Grammarly and Carahsoft: Elevating Secure, Private Government Communication

Posted on by Ty Rottare

Grammarly and Carahsoft have partnered to provide Government agencies with trustworthy AI assistance supported by robust security measures. Thanks to this collaboration, Government agencies gain access to Grammarly’s trusted AI assistant, which can help them improve communication and boost operational efficiency. This partnership marks a notable advancement in supporting Government agencies in navigating the evolving digital landscape.

Unlocking the Benefits for Government Agencies

As a recognized leader in providing IT solutions to the public sector, Carahsoft offers extensive experience navigating the Government procurement process. Combined with Grammarly’s AI assistant, their expertise creates a powerful resource for Government agencies aiming to improve efficiency and productivity. When your agency works with Carahsoft and Grammarly, you’ll experience the following benefits:

Grammarly Government Communications AI Blog Embedded Image 2024

Rapid Implementation: Our streamlined setup process enables agencies to implement Grammarly across their organization in one day. This allows teams to start benefiting from enhanced communication support almost immediately.
Time Efficiency: On average, our users save about 35 minutes per day per person on communication tasks. This time can be redirected toward more strategic tasks, leading to improved project outcomes and better service delivery to the public.
Enhanced Communication Quality: Effective communication is crucial for Government agencies. Grammarly’s tools help teams craft clear, concise, and impactful messages, ensuring that important information is conveyed accurately. With over 70,000 teams already benefiting from our services, our track record speaks for itself.
Boosting Brand Compliance: Our advanced communication tools can help agencies improve brand compliance by a remarkable 71%. This consistency in communication enhances public trust and strengthens the agency’s reputation.

Our Commitment to Privacy, Security, and Compliance

Grammarly’s commitment to enterprise-grade security offers significant benefits for Government agencies. As a trusted partner, Grammarly adheres to the highest industry standards, ensuring that sensitive information remains secure. The collaboration with Carahsoft further underscores this dedication. Grammarly provides tailored AI solutions that meet the specific security needs of the public sector. By emphasizing stringent security measures, Grammarly helps agencies confidently use their tools while safeguarding critical data.

Additionally, Grammarly’s subscription-based revenue model ensures that customer content is never sold, placing a strong emphasis on user privacy and control. This transparency is essential for Government agencies, allowing them to maintain oversight of their data usage at all times. With a solid foundation supported by third-party audits and certifications, Grammarly provides compliance and regulatory support that agencies can rely on, reinforcing their ability to operate within legal and ethical boundaries while maximizing operational efficiency.

Empowering the Public Sector with AI

Through our partnership with Carahsoft, we are dedicated to helping Government agencies lead, learn, and grow amid evolving demands. With Grammarly, your teams can confidently communicate, innovate, and serve the public more effectively.

For more information on implementing Grammarly within your agency, visit our website or contact Carahsoft today! Together, we can enhance Government operations’ efficiency and ensure that every message counts.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Grammarly, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How to Accelerate the Journey to Government Compliance with CCM

Posted on by Esty Peskowitz

Government agencies are inundated with a vast amount of daily Governance, Risk, and Compliance (GRC) tasks and processes. Achieving regulatory compliance, an arduous process, can take up precious time that could be reallocated to other business-critical missions.

Continuous controls monitoring (CCM) is one solution. CCM leverages AI and extreme automation to help cut down on manual processes, allowing agencies to overcome regulatory hurdles, supercharge their staff, and make better risk-based decisions with fast, cost-effective automations.

Improving the Compliance Process

Creating a quality compliance report comes with heavy, manual processing time. CCM can help significantly by taking away some of the cumbersome brunt work, cutting 60-80% of the manual tasks required by GRC programs.

RegScale Government Compliance CCM Blog Embedded Image 2024

It can also help overcome hurdles to reaching valuable security authorizations. Completing an Authorization to Operate (ATO) package can take roughly six months to finish — but that process can be reduced to two weeks with the right CCM platform. CCM also gives agencies a leg up with gaining Continuous Authorization to Operate (cATO) by leveraging OSCAL, a machine-readable format that standardizes security control documentation and enables automated validation.

The Time-Saving Capabilities of Machine Learning and AI

In the past year, advances in machine learning (including large language models and generative AI) have created exciting new possibilities for GRC teams. AI and machine learning (ML) can offer everything from better data analysis to proactive risk management to a major reduction in manual processes. Here are a few of the most compelling use cases for AI-enabled GRC:

Help employees proactively monitor traffic
Review code for errors unlikely to be caught by the human eye
Explain complex controls and procedures in everyday language, bridging knowledge gaps
Generate accurate, up-to-date documentation in one click

Overall, AI allows agencies to move faster, with more accuracy, and with better visibility. To free up staff to complete mission-critical objectives, agencies should create their own AI/ML usage strategies and implement them within a Compliance as Code framework.

How RegScale’s CCM Leverages Compliance-Trained AI

RegScale’s AI-enabled platform, RegML, combines CCM and leading large language (LLM) tools to streamline compliance management with intelligent automation and precision. This approach improves compliance by significantly reducing manual labor and costs. It also provides user-friendly summaries and guidance and improves accuracy and precision in documentation, freeing up staff to focus on core business objectives.

RegML has four main AI features:

AI Extractor, which automatically derives compliance documentation from existing policies and procedures.
AI Explainer, which is designed to demystify control statements by providing users with simple explanations of intricate controls.
AI Author, which helps draft control implementation statements in the context of relevant regulations and requirements. This process allows writers to focus on editing a draft, leading to fewer errors and better accuracy.
AI Auditor, which identifies gaps in controls and provides suggestions for improvement. This frees up teams to work on more critical tasks like fixing gaps and implementing controls.

CCM and the Future

Today, more and more work is being done in the cloud. As data becomes ephemeral and serverless, cybersecurity has become more important than ever — as have the mandatory frameworks governing it. Meanwhile, regulations such as NIST’s Secure Software Development Framework (SSDF), the Digital Operational Resilience Act (DORA), the Security and Exchange Commission (SEC) rules, Cybersecurity and Infrastructure Agency (CISA) mandates, and the European Union’s AI Act have or are predicted to undergo changes.

These shifting frameworks only make CCM more integral, as its AI features allow users to ensure that they are thoroughly compliant at every step of the process. By freeing time for additional tasks, and by maintaining adherence to changing regulations, CCM enables organizations to improve their GRC programs and streamline their operations.

To learn more about how RegScale’s CCM platform provides a layer of security around AI usage, watch its webinar How AI is Revolutionizing Government Compliance.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including RegScale, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought leaders.

Third-Party Risk Management: Moving from Reactive to Proactive

Posted on by Tim Miller

In today’s interconnected world, cyber threats are more sophisticated, with 83% of cyberattacks originating externally, according to the 2023 Verizon Data Breach Investigations Report (DBIR). This has prompted organizations to rethink third-party risk management. The 2023 Gartner Reimagining Third Party Cybersecurity Risk Management Survey found that 65% of security leaders increased their budgets, 76% invested more time and resources and 66% enhanced automation tools to combat third-party risks. Despite these efforts, 45% still reported increased disruptions from supply chain vulnerabilities, highlighting the need for more effective strategies.

Information vs Actionable Alerts

The constant evolution and splintering of illicit actors pose a challenge for organizations. Many threat groups have short lifespans or re-form due to law enforcement takedowns, infighting and shifts in ransomware-as-a-service networks, making it difficult for organizations to keep pace. A countermeasure against one attack may quickly become outdated as these threats evolve, requiring constant adaptation to new variations.

In cybersecurity, information is abundant, but decision-makers must distinguish the difference between information and actionable alerts. Information provides awareness but does not always drive immediate action, whereas alerts deliver real-time insights, enabling quick threat identification and response. Public data and real-time alerts help detect threats not visible in existing systems, allowing organizations to make proactive defense adjustments.

Strategies for Managing Third-Party Risk

Dataminr Third Party Risk Management OSINT Blog Embedded Image 2024

Managing third-party risk has become a critical challenge. The NIST Cybersecurity Framework (CSF) 2.0 emphasizes that governance must be approached holistically and highlights the importance of comprehensive third-party risk management. Many organizations rely on vendor surveys, attestations and security ratings, but these provide merely a snapshot in time and are often revisited only during contract negotiations. The NIST CSF 2.0 calls for continuous monitoring—a practice many organizations follow, though it is often limited to identifying trends and anomalies in internal telemetry data, rather than extending to third-party systems where potential risks may go unnoticed. Failing to consistently assess changes in third-party risks leaves organizations vulnerable to attack.

Many contracts require self-reporting, but this relies on the vendor detecting breaches, and there is no direct visibility into third-party systems like there is with internal systems. Understanding where data is stored, how it is handled and whether it is compromised is critical, but organizations often struggle to continuously monitor these systems. Government organizations, in particular, must manage their operations with limited budgets, making it difficult to scale with the growing number of vendors and service providers they need to oversee. Threat actors exploit this by targeting smaller vendors to access larger organizations.

Current strategies rely too heavily on initial vetting and lack sufficient post-contract monitoring. Continuous monitoring is no longer optional—it is essential. Organizations need to assess third-party risks not only at the start of a relationship but also as they evolve over time. This proactive approach is crucial in defending against the ever-changing threat landscape.

Proactively Identifying Risk

Proactively identifying and mitigating risks is essential for Government organizations, particularly as threat actors increasingly leverage publicly available data to plan their attacks. Transparency programs, such as USAspending.gov and city-level open checkbook platforms, while necessary for showing how public funds are used, can inadvertently provide a playbook for illicit actors to target vendors and suppliers involved in Government projects. Public data often becomes the first indicator of an impending breach, giving organizations a narrow window—sometimes just 24 hours—to understand threat actors’ operations and take proactive action.

To shift from reactive to proactive, organizations must enhance capabilities in three critical areas:

Speed is vital for detecting threats in real time. Using AI to examine open source and threat intelligence data helps organizations avoid delays caused by time-consuming searches.
The scope of monitoring must extend beyond traditional sources to deep web forums and dark web sites, evaluating text, images and indicators that mimic official branding.
While real-time information is essential, excessive data can lead to alert fatigue. AI models that filter and tag relevant information enable security teams to focus on the most significant risks.

Proactively addressing third-party risks requires organizations to stay prepared for immediate threats. By leveraging public data, they can strengthen defenses and act before vulnerabilities are exploited.

While self-reporting and AI tools are valuable, organizations must take ownership of their risk management by conducting their own due diligence. The ability to continuously monitor, identify and mitigate risks presents not just a challenge but an opportunity for growth and improvement. Ultimately, it is the organization’s reputation and security at stake, making proactive risk management key to staying ahead of today’s evolving threats.

To learn more about proactive third-party risk management strategies, watch Dataminr’s webinar “A New Paradigm for Managing Third-Party Risk with OSINT and AI.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Dataminr, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Leveraging Technology to Align with Environmental, Social and Governance Principles

Posted on by Jennifer Heath and Stephen Pyatt

Sustainability has evolved from a buzzword to a core element of facility management and corporate real estate. Facility managers and real estate leaders have a duty beyond regulations to meet Net Zero targets and reduce buildings’ environmental impact. Johnson Controls’ recent sustainability report highlighted that nearly 40% of global CO₂ emissions come from corporate real estate and office buildings, emphasizing the need to reduce emissions and energy use. Despite investments in smart building technologies and clean energy, global energy consumption and CO₂ emissions continue to rise. Embracing technology-driven sustainability helps facility managers optimize energy use, reduce emissions and create efficient, self-regulating buildings that align with Environmental, Social and Governance (ESG) principles.

Strengthening Risk Management with AI

FM:Systems Technology Environmental, Social and Governance Principles Blog Embedded Image 2024

As sustainability becomes a core focus in facility management, advancements in technology are reshaping how facilities are managed beyond environmental goals. Integrating artificial intelligence (AI) and smart building technology is now key to anticipating and responding to extreme events, like hurricanes, floods and earthquakes, adding a new layer to strategic management. The 2024 International Facility Management Association (IFMA) conference emphasized using building automation to assess facility vulnerabilities and centralized data to enable immediate, coordinated emergency responses.

AI also boosts operational safety and security by enhancing access tracking and visitor management. In emergencies such as fires or security threats, AI-driven solutions quickly identify occupants, aiding efficient evacuations with real-time alerts. These systems also support compliance with data privacy regulations like the General Data Protection Regulation (GDPR), ensuring strict data handling protocols.

Overall, integrating AI and smart building technology strengthens risk management, streamlines emergency responses and maintains data compliance, empowering facility managers to better protect people and assets.

The Innovation of Asset Maintenance in Buildings

While AI-driven risk management strengthens emergency response and security, smart building technologies are redefining day-to-day operations. Traditionally, buildings operated with isolated systems located in basements or ceilings. Connected buildings introduced monitoring for energy use through one or two systems. Smart buildings advance this by integrating building management systems (BMS) with various data sources to enhance performance, aiming for autonomous buildings powered by advanced AI to make decisions, recommend actions and predict failures.

A transformative tool in this field is the digital twin—a precise digital replica of a building and its operations. Internet of Things (IoT) sensors connect digital twins to building systems, allowing facility managers to predict system performance, such as HVAC efficiency during temperature spikes. Digital twins analyze real-time data for predictive scheduling and store essential asset documents like Original Equipment Manufacturer (OEM) manuals, accelerating issue resolution and improving efficiency. This shift enables proactive maintenance, reducing downtime and maximizing system availability.

Smart technology automates maintenance to optimize resources. For example, analyzing room bookings can guide maintenance efforts, avoiding unnecessary checks on unused spaces. Flow sensors in restrooms enable maintenance based on usage, saving time and resources. Real-time visualization of performance allows buildings to communicate with managers and prompt adaptive responses. Autonomous buildings can alert managers, suggest solutions and initiate corrective actions.

As facility managers adopt these innovations, focusing on data collection and analysis is crucial for optimizing operations. Transitioning to smart, autonomous buildings revolutionizes maintenance strategies and creates high-performing workplaces. Leveraging data from digital twins and IoT systems enhances decision-making, resource allocation and sustainable building management.

Supporting and Enhancing the Employee Experience

Optimizing facility systems through digital twins and IoT sensors paves the way for more than just operational efficiency. Real-time environmental adjustments support an organization’s most valuable asset: its people. Environmental data has become essential as employees prioritize well-being and productivity, especially after the COVID-19 pandemic underscored the impact of air quality on health. “Cognitive ergonomics” refers to how factors like air quality, lighting and sound affect cognitive abilities. Harvard partnered with Syracuse University and SUNY Upstate Medical University to conduct research into whether working in a “green building” resulted in better cognitive performance than “non-green buildings. Poor air quality is shown to cause fatigue, headaches and decreased focus, impairing productivity. According to the Harvard School of Public Health, improving workplace indoor air quality can increase employee productivity by up to $6,500 per person per year.

Inclusivity should also be central to workplace technology. AI-driven accessibility tools, such as text alternatives for signage, text-to-speech in lobbies and automated meeting transcriptions, ensure user-friendly experiences for all. Adhering to standards like the Web Content Accessibility Guidelines (WCAG) establishes sustainable, accessible workplace technology.

Focusing on employee experience helps facilities teams create adaptable, inclusive workspaces that boost well-being and productivity. Leveraging real-time environmental data and accessible technology ensures workplaces remain supportive, sustainable and responsive to employees’ needs.

While real-time adjustments enhance employee well-being and inclusivity, facility managers are also experiencing a broader shift in their roles. This evolution, driven by data and AI, transforms facility management from a reactive approach to proactive and strategic, demonstrating the transformative power of technology. By leveraging these tools, facility managers can align operational strategies with ESG objectives and Net Zero targets, creating workplaces that are sustainable, efficient and supportive of their greatest asset: people.

Watch FM:Systems’ webinar “People, Places, Planet: Leveraging Technology to Integrate ESG into FM Operations” to dive deeper into cutting-edge strategies and best practices that empower facility managers to drive innovation and enhance operational performance.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including FM:Systems, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Sunny Side of Cloud Migration

Posted on by Alex McCord

Support for Server products on Atlassian ended in February of 2024 – that means no bug fixes, updates, or technical support for issues now or in the future.

While this seems like pretty dour news, the upside is that it’s never been easier to migrate your workflows to the cloud. With the cloud, you get enhanced security, flexibility, and scalability – so what is stopping business leaders from making the move?

According to research from Foundry, over the past year, 90% of organizations have faced challenges in their cloud adoption journey. The top obstacle has been budget and cost concerns, affecting 48% of companies.

Despite that – the same report found that 63% of IT decision-makers agree that their organization has accelerated its migration to the cloud over the past 12 months.

Why This is the Year to Consider the Cloud

Atlassian Tempo Cloud Migration Blog Embedded Image 2024

Last year, the number of Tempo customers moving to the cloud surged due to Atlassian’s news. Companies were also motivated by improvements in cloud technology that make the longstanding benefits of moving to the cloud even more appealing:

1. Scalability
Cloud infrastructure is flexible, allowing businesses to scale operations up or down based on growth or seasonality. Project managers and product owners can adjust resources around product launches or deprecations – without needing to invest in infrastructure or sell off old hardware.

For Tempo, because we invested in the cloud and gained the security and compliance that came with it – we began seeing a serious uptick in enterprise-level customers and we could handle that spike in demand thanks to our new systems.

2. Cost Effectiveness
A transition to the cloud can lead to significant savings. Companies only pay for what they use: Farewell outdated hardware, goodbye IT staffing issues – hello predictable IT budgets and realistic capital expenses.

3. Collaboration and Streamlining
For enterprises, cloud-based tools allow teams from anywhere to collaborate in real time. With teams working seamlessly, and procurement simplified, they can run an airtight operation, see real-time data more consistently across departments, and enable better decision making.

4. Business Continuity
Cloud-based businesses can back up data and systems to avoid downtime in any given region. Companies that still rely on on-premise systems have a much harder time keeping the lights on and recovering data if a disaster strikes.

5. Quicker Deployment
Cloud services and applications are perfect for quick deployment. You can deliver new products and services, roll out bug fixes, and respond to the market immediately with cloud-based deployment.

6. Automatic Updates
Cloud providers handle software updates to ensure your team has the latest features and security updates. They also take care of server upkeep so systems keep running smoothly.

How Tempo Did It

In 2016, we made the decision to begin transitioning our own tools and our company to the cloud – but moving to cloud isn’t a sprint. It’s a marathon that requires careful preparation, management, and shouldn’t be done recklessly.

We wanted:
● Faster builds compared to pre-cloud (under 15 minutes)
● Faster cycle time (24 hours or or less)
● Better logging, monitoring, and alerting
● A mono repository for our cloud modules
● Using feature flags to have more control over when and how a change is made available to customers

We broke the process down into three parts. Phase one was prepping the pipeline and merging our product repositories and the sub-module repositories into a single mono repository. That meant forking that into two codebases (Cloud and On Premise), and improving those builds. We didn’t set an expectation of feature parity between on-premise and cloud. Instead we focused on solution parity.

Phase two was making development and production logs available to devs, checking nothing was broken, and getting an on-call team to respond to any issues when to do (inevitably) arise).

The final phase was continuous delivery. This is effectively the step that never ends as we always make incremental changes, test our builds, and deploy more often. Because of the benefits of the cloud, that meant going from monthly to weekly to daily releases.

A More Secure Future

When it comes to cloud transformation – it is more than just trying to improve your builds.
In the realm of enterprise software, trust and security are non-negotiable and an effective migration means making major steps to ensure the integrity and confidentiality of your customers’ data.

That means for companies wanting to move to the cloud, you need to consider things like setting up a robust trust center, adhering to GDPR, SOC 2, and ISO 27001 standards, and investing continuously in your security infrastructure to stay ahead of the curve.

We helped almost 1,000 companies with their own cloud migrations because we believed the payoff of cloud was so great – and it only improves as more companies make the move.

Thanks to the investments we made in the cloud, Tempo was awarded Atlassian’s 2023 Partner of the Year for Enterprise Apps. We simply wouldn’t be the same company without becoming cloud-first.

Join our January 21, 2025 webinar, “New Year, New Beginnings: Why 2025 is the Year to Move to Atlassian Cloud.” For more about Tempo, visit www.tempo.io or book a demo.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

“Giving Back is in Our DNA”: How AvePoint is Driving Social Change in the Tech Industry

Posted on by Kevin Briggs

AvePoint (NASDAQ: AVPT) is the global leader in robust data management and governance with over 21,000 customers across the globe, helping them secure their collaboration environments across Microsoft, Google and Salesforce. Using AI, AvePoint enables organizations to modernize their digital workplace and improve data governance, enhancing productivity, collaboration and security. In addition to helping its customers thrive within their digital collaboration systems, AvePoint is dedicated to philanthropy, reflecting a core mission to drive positive change in the technology industry and their communities.

Internal and External Charitable Efforts

AvePoint’s philanthropy efforts reflect the company’s core values of diversity, equity and inclusion (DEI), with a focus on using technology to drive social impact. Recognizing the tech industry’s challenges with underrepresentation, especially for women and people of color, AvePoint supports groups like Girls Who Code to break stereotypes about women in technology. AvePoint also fosters change within the organization through employee resource groups like AvePoint Veterans, Black AvePoint Excellence, Women in Technology (WIT), Latinx and Queers and Allies (Q&A), all aimed at fostering inclusivity and providing a supportive environment.

AvePoint Driving Social Change in the Tech Industry Blog Embedded Image 2024

Community engagement is integral to AvePoint’s mission, with events designed to blend philanthropy and collaboration. For instance, Black AvePoint Excellence (BAE) hosts an annual gala for partners and customers, typically held around Juneteenth. Likewise, during Pride Month, AvePoint’s Queers and Allies group invited a guest speaker to discuss the significance of Pride Month and what the organization could do to be more inclusive and equitable both internally and externally. These events reflect AvePoint’s culture of integrating ongoing education and fostering empathy, so employees can better serve their communities, extending positive change outward.

Beyond internal efforts, AvePoint’s philanthropic events align with Public Sector initiatives by giving back to communities through local charities where events are held. These collaborations not only contribute to community needs but also highlight AvePoint’s commitment to giving back in meaningful, locally impactful ways.

Past contributions include:

At the 2023 National Association of State Technology Directors (NASTD) Conference, AvePoint hosted a cornhole game, raising $2,500 for the Boston Children’s Hospital.
In 2023, at the TribalNet Conference in San Diego, California, AvePoint had two surfboards for attendees to decorate that were donated to the Groundswell Community Project.
AvePoint partnered with Carahsoft at NASTD 2024 and held a mini-golf game, donating $5,000 to The Minneapolis Foundation.
Partnering with Carahsoft for the second time, AvePoint hosted another mini-golf challenge at the 2024 Municipal Information Systems Association of California (MISAC) Conference, raising $3,000 for Patriots and Paws.

AvePoint’s recent partnership with Carahsoft’s Doing Good Team has enhanced these initiatives, particularly by streamlining charity verification and maximizing contributions. By combining resources, AvePoint and Carahsoft can expand their philanthropic impact, support reputable charities and foster community support. AvePoint’s ongoing commitment to diversity, inclusivity and technological advancement drives these charitable efforts, aiming to make a lasting difference in the communities they serve.

A Culture of Support and Service

AvePoint’s philanthropic efforts are deeply influenced by CEO, Dr. Tianyi Jiang, who has prioritized giving back to the technology community throughout the company’s 23-year history. This commitment to social responsibility is exemplified by initiatives like a partnership with Cornell University to mentor the next generation of engineers and entrepreneurs. This leadership-driven ethos resonates throughout the company, promoting charitable engagement at both organizational and individual levels, across the U.S. and globally.

Beyond organized company initiatives, AvePoint encourages employees to pursue their own charitable passions with a donation matching program to support causes that resonate personally with team members. Employees are also empowered to volunteer, with flexibility to balance work and service. AvePoint’s support for these independent initiatives illustrates how the company’s culture of giving is woven into its fabric, encouraging employees to contribute both professionally and personally.

AvePoint’s culture of giving is grounded in values that empower employees to engage in meaningful initiatives, both through company-supported efforts and personal causes. Leadership’s passion for community impact inspires employees at all levels to pursue organized and independent philanthropic efforts, always met with AvePoint’s encouragement and resources. As seen in examples across the organization, this culture of service is more than a formal policy—it is embedded in the company’s DNA, guiding AvePoint’s commitment to making a positive difference within and beyond the technology industry.

Explore the AvePoint culture of giving back on our Careers Blog, and learn more about how the company supports the Public Sector with our award winning technology here.

A Guide to the Continuous Diagnostic and Mitigation Program by CISA

Posted on by Steve Jacyna

The Continuous Diagnostics and Mitigation (CDM) Program, established in 2012 by the Cyber Security Infrastructure Security Agency (CISA), provides a dynamic approach to fortifying the cybersecurity of Government networks and systems by improving security posture of participating agencies and mitigating risk to the nation’s cyber and physical infrastructure.

Carahsoft’s long and supportive history of CISA’s CDM program allows Carahsoft to provide cutting edge software to benefit the governments pressing national security requirements. Currently, Carahsoft supports more than 70 vendor partners on the CDM Approved Products List, assisting in completing the submission process and maintaining communication with CISA for APL updates. Our extensive vendor and partner network allows the Government to procure asset and identity management, network security and data protection tools in support of the CDM program.

How the CDM Program Works

The goal of the CDM program is to find and prioritize risks in cybersecurity, increasing visibility into the Federal cybersecurity space and improving the Government’s ability to respond to issues or threats. In the past few years, the CDM program has grown to become a proactive, coordinated and efficient entity. In CISA’s projected budget for 2025, $469.8M will be allotted for the CDM program to strengthen the security posture of Federal Government networks and systems.

Carahsoft CISA CDM Program Update Blog Embedded Image 2024

CISA has a congressional mandate at the national level to extend cybersecurity and the availability of CDM tools. It also supplies capabilities and knowledge into the framework of State and Local Governments and works to protect the nation’s vital infrastructure. Government agencies have specific funding that they can use—in essence as a grant. Different agencies and governmental entities can apply to get funding from the Department of Homeland Security (DHS) to enable the purchase of CDM technologies. DHS and CISA work with emerging, established and developing cyber technologies to counter threats from a wide variety of adversaries.

The CDM Program APL and Procurement Process

The CDM program offers a set of certified tools and sensors, known as the APL. To begin the process for a solution to be approved for the APL, a vendor must submit information about its capabilities to CISA. For example, where that tool sits in the network and what it is capable of. Tools that are part of the CDM program provide capabilities in the following 4 areas:

Asset Management

Identity and Access Management

Network Security Management

Data Protection Management

The CDM office at CISA evaluates the offeror’s claims for that solution for acceptability and applicability onto the APL. If it meets the defined cybersecurity criteria, it is then classified into a specific category. Products labeled by CDM listed on the GSA MAS IT schedule through GSA Advantage have already been vetted and approved by CISA, signifying that they meet the technical standards needed for Government procurement. Therefore, agencies do not need to repeat the evaluation process when purchasing through GSA. While CISA manages the CDM program, GSA provides the ease of buying and the ability to expedite awards. CDM products can also be acquired through the NASA SEWP CDM catalog and are added to this contract via customer request.

The CDM program includes cybersecurity tools and sensors reviewed for conformance with Section 508, Federal license users and CDM technical requirements. Each month, the program offers a weeklong submission window for new tools to be submitted for addition to the APL, which allows for unique flexibility for a Government program and strengthens the program over time. Since the acquisition of new and innovative technology can oftentimes lead to longer implementation timelines for the Government, monthly rolling submissions allow for a quicker and more flexible process for agencies obtaining new products. Not only is this a benefit for Government, but for industry, too, as a larger submission window allows technology vendors the opportunity for their products to be added to the APL more frequently.

Cybersecurity threats are ever evolving—and consequently so are the tools and the defensive measures needed to mitigate them. CDM products expire from the APL every 3 years to ensure the products listed continuously comply with modern cybersecurity standards. For more information on the technical evaluation process, please review the APL Product Submission Instructions.

Benefits of Acquiring CDM Tools for End Users

Broad Base of Customers: The CDM program focuses on Federal infrastructure but works with GSA and its broad customer base, including buyers such as the Departments of Agriculture, Transportation, Justice and Education, as well as tribal and territorial Governments, for example.

High Levels of Support: At CISA, the CDM program delivers high levels of support to Federal civilian agencies. It has direct program management resources, funding resources, and outreach resources, among others.

Election Security: Election security is top of mind for 2024. The Help America Vote Act (HAVA) is an organization whose funding focuses on securing elections, ensuring confidence in election results, having robust voting technology and withstanding potential cyber threats. This is a bipartisan issue since all parties agree that user experience and cybersecurity require improvement. The CDM program and its robust suite of tools address these crucial objectives.

Critical Infrastructure: DHS prioritizes protective services to critical infrastructure organizations like power companies, oil refineries and railroads. For example, $130.3M of CISA’s FY25 budget will ensure emergency communication interoperability and assistance.

Integrators for the CDM Program

Integrators are an integral part of the CDM Program, providing cybersecurity expertise, consulting, technology, tools, solutions and services to participating Government agencies. These organizations work directly with the agencies to strengthen IT security posture, zero trust maturity and other mission critical cybersecurity needs. The following integrators are currently the contract holders for agencies participating in the CDM Program in groups A-F, which are categorized by the task orders each agency holds.

To learn more about defending Federal networks and systems with the CDM Program, the partners we support on the CDM APL and how you can sell your products under CDM, visit our CDM Program Overview and contact us today.

Quantum Computing’s Latest Breakthrough: Why Government Encryption Standards Face a New, Unexpected Threat

Posted on by Harvey Morrison

Last week, international scientists made headlines by successfully cracking a 50-bit RSA encryption integer using D-Wave’s Advantage quantum computer. While it’s true that a 50-bit key is vastly smaller than the 2048-bit keys used in modern RSA encryption, the significance of this achievement lies in how it was done. Unlike traditional attacks based on Shor’s algorithm and quantum gate computers, the researchers utilized a quantum annealing system, designed for optimization rather than direct factoring. This shift in approach raises important questions about the timeline for when quantum computers could crack full-scale RSA encryption, potentially accelerating the threat to current cryptographic standards far sooner than expected.

Marion Square Quantum Computing and Cybersecurity Blog Embedded Image 2024

For years, the vulnerability of public key encryption has been understood primarily as a factoring problem, since the security of encryption algorithms like RSA relies on the difficulty of factoring large composite numbers. Shor’s algorithm, widely regarded as the most probable path to breaking public key encryption, is designed specifically to factor these numbers exponentially faster than classical methods, posing a significant future threat to encryption systems. However, in a surprising turn, the international researchers in this recent attack used a quantum annealing computer, which is designed for optimization tasks, not factoring. This innovative approach represents a completely different method of breaking RSA encryption, highlighting that the threat from quantum computing may emerge from unexpected directions, advancing the risk timeline beyond what many experts anticipated.

This breakthrough also underscores the growing versatility of quantum annealing in solving problems once thought exclusive to gate-based quantum computers. Traditionally, annealing systems have been seen as ideal for optimization problems in fields such as logistics, material science, and machine learning—not for cryptographic attacks. However, the international researchers effectively re-framed RSA decryption as an optimization challenge, unlocking new potential in quantum annealing. While quantum annealing computers like D-Wave’s systems were not originally designed for factorization tasks, this achievement raises important questions about their ability to scale to larger key sizes and tackle more complex encryption algorithms. If quantum annealing can be adapted for cryptography at higher levels, it could potentially shorten the timeline for when quantum computers might become a real-world threat to encryption standards. Though hurdles remain, this new approach widens the scope of quantum threats to cryptographic systems, showing that the race to quantum-safe encryption may need to accelerate.

In conclusion, this breakthrough in quantum annealing highlights the increasing urgency for federal agencies to prioritize their post-quantum encryption (PQE) transition. The rapid evolution of quantum computing, coupled with the potential for new cryptographic vulnerabilities, underscores the need to meet the milestones set by NSM 10 and OMB 23-02. Agencies that have not yet initiated or fully engaged in this process risk falling behind as quantum advancements accelerate. The time to act is now—establishing cryptographic leadership, conducting comprehensive inventories, and securing appropriate resources are critical first steps. Preparing today will ensure the resilience of federal systems in a quantum-enabled future.

To learn about the latest standards set forth by NIST and how Marion Square can support your Quantum Computing and compliance initiatives, view our webinar, “Mastering NIST PQE Standards: A Guide for Federal Compliance.”

Exploring the Future of Healthcare with Generative AI

Posted on by Linda Chen

Artificial intelligence (AI) is an active field of research and development with numerous applications. Generative AI, a newer technique, focuses on creating content—learning from large datasets to generate new text, images and other outputs. In 2024, many healthcare organizations embrace generative AI, particularly in creating chatbots. Chatbots, which facilitate human-computer interactions, have existed for a while, but generative AI now enables more natural, conversational exchanges, closely mimicking human interactions. Generative AI is not a short-term investment or a passing trend, this is a decade-long effort that will continue to evolve as more organizations adopt it.

Leveraging Generative AI

When implementing generative AI, healthcare organizations should consider areas to invest in, such as employee productivity or supporting healthcare providers in patient care.

Key factors to consider when leveraging generative AI:

Use case identification: Identify a challenge that generative AI can solve, but do not assume it will address all problems. Evaluate varying levels of burden reduction across use cases to determine its value.
Data: Ensure enough data is available for generative AI to provide better services. Identify inefficiencies in manual tasks and ensure data compliance, as AI results depend on learning from data.
Responsible AI: Verify that the solution follows responsible AI guidelines and Federal recommendations. Focus on accuracy, addressing hallucinations where incorrect information is provided such as responses that are grammatically correct but do not make sense or are outdated.
Total cost of ownership: Generative AI is expensive, especially regarding hardware consumption. Consider if the same problem can be solved with more optimized models, reducing the need for costly hardware.

Harnessing LLMs for Healthcare

John Snow Labs Healthcare with Generative AI Blog Embedded Image 2024

Natural language processing (NLP) has advanced significantly in recent decades, heavily relying on AI to process language. Machine learning, a core concept of AI, enables computers to learn from data using algorithms and draw independent conclusions. Large language models (LLMs) combine NLP, generative AI and machine learning to generate text from vast language datasets. LLMs support various areas in healthcare, including operational efficiency, patient care, clinical decision support and patient engagement post-discharge. AI is particularly helpful in processing large amounts of structured and unstructured data, which often goes unused.

When implementing AI in healthcare, responsible AI and data compliance are crucial. Robustness refers to how well models handle common errors like typos in healthcare documentation, ensuring they can accurately interpret how providers write and speak.

Fairness, especially in addressing biases related to age, origin or ethnicity, is also critical. Any AI model must avoid discrimination; for instance, if a model’s accuracy for female patients is lower than for males, the bias must be addressed. Coverage ensures the model understands key concepts even when phrasing changes.

Data leakage is another concern. If training data is poorly partitioned, it can lead to overfitting, where the model “learns” answers instead of predicting outcomes from historical data. Leakage can also expose personal information during training, raising privacy issues.

LLMs are often expensive, but healthcare-specific models outperform general-purpose ones in efficiency and optimization. For example, healthcare-specific models have shown better results than GPT-3.5 and GPT-4 in tasks like ICD-10 extraction and de-identification. Each model offers different accuracy and performance depending on the use case. Organizations must decide whether a pre-trained model or one trained using zero-shot learning is more suitable.

Buy Versus Build

When it comes to the “buy versus build” decision, the advantage of buying is the decreased time to production compared to building from scratch. Leveraging a task-specific medical LLM that a provider has already developed costs a healthcare organization about 10 times less than building their solution. While some staff will still be needed for DevOps to manage, maintain and deploy the infrastructure, overall staffing requirements are much lower than if building from the ground up.

Even after launching, staffing requirements are not expected to decrease. LLMs continuously evolve, requiring updates and feature enhancements. While in production, software maintenance and support costs are significantly lower—about 20 times less—than trying to train and maintain a model independently. Many organizations that build their healthcare model quickly realize training is extremely costly in terms of hardware, software and staffing.

Optimizing the Future of Healthcare

When deciding on healthcare AI solutions, especially with the rise of generative AI, every healthcare organization should assess where to begin by identifying their pain points. They must ensure they have the data required to train AI models to provide accurate insights. Healthcare AI is not just about choosing software solutions; it is about considering the total cost of ownership for both software and hardware. While hardware costs are expected to decrease, running LLMs remains a costly endeavor. If organizations can use more optimized machine learning models for specific healthcare purposes instead of LLMs, it is worth considering from a cost perspective.

Learn how to implement secure, efficient and compliant AI solutions while reducing costs and improving accuracy in healthcare applications in John Snow Labs’ webinar “De-clutter the World of Generative AI in Healthcare.”

Discover how John Snow Labs’ Medical Chatbot can transform healthcare by providing real-time, accurate and compliant information to improve patient care and streamline operations.

Embracing eSignatures: How the SSA is Modernizing Document Processing in the Digital Age

Posted on by David Wilmer

In an era where digital transformation is reshaping both the public and private sectors, the Social Security Administration (SSA) is taking significant strides to modernize how it processes its vast quantities of mail. With millions of Americans relying on the SSA for benefits and services, the agency has long been burdened by a mountain of paperwork. In response to this challenge, the SSA is turning to eSignatures as a key tool in reducing administrative burdens and enhancing efficiency.

The Need for Change: SSA’s Digital Transformation

When considering disability claims, Social Security benefits, or Medicare enrollments, the processes that must be undertaken by the SSA often require signatures for approval. The SSA handles millions of such transactions each year, which are typically paper-based, contributing to a significant administrative burden.^[¹^]

The agency has been working to digitize its services and reduce its reliance on physical mail. The NARA OCRO’s guidance for federal agencies states that converting documents from “digital to paper and back to digital is inefficient, expensive and introduces risks to the authenticity of the records”, and they “encourage agencies to determine if they can move to all-digital workflows that support electronic or digital signatures in place of wet-ink signatures.”^[2] The ultimate goal is to deliver faster, more secure services to the American public, cutting down on processing times and improving overall user experience.

How eSignatures Are Transforming SSA’s Operations

The introduction of eSignatures at the SSA marks a pivotal moment in the agency’s journey toward full digital modernization.

Electronic signatures offer:

a secure, verifiable method for authenticating documents
Much quicker routing/processing of forms and signatures
Programmatic extraction of form data directly into databases

Electronic signatures also help mitigate or eliminate:

Manual processing of paper forms
Lost/misplaced/overwhelming quantities of paperwork
Incorrect/incomplete responses on a form
Forgery/tampering with the document after signature

This transformation is not just about improving internal efficiency; it also drastically improves the experience for beneficiaries. With eSignatures, claimants can now sign documents from the comfort of their homes, avoiding the need to mail in paperwork or visit SSA offices in person. This digital convenience is particularly crucial for elderly or disabled individuals who may have difficulty traveling to an SSA office or navigating complex forms.

A Broader Push for Digital Modernization

Carahsoft Adobe eSignatures Modernizing Document Processing Blog Embedded Image 2024

The adoption of eSignatures is just one component of a broader push for digital modernization within the SSA. This transformation aligns with the federal government’s broader initiatives, led by the Office of Management and Budget (OMB), to promote a “digital-first” public service experience.^[³^]

Despite the clear benefits, the road to digital modernization is not without its challenges. One major obstacle is the need for robust cybersecurity measures and compliance. As more processes move online, the SSA must ensure that the sensitive personal data of millions of Americans is protected from cyber threats. Government agencies specifically are recommended to focus on eSignature solutions with the following features:^[⁴^]

Desired level of compliance, such as FedRAMP accreditation
End-to-end advanced encryption
CAC/PIV support.

Furthermore, the integration of eSignatures into the SSA’s workflows also requires the development of user-friendly platforms that can accommodate individuals with varying levels of digital literacy. A core pillar of digital experience is to meet the end user where they are, whether by making documents accessible to all users regardless of disability, or by offering choices to the end user as per their preference, such as the option to eSign from a computer or mobile device.

If these challenges can be successfully navigated, the potential for cost and time savings is astounding. Forms and signatures often entail lengthy processes spanning multiple people, thus time savings for one individual can cascade to every other individual in the process, meaning a better experience for all parties.

Conclusion: The Future of SSA in a Digital World

The SSA’s move toward eSignatures and digital modernization is a significant step forward in the agency’s efforts to improve service delivery and reduce administrative burdens. By reducing the reliance on physical mail and embracing digital tools, the SSA is not only enhancing its operational efficiency but also making it easier for Americans to access the benefits and services they rely on. As the federal government continues to push for digital-first solutions across all agencies, the SSA’s example highlights the importance of embracing new technologies to meet the needs of a modern, tech-savvy population.

Check out this on-demand webinar for more information on this series and how Adobe can support your organization’s digital transformation initiatives.

Sources:

[1] Miller, J. (2024, September 4). SSA leaning into e-signatures as way to cut mountain of mail. Retrieved from Federal News Network: https://federalnewsnetwork.com/it-modernization/2024/09/ssa-leaning-into-e-signatures-as-way-to-cut-mountain-of-mail/

[2] Archives, U. N. (2024, June 20). Transition to a Fully Digital Government: Digital Signatures. Retrieved from Records Express: https://records-express.blogs.archives.gov/2024/06/20/transition-to-a-fully-digital-government-digital-signatures/

[3] Martorana, C. (2024, April 17). Progress Towards Delivering a Digital-First Public Experience. Retrieved from White House: https://www.whitehouse.gov/omb/briefing-room/2024/04/17/progress-towards-delivering-a-digital-first-public-experience/

[4] Hajarnis, S. (2024, June 27). Choosing an eSignature Solution? Here’s what government agencies should look for. Retrieved from https://www.americancityandcounty.com/2024/06/27/choosing-an-esignature-solution-heres-what-government-agencies-should-look-for/