ISG | September 16, 2022
State and municipal governments in the U.S., many still burdened by legacy systems and processes, are working with service providers to secure new cloud-based IT architectures amid major technology transitions, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm.
The 2022 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector finds that governments and associated public organizations know they need to quickly overhaul both IT and cybersecurity to meet growing demand for remote work and online services to constituents. Most favor wholesale migration to cloud architectures and modern cybersecurity tools, but they need to overcome long-established procurement practices to succeed.
“Legacy platforms and processes have held many agencies back from offering better services and becoming more efficient, The new, more holistic approach to technology also extends to cybersecurity.”
-Nathan Frey, partner, ISG Public Sector.
The COVID-19 pandemic has intensified challenges governments in the U.S. have faced for decades, the report says. Lockdowns and work-from-home requirements forced agencies to offer more services online while ramping up IT support for suddenly remote workers. At the same time, a long-term exodus of older employees accelerated, making it even harder for organizations to catch up.
These factors have triggered a wave of IT modernization in the U.S. public sector, including projects to update IT security systems, especially identity and access management (IAM) and data loss/leakage prevention (DLP), ISG says. Advanced IAM systems let agencies offer more workers and constituents secure access to systems, while DLP provides better control of what data users can access in those systems and how they can use the data.
“Public agencies want more sophisticated security tools, with proper integration, so they can offer better services without increasing risk, Qualified service providers with public-sector experience are helping at every stage of the process.”
-Jan Erik Aase, partner and global leader, ISG Provider Lens Research.
More state and local governments are seeking technical security services for integration and implementation and engaging with managed security service providers for ongoing operations, ISG says. Some governments are also turning to strategic security service providers for help in developing an overall security vision spanning all departments and functions, often for the first time.
The 2022 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector evaluates the capabilities of 61 providers across five quadrants: Identity and Access Management (IAM); Data Leakage /Loss Prevention (DLP) and Data Security; Technical Security Services; Strategic Security Services, and Managed Security Services.
The report names IBM as a Leader in all five quadrants and Atos as a Leader in four quadrants. It names Accenture, Capgemini, Deloitte, EY and Infosys as Leaders in three quadrants each. Broadcom, Unisys and Verizon are named as Leaders in two quadrants each. ManageEngine, Microsoft, Okta, Palo Alto Networks, Proofpoint, RSA, Trend Micro, Varonis, Wipro and Zscaler are named as Leaders in one quadrant each.
About ISG Provider Lens™ Research:
The ISG Provider Lens™ Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future.
ISG (Information Services Group) (Nasdaq: III) is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data.
StateRAMP | September 21, 2022
StateRAMP announces its growing list of governments working with StateRAMP to validate their third-party suppliers' cyber security posture who use or offer cloud products to deliver services.
The growing list of participating governments comes on the heels of the National Association of State Procurement Officials (NASPO) recent announcement naming StateRAMP a Strategic Partner. Working together, StateRAMP and NASPO will work to develop educational content and resources for state government.
"With responsibilities for critical infrastructure, vital services, and mass storage of confidential and privacy data, government, at all levels, is a prime target for cybercrime, We are thrilled to see all levels of State and Local Government engaging in StateRAMP to improve our collective cyber posture for the citizens we serve."
-J.R. Sloan, President of the StateRAMP Board and Chief Information Officer for the State of Arizona.
Procuring technology tools and services is complicated work, and many organizations have sought to make that process easier for the public sector. By focusing on cybersecurity risk management, StateRAMP addresses a key pain point for state and local public agencies—and the vendors and suppliers that serve them. With a grounding in the reality of state and local government operations—and by building on widely adopted best practices—StateRAMP is exactly the sort of smart innovation that the public sector needs and deserves, said Doug Levin, National Director, K12 Security Information eXchange (K12 SIX).
"We are excited to work with our strategic partners and members to continue toward our mission of promoting best practices in government for managing supplier cloud security, When there is a common problem, there is an opportunity for a shared solution. In cloud security, the shared solution is StateRAMP for all levels of government and the vendors who serve them."
-Leah McGrath, Executive Director, StateRAMP.
StateRAMP is a nonprofit organization that launched in early 2021 and brings state and local governments together with the suppliers who serve them to recognize best practices in cloud security and provides a standardized approach to cloud cybersecurity verification.
StateRAMP provides state and local governments assurance that the suppliers they are working with meet the minimum cybersecurity standards through independent audits and ongoing continuous monitoring. StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve. StateRAMP maintains an Authorized Product List (APL) which lists products that have achieved a security status and those products going through the process.
About K12 Security Information eXchange (K12 SIX):
The K12 Security Information eXchange (K12 SIX) offers cybersecurity resilience to keep students learning and school districts operating.
EMERGING TECHNOLOGY,GOVERNMENT BUSINESS
KRAKEN ROBOTICS | September 13, 2022
Kraken Robotics Inc. (TSX-V: PNG, OTCQB: KRKNF), Canada’s Ocean Company, is pleased to announce that after successful completion of an Innovative Solutions Canada (ISC) Testing Stream contract with the Royal Canadian Navy earlier this year, Kraken has been among the first Canadian companies qualified to sell its innovation directly to the Government of Canada without further competition. This qualification for Kraken’s OceanVision™ solution is under Canada’s new Pathway to Commercialization framework1 initiated by ISC. While this approval does not have a value in of itself, direct purchases can be up to $8 million per contract and are available to all government departments.
“Over the past year, Kraken has had significant interest in its technologies and services from various Canadian Government departments and agencies. We are excited to be able to offer the OceanVision service via ISC’s new PTC program to be an avenue for these departments and agencies to avail of our needed and innovative solutions. Potential applications of the OceanVision service could include habitat mapping and monitoring of Marine Protected Areas (MPAs), high resolution seabed mapping for augmenting Route Survey applications in Port and Harbour Security, or even shipwreck search and survey for marine archaeological requirements. We see significant potential for this service here in Canada.”
-Karl Kenny, Kraken President and CEO.
About Kraken’s OceanVision Service:
Kraken’s OceanVision service provides off the shelf, turnkey ultra-high resolution Synthetic Aperture Sonar (SAS) seabed imagery and bathymetry at an affordable price, delivering higher resolution, range, and area coverage rates (ACR). The increased range, resolution and associated higher ACR of SAS over traditional Side Scan Sonar and Multibeam Sonar systems significantly expands the capabilities of military, scientific, and commercial applications. Kraken’s OceanVision is capable of 2 cm x 2 cm Ultra High-Definition imaging at long ranges.
Kraken’s OceanVision Service can provide significant benefits to government agencies, offering access to cutting edge technology “as needed”, without concern for equipment obsolescence, life cycle costs, or operator skill fade. As it relates specifically to the Government of Canada, Kraken’s OceanVision offers many advantages:
Kraken’s technology greatly enhances image quality and significantly reduces the time of traditional seabed surveys due to its advanced world-leading technology.
OceanVision assets can be deployed to assist in mapping areas of interest ahead of regular operations, with the image quality required to enable change detection and optimize revisit rates. This has the potential to provide the Government of Canada a competitive edge for detecting bottom objects in complex seabeds.
The OceanVision service application can augment existing survey activities while simultaneously supporting nearshore hydrographic mapping and charting requirements on an annual basis with high-definition resolution, freeing up valuable Government assets for other mission critical functions.
OceanVision provides online and offline data analysis capabilities, enabling users to leverage Kraken’s extensive experience in image processing, target detection, and bottom classification.
ABOUT KRAKEN ROBOTICS INC:
Kraken Robotics Inc. (TSX.V:PNG) (OTCQB: KRKNF) is a marine technology company dedicated to the production and sale of software-centric sensors, subsea batteries, and underwater robotic systems. The company is headquartered in Newfoundland with offices in Canada, U.S., Germany, Denmark, and Brazil. In July 2021, Kraken acquired PanGeo Subsea, a leading services company specializing in high-resolution 3D acoustic imaging solutions for the sub-seabed. PanGeo with offices in Canada, the United States and the United Kingdom is now a wholly owned subsidiary of Kraken. Kraken is ranked as a Top 100 marine technology company by Marine Technology Reporter.
Keeper Security | August 25, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements.
To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.
"Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks."
"As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs."
-Steve Jacyna, who leads the Keeper Security team at Carahsoft.
Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life.
The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
About Keeper Security:
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging.
Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more.
About GuidePoint Security:
GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.