Agencies increasingly rely on Software-as-a-Service (SaaS) platforms such as Salesforce for mission-critical functions, which offers them numerous benefits including flexibility, reducing upfront IT resource costs and delegating upgrades and patches to the provider. Using Salesforce does not remove the agencies’ responsibility for cybersecurity, however, and SaaS applications face their own risks, including misconfigurations, poor access...

Ever since the issuance of Executive Order 14028, issued in May 2021 to improve cybersecurity across the entire government by implementing a zero trust architecture, federal agencies have been hard at work to meet the requirement. Then, in October 2023 – less than 18 months later – a new executive order, 14110, was released on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” These are...

Federal agencies have been ordered to move toward zero trust architectures with alacrity, through Executive Order 14028 on improving cybersecurity and the Office of Management and Budget’s two memoranda, M-22-09 on meeting zero trust cybersecurity principles, and M-21-31 on improving investigative and remediation capabilities following cyber breaches. The Department of Homeland Security observed in its Zero Trust Implementation Strategy...

Generative artificial intelligence (genAI) has arrived with the force of a tsunami across the federal government. In October, Executive Order 14110 on the safe, secure, and trustworthy development and use of AI established the broad outlines for how agencies should evaluate and implement their AI use cases. Now the Office of Management and Budget has issued a memorandum directing agencies to institute governance and risk management processes g...

Successful federal modernization requires an artful blend of people, process, and technology—with a relentless focus on enabling business transformation. A “digital playbook” can provide a comprehensive guide to the process, describing both overarching strategy and tactical approaches. Using a templatized technology strategy can boost mission outcomes while humanizing data-driven modernization and leveraging artificial intell...

Mobile devices are a way of life today – including for government agencies. They are ubiquitous, and many agencies have embraced a bring-your-own-device (BYOD) policy that allows employees to use their own. But they have become a rapidly growing target for bad actors – so much so that BYOD could mean “bring your own danger.” For example, in February, SC Magazine reported a phishing campaign targeting the Federal Communi...

As agencies increasingly migrate their workloads to the cloud, it is crucial to understand the implications and benefits of writing natively to the cloud, which enables organizations to optimize their data protection strategies, streamline operations, and enhance overall security. “Writing natively” is about building, deploying and managing software apps in the cloud computing environment. Taking this approach makes it possible to...

Federal departments and agencies are making headway in meeting the requirements of Executive Order 14028, issued in May 2021, to strengthen their cybersecurity by implementing a zero trust architecture. To date, many agencies have made progress in areas like identity management and secure access. But the journey toward achieving a zero trust environment is different for every department. The challenges that civilian agencies must overcome are...

It has become clear over the past several years that maintaining U.S. election integrity is not just a single agency’s responsibility. Conducting fair and accurate elections is the responsibility of each state and territory. Meanwhile, nation-states, partisans, and scammers can interfere with voter information, try to cast doubt on election outcomes, and spread disinformation across social media, to name just a few. The Office of the Dir...