Keeper Security | August 25, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements.
To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office.
"Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks."
"As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs."
-Steve Jacyna, who leads the Keeper Security team at Carahsoft.
Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life.
The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
About Keeper Security:
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging.
Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM.
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more.
About GuidePoint Security:
GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.
Riverbed | August 24, 2022
More than half the federal government IT employees responding to a recent survey say they are worried their IT systems will struggle to deliver good user experiences as more agency employees return to working in offices instead of remotely, according to a new survey released today by Riverbed® and Swish.
Among survey respondents who are concerned with end-user experience in a hybrid work environment, 52% of those are concerned that their legacy IT architectures and on-premises network infrastructure will struggle with the increased usage of collaboration tools such as Teams and Zoom as workers return to the office, and 44% are concerned that the end user experience on-site won’t be as good as at home. These concerns arise as the concept of “government from anywhere,” whether in an on-site or hybrid capacity, is becoming widely accepted. Of those surveyed, 47% expect hybrid work environments (teleworking 2-4 days a week) to continue for the long-term, while only 30% expect that a majority of employees will return to the office fulltime in the next six months.
The survey of IT employees across the U.S. federal government, from both civilian and defense agencies, was conducted by research firm Market Connections.
Survey respondents also reported that they rely on reactive, manual methods to quantify problems with user, infrastructure, and application experiences. While 100 percent of respondents agree that it is at least somewhat important to measure end user experience and productivity capability, 87% claim their agency is still reactively responding to help desk tickets and 51% rely upon user phone calls as a primary means of quantifying issues.
“These survey findings point to the importance of utilizing proactive monitoring tools that provide complete network visibility to improve the user experience and network performance across an agency’s entire IT environment, As agencies balance their various work environments and collaboration tools, they should seek to implement an observability platform that multiple teams can use to proactively identify and contextually analyze user issues and leverage automation to solve them quickly.”
-Craig McCullough, Senior Vice President of Public Sector for Riverbed.
According to the survey, most agencies surveyed (59%) aren’t effectively measuring the impact of change in their IT environment, and are not examining business transaction productivity in terms of labor cost, latency impact, or rate of success. Issues of user experience and productivity and IT network performance can be successfully addressed by utilizing a single-platform, proactive, monitoring tool that provides end-to-end network visibility. With full visibility, IT and agency leaders can quickly identify, mitigate and resolve issues across a variety of endpoints through one integrated system.
“This is significant because without a single performance platform, agencies don’t have consolidated incident-centric end-to-end context, root cause analysis, or automated response, Unified observability should be at the forefront of agency thinking and we and our partners, like Riverbed, are working to support this mentality shift which will ultimately benefit the government for years to come.”
-Monty Deel, Chief Executive Officer for Swish.
Swish is a provider of technology solutions and engineering services to the U.S. Federal Government with a focus on high-quality outcomes for customers. Experienced and certified engineers research and evaluate the most innovative technologies on the market and then develop full life cycle solution offerings to ensure that customers realize maximum operational value. Since 2006, Swish has delivered high-performance solutions and services to the Federal Government market ensuring that customer’s digital service capabilities, performance and security exceed expectations and requirements. Swish is a Service-Disabled, Veteran-Owned and HUBZone certified Small Business.
Riverbed is the only company with the collective richness of telemetry from network to app to end user, that illuminates and then accelerates every interaction, so organizations can deliver a seamless digital experience and drive enterprise performance. Riverbed offers two industry-leading portfolios: Alluvio by Riverbed, a differentiated Unified Observability portfolio that unifies data, insights, and actions across IT, so customers can deliver seamless, secure digital experiences; and Riverbed Acceleration, providing fast, agile, secure acceleration of any app, over any network, to users anywhere. Together with our thousands of partners, and market-leading customers globally – including 95% of the FORTUNE 100 –, we empower every click, every digital experience.
StateRAMP | September 21, 2022
StateRAMP announces its growing list of governments working with StateRAMP to validate their third-party suppliers' cyber security posture who use or offer cloud products to deliver services.
The growing list of participating governments comes on the heels of the National Association of State Procurement Officials (NASPO) recent announcement naming StateRAMP a Strategic Partner. Working together, StateRAMP and NASPO will work to develop educational content and resources for state government.
"With responsibilities for critical infrastructure, vital services, and mass storage of confidential and privacy data, government, at all levels, is a prime target for cybercrime, We are thrilled to see all levels of State and Local Government engaging in StateRAMP to improve our collective cyber posture for the citizens we serve."
-J.R. Sloan, President of the StateRAMP Board and Chief Information Officer for the State of Arizona.
Procuring technology tools and services is complicated work, and many organizations have sought to make that process easier for the public sector. By focusing on cybersecurity risk management, StateRAMP addresses a key pain point for state and local public agencies—and the vendors and suppliers that serve them. With a grounding in the reality of state and local government operations—and by building on widely adopted best practices—StateRAMP is exactly the sort of smart innovation that the public sector needs and deserves, said Doug Levin, National Director, K12 Security Information eXchange (K12 SIX).
"We are excited to work with our strategic partners and members to continue toward our mission of promoting best practices in government for managing supplier cloud security, When there is a common problem, there is an opportunity for a shared solution. In cloud security, the shared solution is StateRAMP for all levels of government and the vendors who serve them."
-Leah McGrath, Executive Director, StateRAMP.
StateRAMP is a nonprofit organization that launched in early 2021 and brings state and local governments together with the suppliers who serve them to recognize best practices in cloud security and provides a standardized approach to cloud cybersecurity verification.
StateRAMP provides state and local governments assurance that the suppliers they are working with meet the minimum cybersecurity standards through independent audits and ongoing continuous monitoring. StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve. StateRAMP maintains an Authorized Product List (APL) which lists products that have achieved a security status and those products going through the process.
About K12 Security Information eXchange (K12 SIX):
The K12 Security Information eXchange (K12 SIX) offers cybersecurity resilience to keep students learning and school districts operating.
EMERGING TECHNOLOGY,GOVERNMENT FINANCE
Inca Digital | September 26, 2022
The Defense Advanced Research Projects Agency (DARPA) has awarded Inca Digital's government contracting division, Inca Digital Federal, a Phase II Small Business Innovation Research (SBIR) contract to research advanced methods for analyzing activity related to financial applications of distributed ledgers in a project called: "Mapping the Impact of Digital Financial Assets".
The aim of the SBIR is to understand and visualize how digital assets implicate national security.
"Digital asset markets hold amazing promise, but also contend with money laundering, market manipulation, and state actors that may pose risks to U.S. national security, Given the increasing prevalence of digital assets, the Department of Defense and other federal agencies need to have better tools to understand how digital assets operate and how to leverage their jurisdictional authority over digital asset markets globally."
-Adam Zarazinski, CEO of Inca Digital.
As a result of this SBIR, Inca Digital Federal will develop a first-of-its-kind cryptocurrency ecosystem mapping tool for analyzing cross-market crypto-financial data and risk.
The data analytics from Inca Digital will allow both the United States government and commercial companies to:
Perform cross-market, crypto-financial mapping and analysis
Understand relationships between digital asset firms and non-digital asset entities
Identify how cryptocurrency may affect traditional financial systems and vice-versa
Provide insight into the use of blockchain-based technologies linked to money laundering, terrorist financing, and sanctions evasions across systems (e.g., fiat-to-exchange, exchange-to-blockchain, and cross-blockchain transactions)
Better understand money flows in and out of blockchain systems
Identify where recipients of cryptocurrency can exchange it for local fiat currency, or goods and services, globally
Understand how cryptocurrencies are used in different U.S. government/Department of Defense areas of responsibility
This research is being developed by funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
About Inca Digital:
Inca Digital and its government contracting entity, Inca Digital Federal, analyze data across crypto markets, blockchains, and news and social media to deliver comprehensive intelligence to the financial institutions, technology firms and government entities that are shaping the digital asset space.