SLED 101 Series – Technology Solves Problems

By Rachel Eckert, SLED market intelligence manager

In our last installment we walked through the IT budget process to help you focus your sales efforts more strategically and develop more targeted account lists.

This, our fourth installment, will dive into what technologies states and localities will be buying with their IT budgets and how vitally important the role of citizen is to driving adoption.

Despite some uncertainty in IT spending, state, local and education organizations are still looking for technology solutions. The ongoing pandemic caused major shifts, not only to working environments, but in how SLED organizations provided citizen services. With an inability to provide in-person services, SLED organizations needed to rapidly deploy digital and online services, forcing many states to re-evaluate their IT suites.

Cybersecurity is a constant

Even during a time rapid changes, there is still one constant when it comes to states, counties and cities — cybersecurity. With the rise in ransomware attacks over the last several years, several states have made the shift to a “whole-of-state” approach, which I wrote about in a recent blog. This means the state and all of the jurisdictions in the state work together to develop a plan for a coordinated response during an incident.

Read more of this post

How the federal government is working to secure our energy infrastructure

By Jessica Parks, market intelligence analyst

In a previous blog post, immixGroup Supplier Manager Derek Giarratana elaborated on the constant threat of ransomware and how the public sector can address it. Ransomware is one of the significant threats facing American energy infrastructure, as the Colonial pipeline incident has shown.

Federal agencies such as the Department of Energy are spearheading efforts to tackle not just ransomware, but other cyber threats that can jeopardize the safe functioning of energy delivery systems.

Here are three of DOE’s top priorities for securing energy infrastructure:

(1) Monitoring and analytics

Monitoring the grid (the entire network of generators involved in delivering power) and making sense of the data they produce is crucial. Many of the national labs under DOE are working to improve current processes. Labs such as Lawrence Livermore National Lab, the National Energy Technology Laboratory and Oak Ridge National Lab have been particularly active in developing solutions to automate grid monitoring, applying predictive analytics to anticipate future cyber events and modeling complex grid infrastructures.

Read more of this post

The importance of data monitoring and Zero Trust in battling ransomware

By Derek Giarratana, supplier manager

Ransomware is real and security threats continue to evolve, with new ones emerging daily. At times, organizations can feel that they won’t fall victim to ransomware, but now is not the time to ignore the facts. In 2019, it was reported that ransomware attacks were up by 41 percent, and in 2020 with the pandemic at the forefront, it was predicted that an attack occurred every 11 seconds.

In addition to the sheer volume of attacks, today’s ransomware and malware are also gaining in sophistication. Using random extensions and file names, the latest threats are making detection using blocked list solutions difficult and, in many cases, completely ineffective.

Every time an attack occurs, it takes significant time and money to remediate. Recovery time takes, on average, at least 16 days, and 67% of organizations that have been hit by an attack have lost all or part of their data. This is particularly problematic for public sector organizations that are faced with strict compliance requirements such as HIPPA, GDPR, CIPA, and CJIS.

Read more of this post

Hidden data opportunities in the Air Force FY22 budget

By Lloyd McCoy, senior market intelligence manager

There are IT opportunities with the Air Force in FY22 that are not apparent at first glance. If your organization handles data hosting, analysis and security, you need to look deeper.

FY22 funding will likely see roughly flat to 2% growth for the Air Force’s budget. As with FY21, which had a total budget of about $8B for IT, the largest concentration of IT dollars next year will go to support command and control and logistics.

Remember, however, that these numbers do not represent the total addressable market for IT. That’s especially true within the R&D portion of the Air Force budget, which emphasizes AI, machine learning systems and unmanned systems, as well as establishing a defendable space posture. There are IT dollars to be spent in those areas even if they may not be counted within a specific IT program.

Let’s look at two of these hidden opportunities.

(1) Leveraging data as a strategic asset

The Air Force wants to evolve the role played by data in everything they do – particularly in the area of predictive analytics. The service wants to find ways to use AI and machine learning for things like maintenance, creating savings to be reallocated elsewhere. Predictive analytics also can be applied to military maneuvers, intelligence, surveillance and reconnaissance systems.

Read more of this post

SLED 101 Series – Understanding the IT Budget

By Rachel Eckert, SLED Market Intelligence Manager

In our last installment we walked through the budget process to help you target your customers at the right time. In this, our third installment of our SLED 101 series, we focus on IT budget distribution, state-by-state spending and the importance of engaging with the right stakeholders. This information can help you focus your sales efforts more strategically and develop more targeted account lists.

Let’s start by looking at the pie chart below with a breakdown of IT spending by jurisdiction type or level of SLED government.

IT budget distribution

For 2021, IT spending in SLED will be just north of $100B. Spending proportions and ranges will vary for each state and or local government, however, almost 40% of that spending will be done by state governments. Higher Ed, Special Districts, K-12 School Districts and Cities all sit around, 12–15% each.

To give a bit more context to the SLED spending estimate, let’s look at a heatmap of estimated IT spending by state. You can use this heatmap in conjunction with the pie chart to segment your territory even further.

State-by-state spending

States like California, Texas, Florida and New York all have large IT budgets, making them prime targets for opportunity development. That doesn’t mean that states like Montana or North Dakota with smaller IT budgets do not have any IT opportunities, but that those IT opportunities will likely be smaller in scope.

Read more of this post

Top 3 Cloud Security Priorities in the Federal Government

By Jessica Parks, Market Intelligence Analyst

The last year of teleworking has caused an uptick in hybrid and multi-cloud environments, due to the flexibility, scalability and cost efficiencies that these environments offer dispersed teams. As federal agencies look to their futures within these increasingly complex environments, you can bet security is top of mind. When talking with your customers about how you can help provide peace of mind, keep in mind they are likely prioritizing one (or all!) of the following:

1) Baking security into products during the development process

As more federal software development teams embrace DevOps and DevSecOps, they recognize that developing applications on cloud platforms can further shorten timelines for spinning up new solutions. With this recognition comes an increased focus on baking security into these solutions during the development process.

Read more of this post

A Data-Centric Approach to Zero Trust for Public Sector

By Derek Giarratana, Supplier Manager

An organization’s data is its most important and valuable asset. This is especially true as organizations continue to move towards data-driven approaches to deliver on their missions and are more actively putting that data to work — and in remote locations no less. This means the need to protect data and maintain its accuracy and integrity is paramount.

In this series, we will explore each of these facets of data security and how it applies to IT challenges currently faced in the public sector. This first installment examines Zero Trust and how a data-centric approach addresses some of the hurdles with which public sector IT leaders struggle.

What is Zero Trust?

Aptly named, a Zero Trust approach assumes nothing internal or external to an organization’s perimeters can be trusted and should, therefore, require additional verification for access. The level of sophistication needed to meet the expectations and requirements of public sector data security lends itself to a Zero Trust model, which prompts data security experts to assess and manage data at the most granular level. With this approach in mind, data security experts are taking a fine-tooth comb to their data and paying close attention to their data management environment.

Read more of this post

What is CMMC?

By Jeff Ellinport, Division Counsel

Although CMMC has been around for more than a year, it never hurts to review what it is and why those who sell into DOD and the rest of the federal government should care.

CMMC stands for Cybersecurity Maturity Model Certification and is a new certification process to measure a company’s ability to protect sensitive government data. It is a unified standard for implementing cybersecurity across the defense industrial base. CMMC is a way for DOD — and soon after, probably civilian agencies as well — to address intellectual property theft, cybercrime and national security threats of the type evidenced by the recent SolarWinds attack.

Once fully implemented, CMMC will be an acquisition foundation, required for almost every contractor transacting business with the U.S. government.

CMMC Maturity Levels

CMMC has five maturity levels, with basic cybersecurity hygiene at a Level 1 to very robust requirements at a Level 5. These certification levels reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels build upon each other’s technical requirements such that each level requires compliance with the lower-level requirements and then implementation and documentation of additional processes employing more rigorous cybersecurity practices.

Read more of this post

StateRAMP: An Outgrowth of FedRAMP for SLED

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

Read more of this post

Changes in FITARA 11.0: How You Can Help Agencies Improve Their Scorecards

This past December, GAO made changes to the FITARA scorecard. By tracking these changes, you can help your agency customers improve their FITARA grades and meet mission goals. (Click here to review the latest scorecard.)

The next agency self-reporting period comes in April, with scorecards due in May. Agencies are being pushed to better use IT to meet FITARA objectives, such as cybersecurity and modernizing government technology.

So what does that mean for FITARA compliance? From a flyover perspective, first, the new administration is likely to look more closely at transformation in its policy priorities. Next, the FITARA scorecards will retire categories that have had across-the-board success, and shift focus to the next area that needs improvement.

Here are some of the expected shifts.

Read more of this post
%d bloggers like this: