EMERGING TECHNOLOGY

Relativity Completes IRAP Assessment, Bringing its Secure Discovery and Investigations Cloud Solution to Australian Government Agencies

Relativity | March 03, 2022

Relativity
Relativity, a global legal and compliance technology company, today announced it has completed the Infosec Registered Assessors Program (IRAP) assessment against 'PROTECTED' controls for its cloud offering, RelativityOne. The assessment supports higher standards for security postures in technology systems used by government agencies in Australia.

Relativity completed its IRAP assessment after an extensive review process conducted by a certified third party. The process is designed to seek out security weaknesses against a comprehensive set of standard controls that support more secure cloud environments for government data classified up to PROTECTED.

"The public sector in Australia is rapidly undergoing digital transformation with exponential adoption of SaaS services. The pivot provides enormous advantages to agencies and the public, however, requires SaaS providers to constantly ensure they are still fit for purpose in the face of the rapidly evolving threat landscape. Completing IRAP assessment reinforces Relativity's commitment to meet the rigorous demands placed on Australian government agencies and is another validation point for the robust security posture that impacts every organisation entrusting their data to RelativityOne."

Georgia Foster, Managing Director at Relativity, APAC

The achievement will support longstanding government agencies and Royal Commissions using Relativity on-premise to reap the benefits of Relativity's end-to-end cloud product, following suit from three major New Zealand regulators who moved to RelativityOne last year.

Built on Microsoft Azure, RelativityOne helps government agencies deal with the particularly complex and unpredictable data that comes from federal litigation and investigations. Globally, Relativity has independently achieved ISO 27001:2013, SOC-2 Type II, and HIPAA compliance. RelativityOne's powerful end-to-end capabilities ensure government agencies can effectively and securely manage their highly sensitive and large data sets, while still able to meet arduous deadlines.

"Relativity has utilised the speed, scale and security of Azure to create RelativityOne, a platform trusted by government departments and Royal Commissions," said Mark Leigh, General Manager, Public Sector, Microsoft ANZ. "The completion of their IRAP assessment demonstrates their commitment to providing solutions which have been independently verified to Australian government customers."

"Our information security, risk and privacy program is a key pillar of our company and an ongoing pledge to our customers," said Amanda Fennell, CSO and CIO at Relativity. "Achieving the IRAP assessment is just another step in ensuring that our customers using RelativityOne are best equipped to tackle the diverse challenges of litigation, investigations and unstructured data requests facing government agencies."

About Relativity 
Relativity makes software to help users organize data, discover the truth and act on it. Its SaaS platform RelativityOne manages large volumes of data and quickly identifies key issues during litigation and internal investigations. The AI-powered communication surveillance platform, Relativity Trace proactively detects regulatory misconduct like insider trading, collusion and other non-compliant behavior. Relativity has more than 300,000 enabled users in 48+ countries serving thousands of organizations globally primarily in legal, financial services and government sectors.

Spotlight

Federal agencies have virtualized 65% of their applications, and are running them in data centers built for physical workloads. That mismatch leaves everyone feeling the pain.


Other News
CYBERSECURITY

Acalvio Autonomous Deception Technology Provides Advanced Cyber Security to The Department of Homeland Security

Acalvio Technologies | April 21, 2022

Acalvio Technologies, the leader in cyber deception, announced that the FedRamp Ready ShadowPlex platform has been added to the Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) Continuous Diagnostics and Mitigation (CDM) Approved Products List (APL). ShadowPlex enables government organizations to execute the three key aspects of adversarial engagement with operational efficiency: Detection: Rapidly detect adversary presence both on-premises and in cloud infrastructure Disruption: Derail and delay attacks Intelligence: Easily gather granular forensics of tactics, techniques, and procedures ShadowPlex leverages novel AI capabilities for both ease of use, by making deception autonomous, and effectiveness, by blending and customizing deception for every subnet and endpoint. Because it doesn’t require agents on production systems, ShadowPlex is low-risk to deploy but also produces high fidelity alerts. The solution was named a finalist in the RSAC Innovation Sandbox. The CISA Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides cybersecurity tools, integration services, and dashboards to participating agencies to help them improve their respective security postures by delivering better visibility and awareness of their networks and defending against cyber adversaries. US Federal Agencies are under increased cyber threats, including state-sponsored cyber-attacks. Advanced Deception Technology is best suited to defeat these attacks. National Security Agency (NSA) article (The Next Wave, 2021) shows that about 78 percent of the attackers are detected by deception technology within 20 minutes of breaching the network. CISA, in the 2022 – 2026 Strategic Technology Roadmap, has specifically recommended deploying deception technologies within the next two years by all Federal and critical infrastructure (CI) stakeholders for Network Security management. Acalvio ShadowPlex provides a powerful new capability to detect and respond to advanced threats, even zero-day attacks. The addition of ShadowPlex to CDM APL makes it easier for Federal agencies to procure and deploy modern deception technology to combat sophisticated adversaries.” Ram Varadarajan, co-founder and CEO of Acalvio Technologies The inclusion in CDM APL adds to the FedRamp Ready status, SOC 2, and NIST 800-171 compliances achieved by Acalvio Technologies. About Acalvio Technologies Acalvio is the global leader in Active Defense solutions to combat cyberattacks. Its breakthrough Autonomous Deception technology is based on over 25 issued patents in Distributed Deception and advanced AI, to enable deployment of Active Defense that is effective, easy to use, and enterprise scale. Acalvio’s Autonomous Deception reduces attacker dwell time through early detection of advanced threats and increases Security Operations Center efficiency by utilizing sophisticated investigation and active threat-hunting capabilities. The Silicon Valley-based company’s solution serves Fortune 500 enterprises, U.S. government agencies, and marquee MSSPs.

Read More

CYBERSECURITY

Defense Acquisition University's Chris Newborn Selected as SynED's May National CyberHero for Boosting Defense Contractors' Cyber Defense Systems

SynED | May 30, 2022

SynED, a national non-profit organization that identifies emerging best practices for effective articulation between employers, job seekers, and education providers, announced that Christopher Newborn, recently retired Professor of Information Technology (Cybersecurity Emphasis) at Defense Acquisition University (DAU), is this month's CyberHero. Chris's decades of experience and approach to his work positioned him to be an outstanding advocate for the protection of sensitive information in the U.S. Defense Industrial Base supply chain, the nation's private sector defense contractors. He worked with the acquisition workforce and Defense Industrial Base professionals who are responsible for acquiring, deploying, and maintaining cybersecurity capabilities and defending critical networks, systems, and data. While at DAU, Chris provided critical support to the California Advanced Supply Chain Analysis and Diversification Effort (CASCADE and CASCADE II), established by the California Governor's Office of Planning and Research to bolster California's defense supply chain cybersecurity resilience. Chris and I worked together on the CASCADE program, and he was incredibly helpful in demonstrating the challenges that defense suppliers face in meeting requirements and finding cybersecurity workers. His duty to country and helping others really shines through. I have no doubt that his 'retirement' will just mean he's starting a new chapter in his service to others and national security." Liz Fraumann, Director and Senior Project Manager at synED CASCADE has spurred projects that support business assistance programs and the growth of the cybersecurity workforce through cybersecurity-related education curricula, training, and apprenticeship programs. Chris takes a hands-on, real-world approach to his work. "I always say, I'm not necessarily a professor, I'm a consultant," Mr. Newborn shared. "The reason I say that is, I will take things in a real world scenario and put it to how it applies to you, so you can come up with efficient and effective methods to counter the threat, or at least come up with trade-offs." The U.S. government has responded to increasing threats to classified and unclassified information by issuing statutory and regulatory policies and procedures. However, these cybersecurity guidelines and requirements have proven to be challenging for businesses to properly implement and execute. "We have done a great job when we classify information as secret and above, we have great processes and procedures in place," added Mr. Newborn. "The problem is, when Controlled Unclassified Information (CUI) and other unclassified information is accumulated over a period of time, this information, when aggregated, can provide enough information to our foreign adversaries and competitors to get a leg-up." The Defense Industrial Base supply chain is complex and layered, with prime contractors, subcontractors, vendors and manufacturers, with a wide spectrum of size, experience and capabilities at every level. "[Our adversaries are] not just after our prime contractors and sub-contractors, they're after our manufacturers and vendors," added Mr. Newborn said. Many contractors, manufacturers, and vendors are small to medium-sized businesses that have limited staff and resources to meet ever-changing cybersecurity guidelines and requirements. To help mitigate these challenges, the government has sponsored training to help them better understand the statutory and regulatory requirements. While at DAU, Chris supported conferences and conducted workshops with Defense Industrial Base partners. With another DAU professor, Dr. Paul Shaw, Chris developed training content and supported multilateral "bootcamps" on acquisition topics, bringing in government employees, vendors, and academia to illuminate common issues and find solutions. Laura Rodgers, Senior Manager for Cyber Compliance at the North Carolina Military Business Center, said Chris brings a unique perspective that can't be found anywhere else. "He puts some structure on this nebulous thing called cybersecurity, and then he's got the technical chops to help too. He's been very helpful to the North Carolina defense industrial base and we've benefitted greatly from his expertise and insight." After meeting Laura on a webinar presentation, Chris offered to attend a weekly class put on by Laura so he can answer questions from her students. He attends each week and stays on late to answer questions. "There are just not many out there who are that committed to national security," added Ms. Rodgers. Chris graduated from Atlanta's Morehouse College in 1982, a historically Black men's liberal arts college. That year, Chris joined General Dynamics, where he worked on early electrification efforts for the M1 Abrams tank and the development of the Bradley Fighting Vehicle. While working at General Dynamics in Detroit, Chris joined the Navy, where he received valuable training and education that furthered his career. He remained in the U.S. Navy Reserve from 1984 to 1990. During Operations Desert Shield/Desert Storm, Chris was at the Tank Automotive Command where he oversaw all the secondary spare parts for the Army. Chris was the most senior person of color, having been promoted quickly to GS-14, the second-highest civilian Federal government employee ranking. "I may not have a uniform on, but if I do my job to the best of my ability as an acquisition professional, giving the tools to the warfighter, then they have a chance of doing their duty and going home safely to their families," Chris said of his work during Operation Desert Storm. "That is my motto, and that is what I've been following ever since." Chris was appointed to the Army's civilian staff at the Pentagon, where he worked on acquisition management from the government side. He says his time working at the Pentagon and living in the Washington, DC area was a career highlight. In 1997, Chris joined the Space and Naval Warfare Systems Command (SPAWAR)'s Cybersecurity and Program Management Office, just as the military command was transitioning from Crystal City, Virginia, to San Diego. His duty was to procure and manage cyber capabilities for the program offices at SPAWAR, becoming both a subject matter expert and an acquisition manager. Then, after 30 years in government, Chris moved to DAU to pass on his knowledge. "I look at myself as a conduit of information, almost like a router. That is why I always come back and say, 'Sometimes you have to be that subject matter expert, sometimes you have to be the facilitator, and sometimes you just have to take notes." After 37 years with the Department of Defense, Chris officially retired in April 2022 and recently moved to North Carolina. Chris plans to return to DAU as a part-time Intermittent Professor to complete his work on a curriculum for cybersecurity requirements in the Defense Industrial Base. There is no one better placed to strengthen cybersecurity in the Defense acquisitions supply chain and workforce. He also hopes to be a bridge between the East and West Coasts' military businesses. In his spare time, he and his wife Agnes plan to volunteer with the local public school district to support teachers. About SynED CyberHero's Series SynED's CyberHero's series is a monthly column published nationally that highlights individuals who quietly go above and beyond in helping to secure our nation and communities by developing cyber talent. SynED is a national non-profit that identifies and highlights emerging best practices for effective articulation between employers, job seekers, and education providers. SynED is the proud recipient of the 2021 Association for Career & Technical Education Business-Education Partnership Award.

Read More

GOVERNMENT BUSINESS

Cybersecurity GovCon Leader OneZero Solutions Selects Unanet for ERP

Unanet | January 06, 2022

Unanet, the leading provider of project-based ERP for the government contractor (GovCon) industry, announced today that OneZero Solutions, a cybersecurity powerhouse, has selected Unanet ERP GovCon to help it better integrate its project management system, and support the in-depth, detailed reporting required by government agencies. OneZero started in Cybersecurity Operations, but has grown its array of offerings to include Enterprise IT Managed Services, Full-Stack Development, and Data Analytics in its three short years in existence. This growth exposed the need for a more comprehensive ERP system, especially for payroll, accounting and financial management of labor and projects. "Our government contracts need more in-depth reporting, coding, and details than our payroll software can provide. "We need the ability to run reports that meet our federal agency customers' requirements, and to have a system that will continue to grow and scale with us." Veronica Williams, OneZero's director of corporate operations Once implemented, Unanet will give OneZero a variety of benefits it needs to succeed in the growing cybersecurity and GovCon industries. Those include: Simplicity in making salary and pay adjustments Specialized reporting and views of different billing rates by project and staffer Improved integration and ease-of-use for accounting partners Elimination of cumbersome and unreliable spreadsheets across the business. Many emerging companies like OneZero select Unanet GovCon ERP because it has the right mix of functionality and accessibility, while also offering the ability to scale and grow seamlessly. About Unanet Unanet is a leading provider of project-based ERP and CRM solutions purpose-built for Government Contractors, architecture, engineering, construction, and professional services. More than 3,400 project-driven organizations depend on Unanet to turn their information into actionable insights, drive better decision-making, and accelerate business growth. All backed by a people-centered team invested in the success of your projects, people, and financials.

Read More

EMERGING TECHNOLOGY

Credo AI Announces the World's First Responsible AI Governance Platform

Credo AI | April 27, 2022

Credo AI, the company behind the world's first comprehensive and contextual governance solution for AI, announced the availability of its Responsible AI Platform, a SaaS-product that empowers organizations with tools to standardize and scale their approach to Responsible AI. While standards, benchmarks, and clear regulatory regulations are still emerging, many organizations are struggling to put their AI principles into practice and determine what "good" looks like for their AI systems. Credo AI's Responsible AI platform helps companies operationalize Responsible AI by providing context-driven AI risk and compliance assessment wherever they are in their AI journey. Credo AI helps cross-functional teams align on Responsible AI requirements for fairness, performance, transparency, privacy, security and more based on business and regulatory context by selecting from out-of-the-box, use-case-driven Policy guardrails. Moreover, the platform makes it easy for teams to evaluate whether their AI use cases are meeting those requirements through technical assessments of ML models, datasets and interrogation of development processes. The platform, which was built on cross-industry learnings in both regulated and unregulated spaces, is complemented by Credo AI Lens, Credo AI's open source assessment framework that makes comprehensive Responsible AI assessment more structured and interpretable for organizations of all sizes. The release of Credo AI's Responsible AI Platform also includes the following features: Seamless assessment integrations: Credo AI ingests programmatic model and dataset assessments from Credo AI Lens and automatically translates them into risk scores across identified AI risk areas such as fairness, performance, privacy, and security Multi-stakeholder alignment: Credo AI brings together product, data science, and oversight teams to align on the right governance requirements based on business and regulatory context Tunable risk-based oversight: Credo AI allows teams to fine-tune the level of human-in-the-loop governance needed based on the use case risk level Out-of-the-Box Regulatory readiness: Credo AI provides gap analysis across out-of-the-box guardrails that operationalize industry standards, as well as existing and upcoming regulations Assurance and attestation: Credo AI serves as a central repository for governance evidence automates creation of critical governance artifacts, including audit trails of decision provenance, Model and AI Use Case Cards, and attested AI risk and compliance reports AI Vendor Risk Management: Credo AI also makes it easy for organizations to assess the AI risk and compliance of third party AI/ML products and models via a dedicated vendor risk assessment portal Credo AI aims to be a sherpa for enterprises in their Responsible AI initiatives to bring oversight and accountability to Artificial intelligence, and define what good looks like for their AI framework. We've pioneered a context-centric, comprehensive, and continuous solution to deliver Responsible AI. Enterprises must align on Responsible AI requirements across diverse stakeholders in technology and oversight functions, and take deliberate steps to demonstrate action on those goals and take responsibility for the outcomes." Navrina Singh, founder and CEO of Credo AI Multiple AI government regulations are on the horizon, including the European Union's Artificial Intelligence Act (AIA), and New York City's bill that states that AI employment decision tools need to be audited for bias before January 1, 2023. Organizations need to responsibly leverage or build their AI governance framework in anticipation of these and other evolving government regulations. To date, AI Governance has been manual, unscalable, and incapable of providing the oversight needed to prevent AI from behaving in unintended ways. This leaves enterprises exposed to extreme risk and operational overhead, creating a desire for a new solution. Credo AI's Responsible AI Platform is the first AI Governance platform that creates accountability structures throughout the AI lifecycle, from data acquisition to model deployment. With Credo AI, governance enables organizations to deploy AI systems faster while managing risk exposure. Credo AI Lens Credo AI Lens is an open-source Responsible AI (RAI) assessment framework. It provides a single entrypoint to a curated ecosystem of assessments developed by Credo AI and the broader open-source community. Lens covers diverse AI risk areas including fairness, security, performance, transparency and others, which can be assessed on many model and dataset types. In addition, Lens is extensible, and easily augmented with custom modules derived from other tools or proprietary code. By standardizing AI assessment, Lens makes it easy for ML practitioners to integrate RAI assessment of models and datasets into their existing workflow, and accelerates the time to productionize new solutions. When paired with the Responsible AI governance platform, Lens assessments are translated into an actionable form understandable by diverse stakeholders, making the development of AI systems a more collaborative process. With Credo AI, organizations are able to better understand and troubleshoot potential governance blindspots within their AI applications, ML models, dataset, and processes. Existing customers have access to the available version and full list of features of Credo AI Responsible AI Governance. About Credo AI Founded in 2020, Credo AI is a venture-backed company on a mission to empower organizations to deliver Responsible AI (RAI) at scale. Credo AI brings context-driven governance and risk assessment to ensure compliant, fair, transparent and auditable development and use of AI. Credo AI's Intelligent SaaS platform empowers enterprises to measure, monitor and manage AI introduced risks at scale. Credo AI enables organizations to create AI with the highest ethical standards, so that they are able to capture its tremendous benefits while mitigating unintended negative consequences. Credo AI customers include one of the largest cloud providers, a Fortune 500 Global financial services and one of the largest defense contractors among other Global 2000s.

Read More