaller storage footprint without sacrificing fidelity. For Federal security operations centers (SOCs), this shift has meaningful impact:

Longer retention without higher cost – Agencies can retain 180 days or more of full-fidelity telemetry while remaining within budget constraints.
Unfiltered visibility – Teams do not need to decide in advance which data might matter later. They can keep it all.
Faster investigations – Optimized storage enables efficient querying across large datasets, supporting threat hunting and incident response.
Simplified architecture – Native compression reduces the need for external storage tiers or complex archival systems.

Instead of managing tradeoffs, security teams regain flexibility.

Full-Fidelity Data Supports Compliance and Zero Trust

Federal mandates increasingly require measurable security maturity. Continuous monitoring, device-level visibility and documented audit trails are central to that effort, and retention depth matters.

When agencies can access complete endpoint histories, they strengthen their ability to:

Validate Zero Trust controls within the device pillar
Reconstruct events during forensic investigations
Demonstrate compliance with evolving Federal security requirements
Support reporting obligations tied to vulnerability and risk management

Short retention windows make it harder to answer fundamental questions: When did this behavior begin? Was lateral movement attempted? Did similar activity occur on other systems?

With compressed full-fidelity data, those questions become easier to answer and teams can look back months, not days. This level of historical visibility supports stronger analytics, more informed risk decisions and more defensible reporting.

Cost Efficiency Matters Under Federal Scrutiny

Every Federal technology investment must demonstrate operational value. Advanced compression directly addresses cost concerns in several ways:

Reduces total storage consumption
Delays or eliminates additional infrastructure purchases
Lowers operational overhead tied to managing multiple storage systems
Minimizes data movement between tiers

At the same time, it strengthens the overall security posture by preserving data that might otherwise be discarded. This combination of efficiency and depth is particularly important for agencies balancing modernization initiatives with budget discipline.

Security cannot become a cost center that expands without limit. It must scale responsibly. Compression-first EDR architecture supports that balance.

The Federal security community no longer needs to accept a compromise between cost and visibility. Advanced data compression enables agencies to:

Collect unfiltered endpoint telemetry
Retain data for extended periods
Support Zero Trust maturity
Strengthen investigative capabilities
Maintain fiscal discipline

As agencies define the next standard for Federal EDR, data strategy must be part of the conversation. Retention, accessibility and efficiency determine whether telemetry delivers long-term value.

Carbon Black and Carahsoft help Federal agencies adopt a compression-first approach to endpoint detection and response, so teams can keep more data, store less and operate with confidence.

Contact us to learn how your agency can adopt a compression-first approach to endpoint visibility while staying within budget.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Endpoint Detection and Response (EDR) and Federal Cybersecurity Mandates

Posted on by Craig Picken and Elizabeth Schultheisz

Federal cybersecurity mandates are constantly evolving to keep pace with a rapidly changing technological ecosystem, focusing primarily on visibility and record-keeping within software architecture. Endpoint Detection and Response (EDR) remains a steadfast and reliable investigative tool, tracking, alerting to and aiding resolution of suspicious endpoint activity across an agency’s siloed infrastructure.

“Never Trust, Always Verify” With EDR

As malicious actors’ methods and priorities shift the Federal Government’s must evolve as well. Current cybersecurity mandates emphasize a Zero Trust approach, focusing on verifying all end users and devices in near real-time. These mandates should be considered the minimum requirement for an agency’s cybersecurity posture. Agencies should deploy multiple verification and prevention technologies to secure those endpoints.

An effective EDR solution can quickly distinguish between normal and anomalous activity in Federal endpoints. Its continuous monitoring is critical for rapidly assessing a threat before sensitive information can be stolen and leaked. Cyber attackers use sophisticated techniques, including artificial intelligence (AI) to gain an advantage. With EDR, Security Operations Center (SOC) analysts can forensically examine the chain of events and not only resolve an issue but proactively set up safeguards to prevent future incidents.

As the threat landscape evolves, it is important not to get caught up in buzzwords such as “modern” EDR. Typically “modern” means that the solution requires cloud connectivity, which can leave crucial blind spots in areas including air-gapped, limited connectivity or other disadvantaged environments. While new EDR capabilities are always being developed, the fundamental aspects have always remained the same. Visibility, as always, is the most crucial of all. An effective EDR solution is feature-rich, mature and can monitor in diverse environments.

Carbon Black EDR: Visibility on All Fronts

Regarding Public Sector cybersecurity, the primary objective is to protect the entire environment, from air-gapped and cloud environments to end-of-life operating systems. As the founders of EDR, Carbon Black offers a mature solution that can be configured to alert SOC teams to previously unknown, potentially interesting activity. By using open Application Programming Interfaces (APIs), agencies can retain total data sovereignty and pass it off to Security Information and Event Management (SIEM) systems.

Carbon Black EDR offers a full lifecycle cybersecurity solution. The solution proactively and continuously monitors all endpoints and is compatible with multiple integrations. Through watchlists, threat intelligence and other methods, Carbon Black EDR detects anomalous or malicious activity and helps SOC analysts respond through various means. SOC teams can also visualize the progression of the attack through diagrams or timelines. This customizable threat intelligence allows Carbon Black EDR to be a well-rounded solution for any agency looking to align with Federal cybersecurity mandates.

A mature, effective EDR solution always has endpoint activity awareness at the forefront, giving SOC analysts unparalleled visibility into their environment. This focus is crucial, as Federal mandates continue to focus on a Zero Trust approach to cyber security. Increasing your endpoint visibility through EDR not only improves reaction time during a crisis incident but allows SOC teams to proactively prevent future cyberattacks.

Want to learn more about how Carbon Black EDR enhances your endpoint visibility? Contact our Broadcom team at Broadcom@carahsoft.com or visit our website.

Top 10 Zero Trust Events for Government in 2026

Posted on by Alex Whitworth

As cyber threats grow more sophisticated and perimeter-based security models become increasingly obsolete, Zero Trust Architecture (ZTA) has emerged as the foundation of modern cybersecurity strategy. From identity-centric access controls to continuous validation and application-level segmentation, Zero Trust principles are transforming how agencies protect sensitive data, secure hybrid environments and defend against advanced persistent threats. Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, supports Federal, State and Local agencies in their journeys through partnerships with leading Zero Trust solution providers. The following events represent opportunities to gain actionable insights, connect with industry experts and explore technologies that accelerate Zero Trust maturity across the Public Sector.

ATARC’s Cybersecurity Futures: Built on Zero Trust Summit – Part I

February 26, 2026 | Reston, VA | In-Person Event

The Advanced Technology Academic Research Center’s (ATARC) Cybersecurity Futures: Built on Zero Trust Summit delivers a comprehensive exploration of Zero Trust operationalization for Federal professionals. This intensive one-day event addresses the practical challenges agencies face when implementing Zero Trust across both legacy and modern systems, featuring expert guidance on artificial intelligence (AI)-enabled threat detection, workforce development and policy evolution. Participants will engage directly with Public Sector decision makers and top industry partners to explore topics such as real-world applications, frameworks and proactive resilience.

Sessions to look out for:

“Zero Trust Beyond Compliance” – This panel examines how agencies can move past basic compliance approaches to build resilient, adaptive ZTAs that address legacy system modernization and robust data protection strategies.

“Next‑Gen Threats, Next‑Gen Defenses: The Tech‑Cybersecurity Equation” – Experts from Massachusetts Institute of Technology (MIT) Lincoln Laboratory and the Department of War’s (DoW) Chief Digital and AI Office explore how AI and automation are reshaping advanced threats and defensive capabilities that can reduce incident response timelines by up to 40%.

Carahsoft is proud to co-host this Summit at our Conference & Collaboration Center, alongside ATARC, NextGov/FCW and Washington Technology, demonstrating our ongoing commitment to advancing Zero Trust adoption across the Federal Government. Throughout the day, our team will be available to connect Government professionals with the resources, expertise and solutions needed to successfully implement ZTAs that protect mission-critical operations. We will showcase Zero Trust innovations in our pavilion and are offering 12 unique sponsorships opportunities for our vendor partners, including panel participation, technology showcases and more!

CyberSmart 2026 – The Two Edges of AI’s Sword

April 9, 2026 | Reston, VA | In-Person Event

FedInsider’s CyberSmart 2026 examines how AI is reshaping the cybersecurity landscape for Federal and State agencies. This half-day event will feature expert-led discussions on balancing AI’s defensive power with its potential for exploitation and applying Zero Trust principles across software supply chains and critical infrastructure. Designed for cybersecurity leaders, attendees can engage and network with peers, participating in strategic conversations on balancing innovation with security mandates.

Sessions to look out for:

“The Intersection of AI and Cyber (and Cyber Defense)” – This session analyzes how AI is revolutionizing cyber warfare tactics, examining both its potential to enhance agency defenses and its exploitation by adversaries.

“Zero Trust and Supply Chain Security Belong Together” – Participants will explore strategies for embedding Zero Trust frameworks into software supply chain risk management.

Hosted at the Carahsoft Conference & Collaboration Center, this summit is co-organized by Carahsoft and FedInsider. Recognizing the importance of balancing AI innovation with security frameworks, the event will center around critical discussions on Zero Trust, OT protection and AI-risk mitigation. CyberSmart 2026 reinforces Carahsoft’s dedication to helping Government agencies navigate the dual opportunities and risks presented by AI in cybersecurity by connecting them with proven solutions and strategic guidance.

GovCIO CyberScape Summit

April 16, 2026 | Arlington, VA | In-Person Event

GovCIO’s CyberScape Summit assembles Federal and industry cybersecurity leaders to address top priorities in defending against sophisticated threats. The 2026 program emphasizes emerging solutions in AI, Zero Trust and identity, cloud and supply chain security, critical infrastructure protection, data security and incident response capabilities. Held at the Renaissance Arlington Capital View, this one-day event offers attendees the opportunity to engage with experts on strategies for building cyber resilience across Federal missions.

Sessions to look out for:

“Advancing Identity Management and Zero Trust” – This dedicated session examines how to strengthen identity management and implement ZTAs that secure access points and reduce organizational risk.

“Securing Critical Infrastructure” – While infrastructure-focused, this session will address Zero Trust principles as agencies work to protect essential systems from increasingly sophisticated threats.

Carahsoft is partnering with GovCIO for the CyberScape Summit, facilitating conversations to aid Federal agencies as they strengthen their cybersecurity posture through Zero Trust and identity management strategies. As The Trusted Government IT Solutions Provider®, Carahsoft provides agencies with expertise, resources and proven technologies needed to advance Zero Trust maturity and meet Federal compliance requirements. Our team will be present throughout the Summit to offer guidance and insights on how to turn Zero Trust principles into actionable implementation strategies.

DGI 2026 Virtual Workshop – Zero Trust in Practice: Lessons from Public-Private Frontlines

April 23, 2026 | Virtual Event

The Digital Government Institute’s (DGI) Zero Trust in Practice workshop convenes Public and Private Sector leaders to share Zero Trust implementation strategies and lessons from real‑world deployments. This focused two-hour virtual session emphasizes operational approaches to securing hybrid environments, protecting sensitive data and reducing attack surfaces through continuous validation and application‑level segmentation. The program highlights recent guidance from the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Architecture Implementation Report and provides agencies with maturity benchmarks for assessing their Zero Trust progress. This workshop is part of DGI’s mission to deliver in‑depth education for Government IT.

Sessions to look out for:

“CISA’s Zero Trust Architecture Implementation Report: What It Means for Your Roadmap” – This session translates the latest CISA guidance into actionable takeaways, helping agencies align their initiatives with established implementation benchmarks and maturity measures.

“Operationalizing Zero Trust Across Hybrid & Application Layers”– Practitioners share proven strategies for continuous validation and application‑level segmentation, drawing from frontline implementation experiences across Government and industry.

Carahsoft actively supports the Federal Zero Trust community and is partnering with DGI for the 2026 Zero Trust in Practice workshop, helping to facilitate meaningful knowledge exchange between Government professionals and industry experts. Our team will provide attendees with insights on aligning Zero Trust strategies to National Institute of Standards and Technology (NIST), DoW and CISA frameworks. By bringing together Public and Private Sector perspectives, Carahsoft is fostering a collaborative environment where Government professionals can gain actionable takeaways to advance their agency’s Zero Trust maturity.

AFCEA TechNet Cyber

June 2-4, 2026 | Baltimore, MD | In-Person Event

TechNet Cyber, held at the Baltimore Convention Center, is AFCEA International’s premier cybersecurity summit and tradeshow. Drawing more than 5,000 defense, military and Federal IT professionals, the event focuses on persistent and advanced cyber threats. This three-day forum brings together leadership from U.S. Cyber Command (USCYBERCOM), the Defense Information Systems Agency (DISA), the DoW Chief Information Officer (CIO), industry and academics to explore strategic architectures, cyber operations, policy and joint capabilities essential for national defense. Attendees can engage in expert-led panels, keynote addresses and innovation showcases focused on AI, DevSecOps, network defense and ZTA.

Attendees can expect:

Zero Trust to be a key focus throughout the event, based on AFCEA’s continued emphasis on secure architectures and identity-driven defense strategies.

Carahsoft will support the defense and intelligence community at TechNet Cyber 2026 by hosting a Partner Pavilion, providing personalized consultations, sharing implementation success stories and helping attendees identify practical pathways to enhance their agency’s cyber defense capabilities in alignment with the DoW’s Zero Trust strategy. Join Carahsoft and our partners at this year’s event to be a part of the innovative path forward!

930gov – Mission-Enabled Modern Technology Forum

July 28, 2026 | Washington, D.C. | In-Person Event

The Digital Government Institute’s (DGI) flagship 930gov conference brings together Government IT professionals and industry innovators at the Walter E. Washington Convention Center for their 14^th annual gathering. Strategically scheduled near fiscal year end, the event features over 50 exhibits and programming across five solution tracks: Records Management, EA/Mission Enablement, Artificial Intelligence and Data Management. and Cyber/Zero Trust. This format enables agencies to align mission objectives with technology investments while connecting directly with decision makers, subject matter experts (SMEs) and actionable content developed by an educational advisory committee. As the longest‑running multi‑sponsored technology forum for the D.C. Public Sector, 930gov provides unparalleled access to solutions and expertise.

Sessions to look out for:

Cyber/Zero Trust Track: “Operationalizing ZT Across Agencies” – Sessions will address implementing Zero Trust aligned with NIST and CISA guidance, integrating identity, data and application‑level segmentation and documenting lessons learned from Government rollouts.

EA/Mission Enablement Track: “Enterprise Architecture for AI & Mission Outcomes” – This track examines how enterprise architecture drives innovation, enables AI and machine learning (ML) capabilities and helps agencies transition from process‑orientation to results‑driven cultures.

Committed to helping Federal agencies navigate the intersection of cybersecurity, Zero Trust and emerging technologies, Carahsoft actively supports and promotes 930gov. As Government agencies face pressure to modernize while maintaining robust security postures, Carahsoft is aiding them in finding strategic insights, proven frameworks and expert guidance needed to align technology investments with mission objectives. Our team will be facilitating meaningful conversations across all five tracks, with a particular focus on Zero Trust principles and AI strategies.

Billington CyberSecurity Summit 2026

September 8-10, 2026 | Washington, D.C. | In-Person Event

The 17th Annual Billington CyberSecurity Summit is a gathering of Federal, State, Local and industry cybersecurity leaders at the Walter E. Washington Convention Center. Drawing over 2,500 attendees and featuring 200+ speakers across 40+ sessions and breakout discussions, the summit addresses today’s most critical cyber threats, policy developments and defense innovations. The comprehensive agenda explores AI, secure architectures and emerging cyber trends through plenary keynotes, leadership luncheons and interactive receptions. More than 100 vendor booths will showcase cutting-edge cybersecurity solutions.

Attendees can expect breakout tracks and panel sessions exploring:

identity-centric defense

threat intelligence

resilience strategies

Carahsoft is looking forward to sponsoring this year’s Billington CyberSecurity Summit and will host a booth to engage with attendees in meaningful discussions and share insights from across the Federal landscape. We will also be hosting a large partner pavilion where attendees can explore proven solutions and receive strategic guidance on how to implement ZTAs that protect mission-critical operations. Check back for more details closer to the event!

GovCIO Federal Cloud & Data Forum 2026

October 8, 2026 | Washington, D.C. | In-Person Event

GovCIO’s Federal Cloud & Data Forum addresses the critical intersection of secure cloud adoption, data modernization and Zero Trust integration for Federal IT and cybersecurity professionals. This one-day forum will examine how agencies can leverage cloud technologies while maintaining compliance with Federal mandates such as Executive Order (EO) 14028 and Office of Management and Budget (OMB) Memorandum 22-09. Attendees will explore strategies for securing multicloud architectures, implementing effective data governance and harnessing AI-driven analytics, all essential components for achieving mission success in today’s complex threat landscape.

Past sessions covered topics such as:

Applying Zero Trust principles in cloud environments to secure hybrid and multicloud architectures.

Leveraging data modernization and AI to enhance decision-making and mission outcomes.

Carahsoft is proud to partner with GovCIO for the Federal Cloud & Data Forum, supporting Federal agencies as they navigate the complexities of secure cloud adoption Zero Trust implementation. We will showcase leading solutions from our vendors that help agencies accelerate their cloud journey while maintaining compliance with Federal cybersecurity frameworks. By participating in the Forum, Carahsoft positions itself to better serve the Federal community in its efforts to modernize infrastructure while protecting sensitive data and mission goals.

ATARC’s Public Sector Zero Trust Summit – Part II

November 19, 2026 | Reston, VA | In-Person Event

The second installment of ATARC’s Public Sector Zero Trust Summit extends the conversation on implementing Zero Trust frameworks across Federal, State and Local agencies. This event convenes Government and industry leaders to address practical implementation strategies, legacy modernization challenges and the integration of emerging technologies like AI and automation into ZTAs. Attendees will benefit from thought leadership sessions, networking opportunities and actionable insights aligned with Federal mandates and CISA guidance on Zero Trust maturity.

Past sessions covered topics such as:

Zero Trust Implementation Strategies for Public Sector Environments

Cross-Agency Collaboration and Lessons from Real-World Deployments

Carahsoft is proud to support ATARC’s Zero Trust initiatives and will sponsor the November summit, continuing our year-round commitment to helping Federal agencies advance their Zero Trust maturity through every stage of implementation. We will showcase leading solutions from our vendor ecosystem, connecting agencies with the resources and expertise needed to accelerate their journey towards comprehensive Zero Trust adoption.

2026 Cyber Leaders Exchange

TBD 2026 | Virtual Event

The Cyber Leaders Exchange serves as a premier forum for Federal cybersecurity executives and industry leaders to collaborate on strategies for defending against evolving threats and implementing Zero Trust across Government networks. The event has historically featured keynote presentations, expert panel discussions and networking opportunities centered on identity management, secure cloud adoption and compliance with Federal cybersecurity mandates. Attendees can expect actionable insights on operationalizing Zero Trust principles and leveraging emerging technologies to strengthen cyber resilience across agency missions.

Carahsoft is partnering with Cyber Leaders Exchange again this year for the 2026 Cyber Leaders Exchange, supporting discussions on Zero Trust and cybersecurity modernization. We will engage with attendees throughout the event to share proven strategies, discuss lessons learned from real-world implementations and help agencies identify actionable approaches to strengthening their cybersecurity posture. Our team will showcase solutions from our vendors that accelerate Zero Trust adoption and meet Government compliance requirements. Check back for more details on this critical virtual forum!

This lineup of 2026 events reflects the urgency of adopting Zero Trust in order to protect the critical assets, sensitive data and national security interests that exist in Government networks. These events offer professionals opportunities to learn from pioneering implementations, connect with solution providers and accelerate their own Zero Trust journeys. Carahsoft remains committed to supporting agencies at every stage of Zero Trust maturity through our comprehensive portfolio of vendor-leading solutions. Join us at the events above to explore how we can help your organization achieve Zero Trust objectives, strengthen cyber resilience and maintain compliance with Federal mandates.

To learn more or get involved in any of the above events, please contact our team at ZeroTrustMarketing@Carahsoft.com.

For more information on Carahsoft and our industry-leading Zero Trust technology partners, visit our Zero Trust solutions portfolio.

Securing Air-Gapped and Classified Environments: The Importance of Customized Endpoint Protection

Posted on by Garrett Lee

Military and intelligence agencies manage extremely sensitive information, and their missions often require them to operate in high-risk environments where even the slightest breach of security or sensitive data exposure means disastrous results to the mission and to national security. Their most vital networks are air-gapped—disconnected from the internet—so cloud-native security tools cannot secure these sensitive assets.

There is a myriad of reasons organizations choose to air-gap their systems. To effectively secure classified networks, weapons systems, tactical field systems and critical infrastructure, agencies are faced with the challenge of building and maintaining a security strategy involving endpoint, network and data security defenses that can deliver strong cyber command and control without relying on internet connectivity.

No Single Strategy is 100% Attack Proof

Physically or logically isolating networks into air-gapped networks is a sound security strategy that defense, intelligence and civilian agencies employ to prevent access to sensitive or classified systems and operations. Yet their isolation alone is not enough to ensure air-tight security.

While air-gapping does reduce remote risk, it is not exactly immune to cyber risk. Air-gapped environments are designed to block external adversaries by isolating networks from the internet or a broader enterprise. But that isolation inevitably shifts risk toward the people who do have access—admins, operators, contractors, maintenance staff and trusted vendors. By eliminating one problem, there is often an unintended consequence of risk—by blocking outsiders, threat likelihood from insiders becomes concentrated.

In most air-gapped environments, a small set of users has elevated access. Patching and updates are slow, and monitoring is limited or entirely local to the air-gapped network. Due to the isolation of the systems, physical presence is required, increasing insider impact. This makes insiders the most capable attack vector—whether through malicious or simply negligent behavior.

Air-gapped environments make heavy use of Universal Serial Bus (USB), compact disks (CDs), digital versatile disks (DVDs), portable Solid-State Drives (SSDs) and sneakernet to move data from system to system, and to apply updates and patches. This offers the opportunity for tampering, and these environments often lack the continuous monitoring needed to spot and stop these risks, resulting in threat detection gaps and delays. A mature data protection strategy is vital in air-gapped environments to thwart insider threats.

Because air gapped systems rely entirely on local security measures, organizations must build layered, robust defenses to secure classified and sensitive assets. Local protection is everything, and for high-risk agencies that means monitoring and securing every single endpoint.

How Endpoint Protection Fills the Gaps

Endpoint protection is a broad term describing technology and strategies used to secure end-user devices, such as laptops, computers and mobile devices. Since these devices get the most direct human interaction while housing vital data, they are exceptionally vulnerable to cyberattacks, even in air-gapped networks. To avoid critical breaches, security operators must be able to detect, prevent and respond to threats on each endpoint device in any given environment, especially when they interact with classified data.

Many organizations are turning to cloud-native endpoint security solutions that depend upon cloud-based machine learning for anomaly detection. While these endpoint security tools may be suitable for some systems and some environments, they depend on the cloud to function so they cannot operate in disconnected or air-gapped environments. This opens security gaps, leaving devices vulnerable to cyberattacks and insider threats. Security teams can solve this problem by investing in endpoint protection approaches that are well-suited to air-gapped environments, enabling the visibility and control necessary to safeguard these critical systems.

The Benefits of Customizable Endpoint Protection

The ability to tailor security for nuanced policy control and security monitoring—including specific configurations for user roles, device types or classification levels—is crucial to ensure a strong security posture. Endpoint security solutions must also be established independently from the cloud, to run behavioral analytics even in fully isolated network enclaves.

When a threat occurs, detailed information is vital to protecting high-value assets, and robust air-gapped endpoint security systems enable rapid identification and threat mitigation while providing analysts with forensic data for investigation. This critical context also informs refinements to tailor and optimize the security approach for the environment’s unique mission.

Implementing a Zero Trust approach is still vital to reducing threats to air-gapped environments, just as it is in internet-facing networks. Hardening systems by ensuring only trusted software can execute enables the mission but not an attacker.

Safeguarding the data from insider threats is another important element of a mature air-gapped security operation. Data Loss Prevention (DLP) offers an important countermeasure against cybersecurity risk in air-gapped environments and allows security teams the ability to ensure that organizational data is appropriately controlled.

Two Industry Leaders, One Unbreakable Line of Defense

Defense and intelligence agencies cannot afford to leave gaps from security tooling that is unsuitable to defend disconnected networks and endpoints. They need an endpoint security suite built for their world—one that delivers advanced security capabilities to offline, high-stakes and mission critical IT systems. Symantec and Carbon Black deliver exactly that: proven protection designed for Federal environments.

Both solutions are purpose-built for Government, but each brings its own strengths to the field:

Symantec delivers powerful static and dynamic malware analysis, plus built-in USB device management to automatically flag and quarantine malicious media. Symantec also offers an industry-leading DLP solution well-suited to air-gapped environments where ensuring data is properly safeguarded is mission-critical.
Carbon Black provides deep behavioral detection and advanced Endpoint Detection and Response (EDR), capturing forensic logs, watchlists tuned to the unique environment and analytics to support detailed investigations. Carbon Black also enables organizations to establish a positive security model with policy-based governance to ensure their systems only execute trusted software and use only allowed removable media devices.

Joined together, renowned brands Symantec and Carbon Black offer proven, mature solutions to safeguard air-gapped environments and data by providing visibility to identify threats and streamline investigations and protection policies to neutralize threats. Their combined detection and granular visibility close the gaps left by cloud-reliant platforms—especially necessary in disconnected air-gapped and bandwidth-constrained environments—giving agencies the command and control they need to stop threats before they compromise the mission.

Watch the expert webinar to hear how Department of War guest speakers are addressing their endpoint security gaps.

Can’t get enough? Download NextGov/FCW’s latest article for deeper insights on the fight to secure air-gapped environments.

Securing Federal Access: How Identity Visibility Drives Zero Trust Success

Posted on by David Faulk, Kevin E. Greene and Brent Hansen

Federal agencies face mounting pressure to implement Zero Trust frameworks but often struggle with where to begin. The answer lies in understanding identity telemetry, the insights into who has access to what and how threat actors exploit identities to gain privilege and maintain persistence. Because threat actors increasingly steal credentials and pose as legitimate users, Federal agencies can no longer rely solely on detection tools that trigger alarms after attacks succeed. This shift demands a new approach to Zero Trust, one beginning with comprehensive visibility into the identity attack surface before implementing controls.

From Detection to Prevention

Federal agencies have historically relied on detection-based security tools like Endpoint, Detection and Response (EDR) and Extended Detection and Response (XDR) solutions to detect malicious activity. While still valuable, these reactive tools are inadequate as adversaries are compromising both human and non-human credentials, operating for extended periods. Using legitimate credentials, threat actors gain persistent access and escalate permissions while evading detection.

The missing component is proactive threat hunting that maps potential identity exposure before they are exploited. This requires aggregating identity data across the entire IT environment and analyzing how threat actors could leverage poor identity hygiene such as overprivileged accounts, insecure Virtual Private Networks (VPNs), exposed passwords and secrets, blind spots in third-party access and dormant identities to gain access to critical assets and data. Zero Trust relies on knowing exactly how identities function across the environment; without this visibility, agencies are essentially enforcing Zero Trust policies blindly and wasting time and money by not investing in protection capabilities that are resilient against cyberattacks. Identity telemetry should guide agencies in building proactive identity and mature Zero Trust capabilities.

The Fragmented Identity Visibility Problem

Federal environments span on-prem Active Directory (AD), multicloud environments, federated identity providers and numerous Software-as-a-Service (SaaS) applications, causing confusion, overlap and complex interactions across these different environments that are difficult to track, limiting end-to-end visibility of hidden attack paths for lateral movement and escalation.

These “unknown trust relationships” or “paths to privilege” stem from:

Identity provider misconfigurations replicating over-permissive access
Nested group memberships granting indirect privileges
Federation relationships enabling cross-domain escalation
Generic “all access” group rights elevating unprivileged users

These exposures exist between siloed systems and provide entry points for threat actors. Addressing this requires aggregating identity data, mapping cross-domain relationships and calculating the human, non-human and AI based identities. This exposes blind spots and transforms an unknowable attack surface into a manageable identity landscape.

True Privilege Calculation

Traditional privilege assessments focus on group membership and cloud role assignments but miss factors like nested groups, cloud application ownership, misconfigured identity providers and federation pathways. These elements often elevate an identity’s privilege far beyond what surface-level audits reveal.

BeyondTrust, Securing Federal Access blog, embedded image, 2025

True privilege calculation measures an identity’s effective and actual privilege across all connected systems and domains, including relationships, configurations and escalation pathways. For example, an identity that appears low-privileged in AD may federate into Identity and Access Management (IAM) roles and elevate its privilege. This visibility supports key Zero Trust decisions, such as:

What access should be continuously verified
Gaps in least privilege enforcement
Which accounts are most likely to be targeted
Where to place micro-segmentation boundaries

Given the scale and complexity of modern Federal environments, manual calculation is impossible. Automated solutions must continuously analyze permissions, relationships and identity provider configurations while mapping escalation paths. True privilege calculation transforms Zero Trust from theory into actionable strategy that goes from implementation to Zero Trust maturity.

Critical Attack Vectors

Dormant privileged accounts, often left active after personnel departures or reorganizations, retain elevated permissions long after their use ends. Threat actors frequently identify and reactivate these accounts to move laterally and maintain persistence using legitimate credentials. Effective identity hygiene requires:

Continuous monitoring of new dormant accounts
Cleanup of existing dormant or misconfigured accounts and standing privilege
Behavioral detection to flag unusual privilege escalation attempts or unexpected activity

Identity security cannot be a point-in-time exercise. Without visibility and a proactive approach, configurations drift and dormant accounts accumulate. Agencies must continuously identify dormant privileged accounts and immediately investigate if they suddenly become active, one of the strongest indicators of compromise. Continuous visibility transforms identity hygiene from a reactive alert-based approach to actionable telemetry for proactive threat hunting around current and known attack risk.

The Expanding Identity Attack Surface

The identity attack surface extends far beyond human users to service principals, cloud workloads, Application Programming Interface (API) credentials and automated systems, collectively known as “non-human identities.” These accounts often have elevated privileges but lack safeguards like password rotation, Multi-Factor Authentication (MFA) or behavioral analytics, creating significant security gaps.

Agentic AI introduces new challenges. Unlike traditional service accounts, AI agents act autonomously based on their instructions, tools and knowledge sources. A seemingly low-privilege agent could escalate privileges by interacting with other agents, creating complex escalation chains. Understanding an AI agent’s effective capability, not just its assigned permissions, is essential.

AI and non-human identity risks come from interconnected relationships. An AI agent running as a cloud workload may access secrets, interact with privileged systems or execute commands across domains. True privilege calculation for these entities requires mapping downstream actions they could initiate. Federal agencies need governance designed for non-human identities and AI agents, including:

True privilege calculation of escalation paths
Comprehensive inventory across all systems
Monitoring of potential blast radius as AI adoption accelerates
Context and knowledge of AI use and where agents are being deployed
Visibility into AI agent instructions, tools and knowledge sources

Investing in identity visibility now prepares agencies for emerging challenges as AI adoption becomes more prevalent.

Federal agencies must secure hybrid environments against adversaries who exploit identities rather than technical vulnerabilities. The path forward requires shifting from reactive detection to proactive threat hunting, eliminating fragmented visibility, measuring true privilege across all domains, maintaining continuous identity hygiene and extending visibility to non-human identities and agentic AI. Identity telemetry provides the data foundation needed for Zero Trust maturity, showing agencies where and how to strengthen their security posture.

Discover how comprehensive identity visibility drives Zero Trust maturity by watching BeyondTrust and Optiv+Clearshark’s webinar, “Securing Federal Access: Identity Security Insights for a Zero Trust Future.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including BeyondTrust, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Data Silos to Life-Saving Decisions: How Technology is Transforming Healthcare Delivery

Posted on by Tim Boltz

Healthcare organizations continuously navigate complex challenges as patient demand grows. Imaging volumes are rising faster than radiology capacity can scale. Public health agencies manage vast amounts of data across disconnected systems. Administrative tasks consume time that healthcare staff would rather spend on patient care.

These operational realities create opportunities for technology to make a meaningful difference. Leading healthcare organizations are already transforming these challenges into improved outcomes through strategic technology deployments enabled by streamlined procurement.

As The Trusted IT Solutions Provider for the Healthcare Industry™, Carahsoft offers a robust portfolio of healthcare technology solutions that make positive changes in the quality, safety and effectiveness of healthcare delivery systems. Streamlined procurement is available through Carahsoft’s reseller partners and numerous contract vehicles including GSA Schedule, NASPO ValuePoint, E&I Cooperative Services and The Quilt.

Key Takeaways:

AI diagnostics improve radiology efficiently by up to 40% addressing the looming shortage of 42,000 radiologists by 2033.
Unified data platforms enable more than 80% of emergency departments to share real-time data with the CDC.
Automated workflows cut processing times by 50%, freeing staff for patient care.
Zero Trust security protects patient data while enabling hybrid cloud operations.
Streamlined procurement accelerates deployment from months to weeks.

AI-Powered Diagnostics: Addressing the Radiology Crisis

By 2023 the U.S. faces a shortage of up to 42,000 radiologists as imaging volumes rise 5% annually while residency positions increase just 2%.

At Northwestern Medicine, Dr. Mozziyar Etemadi, Clinical Director of Advanced Technologies, deployed a generative AI solution with Dell Technologies and NVIDIA that analyzes chest X-rays and generates draft reports instantaneously. Results: radiology efficiency improved by up to 40% without compromising diagnostic accuracy. The system flagged unexpected pneumothorax cases with 72.7% sensitivity and 99.9% specificity – lifesaving in emergency settings.

The technology runs on Dell PowerEdge XE9680 servers with NVIDIA H100 GPUs, deployed on premises to maintain HIPAA compliance. Northwestern is now developing predictive models for entire electronic records.

Public Health Surveillance: Rapid Outbreak Response

The CDC faced a critical challenge: essential health data trapped in disconnected silos across thousands of facilities.

The CDC’s partnership with Cloudera created a unified platform consolidating data from hospitals, laboratories and wastewater testing sites. More than 80% of non-federal emergency departments now send data to CDC, enabling comprehensive threat monitoring. When measles spiked across 15 states in 2025, officials had integrated visualizations within days.

The CDC’s One CDC Data Platform (1CDP), established in 2024, provides state, tribal, local and territorial agencies with streamlined access to core datasets and analytics, enabling faster disease trend detection and proactive strategies.

Accelerating Cancer Research Collaboration

The National Cancer Institute partnered with Google Cloud and Barnacle AI to introduce NanCI – a platform leveraging AI-driven recommendations to connect researchers with collaboration opportunities, literature and events. The solution demonstrates how AI extends beyond clinical care to accelerate scientific discovery across Government, Education and Healthcare sectors.

Operational Excellence: Freeing Caregivers to Care

Workforce coordination: Healthcare organizations use BlackBerry AtHoc, available through Carahsoft’s reseller network and contract vehicles, to streamline staffing and scheduling processes. The event management platform helps ensure personnel are coordinated efficiently across departments which is essential for maintaining high standards of patient care.

Financial automation: Community Health Centers of Florida implemented Laserfiche’s enterprise content management system, cutting processing time by 50% and eliminating manual data entry. “I cannot fathom processing the current volume of invoices ‘the old way,’” said Dee Bradshaw, director of purchasing. “Laserfiche has cut our processing time in half.”

Every hour freed from administrative burdens is an hour caregivers get back to spend with their patients.

Modern, Secure Infrastructure

California Department of State Hospitals deployed Rubrik’s data management platform to integrate legacy systems with modern hybrid cloud environments. Rubrik’s Zero Trust Data Security framework minimized ransomware vulnerability while ensuring Federal compliance.

St. Luke’s University Healthcare Network used Rubrik for faster backups, near-instant recovery and seamless hybrid IT integration, strengthening cyber defenses while freeing IT staff to support clinical teams.

Federal agencies, State and Local Governments and Education institutions face similar Zero Trust security and hybrid cloud integration requirements.

Explore Carahsoft’s cybersecurity solutions at www.carahsoft.com/solve/cybersecurity.

Meeting Demand at Scale

NYC Health + Hospitals deployed Snowflake’s Data Cloud which consolidated separate data sources into a unified platform. This integration eradicated silos, provided real-time visibility and enabled data-driven decisions at the point of care for vulnerable populations.

The Carahsoft Advantage

For Healthcare Organizations: Faster access to solutions, simplified procurement through pre-negotiated contracts, integrated solutions across technology verticals, dedicated healthcare technology expertise. Simplify your organization’s procurement journey with Carahsoft.

For Reseller Partners: Opportunities to deliver comprehensive solutions, access to leading vendors through established contract vehicles, sales enablement and marketing support. Become a Carahsoft reseller partner.

For Technology Vendors: Expanded reach across Federal, State and Local Government, Education and Healthcare markets, simplified Healthcare sales through hundreds of contract vehicles. Join our partner ecosystem.

Ready to explore healthcare technology solutions?

Download Carahsoft’s Buyer’s Guide for Healthcare
Contact the Healthcare Technology Team at (571) 591-6080 or Healthcare@carahsoft.com
Explore Carahsoft’sHealthcare Technology solutions at www.carahsoft.com/solve/healthcare-technology

Securing Government AI: Why Federal Agencies Need a Trust Layer for Accountable, Compliant Deployment

Posted on by Seema Khinda Johnson

Federal agencies must deploy AI fast – but safely. The White House’s Executive Order, new OMB guidance requiring Chief AI Officers, and citizen expectations are driving rapid adoption. More than 1,700 AI use cases are already live across Government, doubling in just one year.

The challenge? Traditional security can’t keep up with AI systems operating at machine speed and scale. Federal agencies need Zero Trust architecture built specifically for AI agents, not retrofitted legacy systems. The recent addition of Nuggets’ Trust Layer solutions to the GSA Schedule provides exactly that foundation.

The Zero Trust Imperative for Government AI

Here’s the reality: AI agents make thousands of decisions per second across multiple systems. Without Zero Trust verification, agencies can’t prove who authorized what action, when or with which data.

The core challenges are clear:

Speed vs oversight: AI operates faster than current security can verify
Scale: Thousands of simultaneous agent interactions with no unified oversight
Accountability gaps: No audit trails for autonomous decisions in black-box systems
Compliance blind spots: NIST IAL2/IAL3 standards weren’t designed for autonomous AI
Sophisticated threats: AI-powered spoofing attacks that overwhelm legacy defenses

Federal agencies face intense pressure to adopt AI, but risks around bias, privacy, accountability and public trust threaten safe deployment. The gap between what agencies must deliver–secure, transparent, compliant services—and what legacy systems can support continues to widen.

Why Legacy Solutions Can’t Keep Up

Traditional identity systems were built for humans, not AI agents. While protocols like Agent-to-Agent (A2A) and Model Context Protocol (MCP) enable coordination between agents and tools, they don’t verify trust, intent or authorization, especially when handling sensitive Government data.

Point solutions create security silos and compliance blind spots. Legacy frameworks simply don’t account for autonomous decision-making, leaving agencies without proof of who or what acted, when and with proper authorization. Without this foundation, compliance and accountability are left to chance.

The Trust Layer Solution: Zero Trust for AI

Nuggets provides purpose-built Zero Trust architecture for agentic AI. Recognized by Gartner as a leader in decentralized identity, our trust layer embeds verification into every AI interaction, no matter the agent, system or data involved.

The comprehensive architecture creates compliance by design through three core capabilities:

Verifiable Identity: Cryptographically verified identity for every human, organization and AI agent that works across all platforms, contexts, devices and systems.

Complete Audit Trails: Every AI decision creates tamper-proof records with consent receipts and authorization proofs that meet Federal accountability requirements.

Standards Compliance: Built-in adherence to NIST IAL2/IAL3, AAL2 and UK Digital Identity Trust Framework requirements, ensuring agencies can deploy AI while meeting stringent security standards.

The result: a Zero Trust foundation on which agencies can deploy autonomous AI systems with confidence that every action is verified, compliant and auditable. This will enable both rapid innovation and Government accountability.

Real Impact: Government AI That Works

For Government IT leaders, the practical outcomes are substantial and measurable. Agencies using Nuggets’ trust layer achieve:

Operational Confidence: AI agents operate autonomously while maintaining security standards, delivering efficiency without sacrificing oversight.

Compliance Assurance: Built-in adherence to Federal identity verification requirements eliminates compliance guesswork.

Mission Success: Complete audit trails for all AI interactions and decisions ensure accountability while preventing unauthorized actions that could compromise sensitive operations.

Real-world use cases demonstrate the impact: automated document processing across agencies with complete audit trails, AI-driven eligibility checks and fraud detection that withstand regulatory scrutiny, secure inter-agency data sharing with verified agent identities and AI-powered citizen services that maintain privacy while delivering efficiency.

Each deployment proves that agencies can achieve both AI innovation and Government accountability, systems that are trusted by regulators, citizens and the mission itself.

The GSA Schedule Advantage

Procurement complexity often slows Government adoption of new technologies, but Nuggets eliminates these barriers. The solution is available through multiple pre-vetted contract vehicles, including GSA Schedule No. 47QSWA18D008F, SEWP V contracts, ITES-SW2, NASPO ValuePoint, OMNIA Partners and E&I Contract.

This means agencies can move from evaluation to deployment quickly, leveraging Carahsoft’s established Government relationships and support infrastructure. No lengthy procurement delays, no security gaps, no compliance questions.

Ready for Trusted AI Deployment?

As agencies expand AI capabilities, traditional security cannot keep pace with the speed, scale and complexity of autonomous systems. Purpose-built Zero Trust infrastructure is essential for agencies that must balance innovation mandates with compliance requirements and public accountability.

See how Federal agencies are deploying AI that’s secure, compliant, transparent and trusted. Schedule a personalized demo to explore how Nuggets’ Trust Layer can secure your agency’s AI deployment with the accountability that Government operations require.

Deploy AI that’s trusted by regulators, citizens and your mission. Contact Carahsoft at (844) 214-4790 or Nuggets@carahsoft.com. Learn more at www.carahsoft.com/nuggets.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Nuggets, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Cloud Security: Complex Threats, Clear Solutions

Posted on by Candace Thorson

Cloud technology, for many years, enticed agencies looking for savings and efficiencies. Organizations pursued “cloud-first” policies that migrated data and applications away from onsite infrastructure and into the control, at least in part, of cloud service providers. While the cloud offered promising advantages, some agencies encountered unexpected cost challenges along the way. And lately, malicious actors have gotten exceptionally good at exploiting cloud vulnerabilities.

There isn’t one way to secure your cloud platform, unfortunately. You need a holistic, Zero Trust approach that combines security controls with cyber policies and procedures. Strong encryption and access rules, automated updates, clear visibility and detailed incident response plans are all critical. Knowing who’s responsible for what should go without saying. And repatriating data — bringing it back on premises, for example — is often a commonsense answer.

“Agencies have to comply with stringent regulations … so that means they need a really robust [security] framework, all while managing the complexities of the cloud environment,” said Garrett Lee, Regional Vice President for Public Sector in Broadcom’s Enterprise Security Group. “Cloud, you know, solves some problems, but it also creates some others.” 

In this video interview, Lee explores both the opportunities that cloud computing offers and how to confront its security challenges. Topics include: 

What a holistic approach to cloud security entails
The cost and security drivers behind data repatriation, and why they matter
How to secure four critical domains: endpoints, data, the cloud and networks

Want to learn more cyber resilience strategies? Download Symantec, Carbon Black and Carahsoft’s guide to explore four critical cyber force multipliers that enhance agencies’ security posture amid growing threats and limited budgets.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on GovLoop.com, and is re-published with permission

Maximizing Federal IT Investments Through Udemy’s Strategic Workforce Development

Posted on by Tim Boltz

The Federal Government continues to invest billions in cutting-edge technology and digital transformation initiatives, yet many agencies struggle to realize the full return on these investments. The challenge is not always the technology itself, but ensuring the Federal workforce has the technical and soft skills needed to keep pace with rapidly evolving systems and processes. Udemy Business addresses this critical gap by offering comprehensive, on-demand training that upskills and reskills Federal employees, ensuring agencies maximize their IT investment returns while building a more capable, adaptable workforce.

Secure, Cross-Agency Learning Architecture

Federal agencies require training solutions that meet stringent security standards while enabling collaboration across organizational boundaries. Udemy Business delivers on both fronts through its secure cloud-hosted platform that complies with industry standards for data protection. The platform’s role-based controls allow administrators to manage permissions appropriately while maintaining security protocols.

Udemy Business delivers relevant training content with customized learning paths that are tailored to specific roles, compliance requirements and interagency goals. This capability ensures that workforce development efforts align with both individual agency missions and broader Government-wide objectives.

Udemy Business is aligned with the General Services Administration’s (GSA) OneGov strategy. Udemy Business unifies agencies and breaks down technology silos that have historically fragmented Government operations. Udemy’s extensive on-demand content library directly supports this vision by providing Federal employees with access to both technical and soft skills training across agency boundaries. Agencies can leverage Udemy’s training platform to ensure consistent skill development that ensures customers receive the largest return on IT investments. Udemy Business enables agencies to better coordinate their technology initiatives, as employees across different departments develop shared competencies in emerging technologies, project management and collaborative workflows that are essential for cross-agency success.

Building AI and Zero Trust Capabilities

As Federal agencies increasingly adopt artificial intelligence (AI) and Zero Trust security frameworks, workforce preparedness becomes critical for successful implementation. Udemy provides comprehensive AI courses that teach machine simulation of human intelligence processes, knowledge that is essential for developers, researchers and anyone working with cutting-edge Government technology initiatives.

The platform also offers extensive Zero Trust security courses that help Federal teams understand and implement Zero Trust principles effectively. This training capability is particularly valuable as agencies work to maintain pace with the evolving cybersecurity climate and protect sensitive Government data and systems.

Streamlined Deployment and Accessibility

Government environments often present unique deployment challenges, particularly for agencies with limited technical resources. Udemy Business addresses these concerns through its cloud-based architecture that supports remote access from anywhere with an internet connection. This flexibility proves especially valuable for distributed Federal workforces and agencies operating across multiple locations.

The platform’s straightforward deployment model eliminates many of the technical barriers that can slow adoption in Government environments, allowing agencies to begin training initiatives quickly without extensive infrastructure investments or complex integration projects.

Enhanced Value Through Strategic Partnership

Carahsoft and Udemy have collaborated to make workforce development more accessible and affordable for Federal agencies. Udemy Business Licenses are available through GSA contracts via Carahsoft, providing customers with established procurement pathways and additional savings opportunities. The partnership extends to other contract vehicles as well, giving agencies flexibility in their procurement approaches.

Currently, eligible Government customers can access additional savings of up to 50% off manufacturer’s suggested retail price (MSRP) through this strategic partnership. This promotion remains effective through the end of Federal fiscal year 25, providing agencies with a limited-time opportunity to invest in workforce development at significantly reduced costs.

The convergence of technological advancement, workforce development needs and strategic cost savings presents Federal agencies with a compelling opportunity to strengthen their human capital investments.

Ready to transform your agency’s workforce development strategy? Contact the Udemy team at Carahsoft or visit the Udemy Business website to discover how comprehensive, on-demand training can maximize your IT investments while building the skilled Federal workforce of tomorrow.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Udemy Business, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.