As supply chains become more digital, global, and complex, businesses are under growing pressure to modernize the way they connect, communicate, and operate.

Two of the most critical technologies enabling this transformation are Electronic Data Interchange (EDI) and Application Programming Interfaces (APIs). While both are used to exchange data between systems and partners, they work in fundamentally different ways—and understanding when and how to use each is key to building a future-ready supply chain. 

In this blog, we’ll break down EDI vs. API, explaining their differences, and why EDI remains vital despite the rise of modern APIs. And, explore how combining the two can give your business the flexibility, speed, and scalability needed to thrive in today’s dynamic environment. 

What is the difference between EDI and API? 

Electronic Data Interchange (EDI) and Application Programming Interfaces (APIs) are both methods of exchanging business data, but they serve different purposes and operate differently. 

EDI (Electronic Data Interchange) is a standardized method for exchanging structured business documents like invoices or purchase orders in batches—ideal for high-volume, stable transactions. 

APIs (Application Programming Interfaces) enable real-time, flexible data sharing between systems, suited for dynamic tasks like live shipment tracking or inventory checks. 

Understanding EDI vs. API is essential because each serves a distinct role. EDI excels at handling high-volume, standardized transactions, while APIs enable real-time, flexible data exchange.  

By understanding their strengths, businesses can strategically use both to create a connected, agile supply chain that balances stability with speed and adaptability. This hybrid approach ensures seamless integration across partners, systems, and workflows. 

EDI simplifies key transactions 

EDI enables fast, structured, and automated data exchange between trading partners, which simplifies key transactions, such as sending orders, giving notice of deliveries, confirming receipt of deliveries, booking transport, sending invoices, among others.  

EDI is understood globally and follows recognized formats, such as EDIFACT, ANSI X12 for seamless data exchange. It’s secure and efficient at handling large volumes of data transactions, but it can be complex and costly to set up the initial configuration and trading partner mappings, especially for smaller companies.  

Despite being trusted and used for decades, for years now, many believed that EDI would be phased out and replaced by Application Programming Interfaces (APIs). However, given its value in delivering structured, error-free data exchange in an increasingly complex global marketplace, EDI usage continues.  

Companies around the world, from suppliers and logistics providers to retailers and manufacturers, rely on an EDI strategy to exchange critical business documents securely, quickly, and in a standardized format. 

APIs enable instant data exchange 

APIs allow instant data exchange without waiting for batch processing and offer integration flexibility with a wide range of systems, such as CRMs, ERPs, analytics tools, and other cloud-based applications within your digital ecosystem. However, where EDI is all about standardization, API formats vary, requiring custom integrations with each partner, which can be costly and time-consuming in multi-partner environments.  

Many businesses use APIs to communicate between disparate systems within their system chain. Since APIs provide real-time data exchange, this can improve supply chain transparency and visibility.  

And, APIs connect to e-commerce platforms and support the integration of analytics tools, allowing businesses to gain insights into performance metrics and adapt to changing conditions.  

The importance of a strategy that connects EDI and API   

The supply chain workforce is changing. Some professionals are retiring, others joining don’t know much about EDI and want to go forward with API-first strategies.  

There are also business challenges, like rising costs, but fewer resources, supply chain disruptions, and technology innovation initiatives, and more. Given these factors, it's less about EDI vs. API, and more about taking a “best of both worlds” approach, which sets you up for success.  

Rather than replace EDI, integrate it with APIs, other cloud platforms, and AI/ML, so you can enhance automation and flexibility within your digital ecosystem. This connected approach will reduce costs in the long term, improve operations despite possible disruptions and workforce changes, and ensure compliance with global standards.  

With a connected strategy, you can bridge the gap between bulk transaction support and real-time data exchange, making it easier to handle high-volume processes and dynamic, immediate updates needed to keep the flow of business going.  

You can more easily integrate with ERP systems, such as Microsoft Dynamics, Oracle NetSuite, Oracle Fusion, and SAP S/4HANA, that are already in place instead of ripping and replacing to make new technology fit with legacy technology. 

How to get started with EDI and API integration 

Every day you try to keep operations running smoothly, find ways to innovate and drive efficiencies, reduce costs, and simplify your supply chain. But you are asked to do this with limited resources and budget, making it hard to keep up with the speed of technology.  

When managing all these connections and the information attached to them, it's important to think long-term, not just one year at a time. You need solutions that evolve with you and continuously add new capabilities to assist you as your business grows. 

You don’t have to go it alone. There are several solutions out there, but what you need is a partner and a solution that will take the time to understand your digital ecosystem, so everything is done right from the start.  

Here are questions to ask when selecting an EDI and B2B integration solution and partner:  

• Knowledge and Know-How: Can they ensure a successful implementation—on time and on budget? 

• Automated Workflows: Can they help you find ways to reduce manual tasks and errors and increase productivity? 

• Enhanced Visibility: Does the solution – as built out of the box - enable access up-to-date information for better decision-making, gaining insights into your supply chain operations? 

• Cost Reduction: Will the solution reduce long-term costs, including total cost of ownership (TCO), and avoid hidden implementation fees? 

• Compliance: Can they ensure adherence to industry standards and regulations? 

• Ongoing Support: Will you receive regular customer support, including help with data validation and mappings from onboarding through implementation and after go-live? 

EDI and APIs: How OpenText can help 

OpenText Business Network supports both EDI and API-based integration—allowing businesses to connect with all partners, regardless of their technology maturity. This hybrid approach ensures end-to-end visibility, flexibility, and scalability across your digital supply chain. 

OpenText's B2B Integration solutions create a unified environment connecting your ERP system (Microsoft Dynamics 365, Oracle NetSuite, Oracle Fusion, SAP S/4HANA, etc.) with EDI and APIs in one digital ecosystem. 

OpenText offers pre-built ERP EDI-to-API adapters on a modern, scalable B2B platform and VAN—enabling faster deployment without requiring deep EDI expertise. 

Our trusted, flexible solutions let businesses connect once to everything. With our expertise, you'll streamline supply chain operations and build a foundation for innovations like AI/ML that maximizes your business data value. 

Ready to get started? Learn more about OpenText’s Easy EDI integration. 

The post EDI vs. API: Why both still matter in a modern supply chain appeared first on OpenText Blogs.

Artificial intelligence promises to bring a new era of productivity and efficiency to government services and activities. Agencies across the US Federal government have been investigating, planning and implementing AI-based systems that take advantage of advances such as large language models, generative AI, and novel uses of machine learning. The new administration has begun discussing an “AI-first” strategy to streamline government services and decision-making.  A new Request for Information from the National Science Foundation “requests input from all interested parties on the Development of an Artificial Intelligence (AI) Action Plan.” This action plan will likely result in recommendations on various topics, including applications of AI in government and public services, cybersecurity, data privacy, and the effective and practical requirements for information governance as the action plan takes shape.

Over the last year, US government departments and agencies have been planning and developing innovative AI use cases. Each agency has published use case inventories. For example, AI use cases are under development at NARA, the Department of Homeland Security, the Department of Health and Human Services, and the General Services Administration. The variety and scope of these AI use cases are also vast. 

Central to successfully implementing AI is the need for great content management and, with it, content-aware AI systems that can safely and securely deliver trusted machine learning and generative AI capabilities. When combining these elements with AI governance principles, IT and business analysts can be assured that they build on a strong foundation to deliver AI-first productivity and efficiency within each agency.

High-impact opportunities for AI in government

Within each agency AI use case inventory, some common use cases stand out:

• Intelligent document capture and workflow processing. AI can evaluate incoming documents, images, and faxes to recognize text and handwriting, extract metadata, classify content for downstream processing and apply security policy. This can help streamline thousands of individual government processes. 
• Case, contract, and project management applications. Invariably, even highly predictable processes such as law enforcement or legal case management, contract and project management involve large volumes of complex, unstructured documents. Generative AI search and summarization can help users navigate to essential documents quickly and answer questions in minutes, potentially saving hours of difficult document review and research. Moreover, when combined with a content management system, the everyday management of information organizes and governs the content; it also facilitates AI context, significantly improving the accuracy, trustworthiness, and security of AI within the workforce.
• Research. Research databases invariably provide text and field searching. However, this sometimes requires users to review dozens or potentially hundreds of documents to find the correct answer. Generative AI that can connect to many different research repositories can consolidate the search process and help speed the research and citation process. AI systems can also provide additional classification and scoring capabilities to evaluate research effectiveness and validity.
• Human resources and recruiting efforts. Human resources processes involve large volumes of unstructured and semi-structured content. Generative AI can help to compress workloads when dealing with applicant pools or querying for expertise or field experience within the department.
• Freedom of Information Act support. Responding to a FOIA request can be time-consuming and expensive for an agency. Moreover, assuring coverage of complex topics across multiple repositories can complicate the process. AI systems that can access numerous repositories using AI-trained natural language processing (NLP) and provide content labeling and redaction can help streamline these processes and facilitate FOIA responses efficiently.

Use cases that test limits

Some use cases test the limits of traditional AI and machine-learning systems. This is especially true when dealing with complex file formats or rich media. AI systems need to establish secure access to information, the ability to work with many different file formats, and appropriate AI for that media.  As an example, some use cases that would test the limits of more traditional systems include:

• Speech-to-text transcription and speaker recognition.  The ability to turn speech into text accurately, translate it to a common user language, and identify the speaker is called out in several inventories.
• Machine vision and object detection. Various use cases require the ability to detect objects and conditions from video feeds. Surveillance cameras, weather cameras, and other video feeds can provide valuable source data, but reviewing the content can be laborious and error-prone without AI. AI can speed up these detection and review tasks and even increase accuracy.
• CAD and Engineering management. CAD drawings are used for knowledge management, reference, and research applications. Content management that can handle engineering use cases and incorporates generative AI can help identify drawings for collaboration and reference and quickly cite the actual drawings.  

OpenText™ Knowledge Discovery is the foundation of a comprehensive AI strategy

OpenText™ Knowledge Discovery provides a complete solution for addressing complex or large-scale AI use cases for government agencies. With powerful, built-in full-text search, a generative AI-based natural language interface, and visualizations illuminating your data's hidden relationships, it is the perfect tool for ad hoc search and more directed Q&A applications.

AI content management helps organizations and agencies understand their content and achieve productivity by identifying content quickly, labeling and protecting it, and intelligently putting it to work.

Some of its many capabilities include:

• Real-time categorization and machine-trainable classification can instantly group and direct content to key processes. 
• Review, workflow, and redaction capabilities help facilitate collaborative review of vast content stores, label content, initiate workflows and secure and protect content.
• Metadata enrichment can identify sensitive or privacy-related information to apply critical access controls and security labels.
• Rich media AI allows agencies to generate audio transcriptions and translations, identify speakers, and provide facial and object recognition in images and video.

Notably, OpenText Knowledge Discovery can connect to existing content repositories (over 160 out of the box) and process over 2,000 file formats. With over 20 years and dozens of patents, OpenText Knowledge Discovery is a comprehensive, secure and scalable solution for addressing AI-first government.  

By integrating great content management with generative AI and machine learning technologies, hundreds of high-value, highly productive AI use cases can be quickly implemented. Use cases in various domains, such as case management, research, human resources, and more, showcase AI's transformative potential to improve government efficiency and productivity while remaining safe and secure. By leveraging advanced AI capabilities, organizations can streamline complex processes, manage vast amounts of unstructured data, and improve decision-making.

The post AI-first government productivity and efficiency appeared first on OpenText Blogs.

When you have the world’s richest man, who has used automation and AI to upend the electric vehicle, commercial space and social media industries, set his sights on government, it’s safe to say public sector 2025 will move in new and unexpected directions. The combination of the Department of Government Efficiency (DOGE) and AI is set to fuel more change in government than we’ve seen in decades. The impact is likely to resonate throughout the globe.

Here's an overview of the trends I predict will most impact the public sector in 2025.

Generative AI will play a key role in modernizing legacy applications and reducing government’s technical debt

DOGE sent out a Dec. 9 tweet on X referencing a 2023 Government Accountability Office report: “The Federal government spends 80% of its annual $100 billion IT budget on maintaining outdated systems. Not only are older systems more expensive to maintain, but they are also more vulnerable to hackers.” This is an indication that the low simmer of public sector technical debt is poised to elevate to a full boil next year. With the right focus and wise deployment of GenAI tools, governments around the world will take a huge bite out of its technical debt next year.

Think of the traditional process of modernizing legacy government applications as hoisting a massive ship out of the ocean and methodically chipping away at the barnacles with a single chisel. If you wanted to go faster, you had to hire more scrapers. With GenAI being trained to generate translated code from, say, COBOL to a more modern programming language, you can effectively aim a power washer at the barnacles and blast most of them off the ship’s hull. Then the chiselers can deal with the ones left behind. 

Outsiders will take a swing at government reform

The last time a true outsider made a serious impact around how the U.S. government operates was the Grace Commission, created by President Reagan in 1982 and led by retired chemical company CEO Peter Grace. The signature achievement of that commission was coming up with the idea for BRAC, a foolproof way to close military bases (in a group, without singling out a single base). We will see in 2025 how effective DOGE will be in discovering ways to cut government spending, but early returns show that its voice is considerable. Both parties in Congress have expressed openness to new ideas from DOGE, and a series of tweets by Elon Musk was enough to force modifications to a stopgap spending bill right before Christmas break.

Other global governments have taken an outsider approach and have seen considerable success. Australia’s New South Wales public sector app was developed the same way a startup would introduce new features – transparently and iteratively, with a feverish view of its audience overriding all internal bureaucratic inertia. The results were impressive – huge majorities of the population have downloaded the app and shared positive feedback.

Expect to see DOGE effectively serve as a feeder into the Office of Management and Budget throughout 2025, directing federal agencies to speed up and expand AI deployments and modernization efforts. With success will come imitation, and other western governments will be watching closely to apply lessons learned.

Information silos will melt away, boosting government productivity

According to a 2024 survey by the Global Government Forum, 91% of public sector workers say their organization faces a productivity challenge. A major reason for productivity issues revolves around availability of data. When a government employee has to spend much of her day trying to locate important information just to get her work done, results are low productivity and lower morale.

The key to unlocking higher government productivity is applying AI and technology to bridge different information silos throughout agencies. This isn’t rocket science; it’s not trying to connect a tax subsidy office with a health care benefit system running on different networks in different government agencies. This is simply making sure a departmental employee has access to all the information needed, no matter where the storage system may be on that same network. In other words, searching across databases from SAP, Microsoft Teams, Salesforce and a shared drive. AI-fueled enterprise search is helping Spanish public broadcaster RTVE realize productivity gains by reducing search times by 90%; expect this trend to take off in 2025.

Public sector will swap psychobilly Cadillacs with software bundling, giving agencies an edge with interoperability, reduced costs, and time to benefits

With budgetary pressures facing public sector organizations from all directions, there are some common-sense approaches that have not been pursued. First, department-wide licensing agreements should be standardized for cost efficiencies. Second, public sector contracting officials will look at companies that offer multiple solutions and create contracting vehicles that provide government maximum latitude. By bundling multiple software products to address various needs of a government agency, there are cost savings, easier integrations and much higher customer value.

The traditional way of software purchasing is one piece at a time. Reasons for this is efficacy; it’s easier to win a budget argument for a component part with a lower price tag. But the results of this approach can best be described as Frankenstein software, or a mish-mash of parts akin to the psychobilly Cadillac from the Johnny Cash classic “One Piece at a Time.” (“it’s a ‘49, ‘50, ‘51, ‘52, ‘53, ‘54, ‘55, ‘56, ’57, ’58, ‘59 automobile”). Unlike the Cash car, which was free, the traditional software purchasing approach costs governments multitudes more than making a strategic purchase of bundled software – i.e., buying a car already assembled.

International information-sharing becomes a focal point for digital communications and cybersecurity

Contrary to popular belief, AUKUS is more than a submarine purchasing deal. The trilateral security agreement was signed three years ago to strengthen the defense and security of Australia, the United Kingdom and the United States. With conflicts continuing in Ukraine and the Middle East and additional threats looming elsewhere, AUKUS and “Five Eyes,” its intelligence community complement which also includes Canada and New Zealand, are more important than ever.

The ability to share information among these allied defense and intelligence agencies is paramount, but remains a concern. Different systems, policies and standards continue to get in the way of real-time, secure collaboration. Creating trusted international information-sharing platforms will be a key driver for 2025 and could provide a blueprint for peace.

Agentic AI makes its debut in support of citizen experience

Gartner predicts that 33% of enterprise software will use agentic AI by 2028, making this one of the highest-growth trends in technology. Government will continue to prioritize a human in the loop when it comes to AI decision-making, but there are naturally decisions that won’t require a human to make – these will be handled by agentic AI.

One of the most complex issues that government face is supply chains for defense, health and emergency supplies. Each supplier must be analyzed against multiple variables including cost, quality, speed, dependability, source materials, cyber threat, and carbon footprint. In a future state, an intelligent AI agent could select a supply chain vendor from an approved list by weighing all the risks and benefits faster and more thoroughly than government personnel could.

Alternatively, some government transactions are so high-volume and predictable that agentic AI will ultimately be able to administer without oversight. For example, if AI can sufficiently verify that a driver’s license renewal request is legitimate and poses negligible risk, what is the argument to inserting a human to process that request?

Level up this 2025 with OpenText

Learn more about how Public Sector solutions from OpenText can help your organization.

The post DOGE and psychobilly Cadillacs will make next year a rollercoaster appeared first on OpenText Blogs.

We are excited to announce that OpenText™︎ has been recognized as a Customers' Choice vendor for 2024 in the Application Security Testing category on Gartner® Peer Insights™.  

This distinction is a recognition of vendors based on feedback and ratings from 48 verified end users of our products as of July, 2024. Over the past 12 months, AST reviewers on average rated OpenText a 4.6 out of 5 for its Fortify application security solutions. We are honored to receive this distinction, since it comes from customers — the people we’re here to serve. 

Click HERE to get the 2024 Gartner® Peer Insights™ ‘Voice of the Customer’ report 

“Vendors placed in the upper-right quadrant of the “Voice of the Customer” graphic are recognized with the Gartner Peer Insights Customers’ Choice distinction, denoted with a Customers’ Choice badge. The recognized vendors meet or exceed both the market average Overall Experience and the market average User Interest and Adoption.” 

Here are some comments from customers that contributed to this distinction: 

• “As a senior software consultant who has used many static analysis tools in past years, I can confidently say that fortify SCA stands out as the best-in-class solution.” – Senior Consultant, IT Services (link to review) 

• “I have nothing but positive things to say about the overall experience." – Software Developer, Transportation (link to review) 

• “Using Fortify on Demand has been simple for our application security program. The platform is incredibly simple to use and very user friendly. It covers all our needs like DAST and mobile pen testing. The best part is that all our team developers are using them. " – Technical Architect, Banking (link to review)  

• “I am really happy with the service, the customer success team is really helpful and understanding, the UI is very user friendly, the turn around time is always reasonable.” – Principle Software Engineer, Energy & Utilities (link to review)  

• “Fortify SCA is one of the best SAST tool in the market. Be it in use of deployment, UI for audit or quality of findings and report, it excels everywhere. It has integrations to all the major DevOps and IDEs which helps us in planning our Shift Left approach in a more standardized way." – Engineering Manager, IT Services (link to review)  

Incorporating feedback from tools like Gartner’s Voice of the Customer (VoC) report into your decision-making process is critical for making strategic investments in application security. Downloading the (VoC) report provides access to a comprehensive, transparent source of customer feedback and insights that can make a significant difference in your selection process. These peer reviews will empower your organization to choose AST solutions that not only align with your technical requirements but also meet your support expectations, budget, and long-term security goals. 

With high customer satisfaction, an easy-to-navigate platform, and best-in-class support, OpenText’s suite of Application Security solutions continue to deliver the protection your organization needs, to secure your digital environment with confidence.  

In addition to the synthesis provided by the “Voice of the Customer,” you can explore what your peers are saying, and see firsthand why OpenText has been a leader in the Gartner Magic Quadrant for Application Security Testing for 10 years in a row. Read all of OpenText’s individual reviews and ratings for Fortify Static Code Analyzer, Fortify on Demand and Fortify WebInspect, on Gartner Peer Insights by clicking here.  

The post OpenText recognized as a 2024 Customers’ Choice for Application Security Testing on Gartner ® Peer Insights™︎ appeared first on OpenText Blogs.

Organizations need to develop applications in a fast and agile way. Security is essential, but lengthy manual security reviews are an unacceptable bottleneck. Application security testing solutions like Fortify address this by automating the security review process. 

Once the security testing is automated, a second bottleneck emerges: Humans must still review and act on the test results. Source code must be changed to remediate the security problems. Ideally, this task should also be automated. This idea is called auto-remediation and is currently a hot topic in the AppSec industry.  

Fortify has an auto-remediation solution. The Fortify Security Assistant plugin for IntelliJ performs highly reliable auto-remediation for 13 impactful vulnerability categories and is available for all Fortify SAST customers. However, auto-remediation is not a simple panacea and has many potential pitfalls even with current state-of-the-art technology. In this blog, we explain why. 

The specific case of SQL injection 

SQL injection is arguably the single most famous AppSec vulnerability category and has been at the center of attention since the beginning of the century. SQL injection flaws are typically caused by a SQL statement being created by concatenating fixed parts and user input. The best way to prevent SQL injection is to replace the concatenation with a “prepared statement.”  The user input will then be handled as parameters, making SQL injection impossible. 

Fortify’s Security Assistant can do this rewriting, thus auto-remediating a SQL injection vulnerability. Other vendors in the auto-remediation space can also do this. If you search for their demo videos, it seems that everybody loves to demo this particular case!  

Why would that be? Is that just because of the category’s fame? No. There are a few other reasons why we all love to demo this one for auto-remediation:  

• There’s consensus on the best practice remediation strategy (prepared statements). 
• This remediation strategy almost always works. 
• The remediation requires a non-trivial amount of editing, showing the value of auto-remediation. 
• The remediation process can easily be expressed in a series of structural operations on the source code. It does not need any true AI. (Although it may be marketed like that, of course.) 

There’s nothing wrong with picking a nice demo case to illustrate what a tool can do. However, it raises the question of how representative this case is of vulnerabilities in general. 

There certainly are some categories that resemble SQL injection in the abovementioned aspects. For example, XML Entity Expansion caused by an insecurely configured XML parser needs to be fixed by setting the parser features. So again, this is a great case for auto-remediation. But let’s have a look at some other ones. 

When auto-remediation breaks down 

Let’s look at some vulnerability categories that are problematic for auto-remediation. 

Cross-Site Scripting 

Most modern web frameworks prevent Cross-Site Scripting (XSS) by default. Content is escaped during rendering; for example, “<script>” becomes “&lt;script;&rt;” which prevents XSS in an HTML context. XSS can still occur if the developer explicitly requests rendering without this escaping. Some frameworks are very clear about the associated danger. In React, the attribute needed to do this is called “dangerouslySetInnerHTML.” 

An AppSec tool can easily detect that this is being used, and an auto-remediation tool can easily change it back to a safe version. This will make for a nice demo, but is it valuable? 

Probably not. The developer typing “dangerouslySetInnerHTML” almost certainly had a reason for doing so. Somehow, the functionality of the web page requires that content containing HTML be rendered at that point. Is that a good idea? Is it safe? It all depends. A case like this requires careful review and, if there is a security problem, a specific solution. Blindly changing this to something an AppSec tool considers secure will probably just break the application. 

Weak Cryptography 

Many old cryptographic algorithms are no longer considered secure. For example, MD5 hashes are insecure and should probably be replaced by SHA-2 hashes, and AES should replace DES symmetric encryption. 

Since the algorithm to be used is usually a parameter of a generic crypto API, it is easy to detect weak cryptographic algorithms and auto-remediate the finding by changing them to a secure alternative. But again: Is this valuable? 

It would work in rare cases (e.g., an application encrypting ephemeral data for its own use, e.g., in a session cookie). Even then, the time saved relative to manual remediation is minimal, of course. 

In most cases, it’s pointless. Cryptography is normally used on persistent and/or shared data. Changing a crypto algorithm in one place without considering data migration or the effects on 3^rd parties doesn’t work. An auto-remediation tool will never do the heavy lifting here. 

Hardcoded Secrets 

Secrets (keys, passwords) stored directly in source code are a common security problem. AppSec tools can detect these. Is auto-remediation useful for this case? 

Of course, it’s not difficult for an auto-remediation algorithm to remove the secret from the source code. But doing so alone will just break the application. It needs to be replaced by a secure way to obtain the secrets.  

Unfortunately, no single approach always works. Getting a secret from an environment variable (as suggested by the Twelve-Factor App) is great for a microservice running on Kubernetes, but it’s horrible advice if the secret is a password and the application is running on a PC. Many organizations have specific policies or systems for storing secrets; remediation should follow that. But the auto-remediation tool won’t know. 

There’s another problem: Even when we remove the secret from the source code, the original secret is compromised (and still present in the repository history). True remediation requires an additional effort: changing the secret on relevant systems. 

The value of auto-remediation for hardcoded secrets is extremely limited. 

Any many other ones… 

Above, we covered three cases in some detail, but there are many more categories where auto-remediation has little to offer. Anything that needs to be fixed by input validation is problematic, both because there are many different architectures to implement validation and because the correct allow-list will not be known by the tool. This becomes a problem when remediating issues like open redirect and path traversal.  

In reality, even the SQL injection is problematic. Most developers know about prepared statements. But they have certain limits. For example, the name of a SQL table can’t be a prepared statement parameter. If developers create a SQL statement by concatenation, it’s often because they are dealing with a case like this.  

How to shred the security backlog 

Auto-remediation is an important technology that helps practitioners quickly act on AppSec testing results. However, as demonstrated above, its scope, or the percentage of cases where it will truly work, is inherently limited. Therefore, it is not a silver bullet to eliminate the human bottleneck and shred the security backlog. 

What would an ideal tool to shred the security backlog look like? Let’s outline some key principles. 

Combine auditing and remediation 

AppSec tools always produce a certain amount of noise, a.k.a. “false positives.” These findings don’t require an associated remediation, so we should never automatically remediate all findings from an AppSec tool. First, we need to do auditing to determine whether the findings are correct. If we accelerate remediation but keep auditing as-is, we still have a major bottleneck in our process, so we’ll need to accelerate that as well. 

Note that the auditing and remediation tasks overlap greatly. For both, we need to obtain an in-depth understanding of what’s going on in the application beyond the data and standard descriptions produced by the AppSec tool. If we have done that work for auditing, it should be fed into the remediation process to avoid double work. 

So, for multiple reasons, it makes sense to consider auditing and remediation simultaneously.  

Support the developer 

We have seen that complete automation only works in a few cases. In most cases, we still need the developer. This means that our focus should be on making the developer’s work as easy as possible. 

Strong AppSec tools provide a lot of useful information, including vulnerability descriptions and flow diagrams, all linked to the source code, combined with (generic) remediation advice. Nevertheless, understanding this and drawing the right conclusions is much work, even for an expert. 

Using generative AI, we make this task much easier. Generative AI can consider the evidence gathered by an AppSec tool, together with the actual source code, and then annotate the tool findings with its analysis. Acting as a developer companion, it makes the tool findings much easier to digest. 

If there is an obvious fix to remediate the issue, the AI can add this to the finding. But if we’re dealing with one of those cases where it’s not obvious, the AI can still provide suggestions on performing remediation – something that’s hard to imagine when doing auto-remediation directly on the source code. 

Even in cases where auto-remediation is an option, keeping the developer engaged is a good thing. The active participation and ownership of the change will improve their skills and make it less likely that this issue will surface again. 

Enter Fortify Aviator 

We recently launched Fortify Aviator, a new tool for auditing and remediation that follows the principles just described. 

Powered by an advanced large language model (LLM), Fortify Aviator can truly reason about the findings produced by Fortify SAST. It first performs auditing, determining whether the issue must be fixed or not (suppressing the latter). It also adds a comment to the issue explaining its decision. If the issue must be fixed, remediation advice is also included in this comment. It is concrete and ready to copy-paste when possible; it is more directional when needed. 

The information added by Fortify Aviator spectacularly boosts developer productivity. And since the information is added to the issue itself, it is available everywhere: the Fortify web interface, IDEs, Audit Workbench, generated issue tracker tickets, generated reports, etc. Any developer workflow is supported. 

Auto-remediation is useful for certain cases, and we’ll continue to support it. However, we believe it’s the Fortify Aviator approach that will allow our customers to shred their entire backlog. 

The post Auto-remediation: the future of AppSec? appeared first on OpenText Blogs.

Public sector agencies across federal, state, and local governments want to deliver reliable and secure services to their employees, contractors, citizens, and other fellow agencies.  Because such agencies may be the target from multiple threat actors and have access to sensitive data, they have stringent security requirements.  To that end, the US government implemented the Federal Risk and Authorization Management Program (FedRAMP®) to help assure cloud services and products being used by federal agencies are secure.   Following the federal government’s leadership, many state and local governments have also implemented similar regulations and requirements, most of which are met when a cloud service or product achieves FedRAMP Authorization.

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP®) is a government-wide program that standardizes the security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. FedRAMP authorization provides assurance to federal agencies that the cloud services they use meet hundreds of security standards, thereby helping to protect sensitive government data from cyber threats and unauthorized access.

Why is FedRAMP authorization important?

Cloud Service Offerings (CSO) that achieve FedRAMP authorization can be implemented by government agencies with confidence. FedRAMP authorization offers several benefits for government agencies:

• Enhanced Security: FedRAMP ensures that cloud services meet stringent security standards, protecting sensitive government data from cyber threats and unauthorized access.
• Streamlined Procurement: FedRAMP authorization streamlines the process of procuring cloud services by providing a standardized framework for security assessment and authorization, reducing duplication of efforts and saving time and resources.
• Cost Savings: By leveraging FedRAMP-authorized cloud services, government agencies can realize cost savings through reduced infrastructure and maintenance costs, as well as by avoiding the need for individual security assessments.
• Facilitate Collaboration: By adhering to common security standards, FedRAMP promotes interoperability among government agencies and facilitates seamless data sharing and collaboration. This enhances efficiency, communication, and decision-making across different departments and agencies.
• Compliance Assurance: FedRAMP authorization provides assurance that cloud services comply with federal security and privacy regulations, helping government agencies meet their legal and regulatory obligations.

OpenText™, the leader in information management, is one of the few companies that offers a wide range of FedRAMP authorized cloud services and products to meet the diverse information management needs of federal, state, and local government agencies.  From delivering reliable services to managing assets, from knowing what’s in your IT environment and how it is configured to managing projects to completion, from securely developing applications to delivering safe websites, and from securely storing content and documents to delivering engaging citizens and employee experiences, OpenText has a FedRAMP authorized solution.  Here is a quick overview of all the OpenText solutions currently authorized.

IT Management Platform

OpenText provides the most complete and integrated Information Management platform, allowing companies to organize, integrate and protect data and content as it flows through business processes inside and outside the organization. The OpenText IT Management Platform (ITMX) available in the FedRAMP Marketplace offers Service & Asset Management (ITSM, ITAM), Universal Discovery & CMDB, and Project & Portfolio Management (PPM) in AWS GovCloud.

IT Service Management (ITSM) – Empower users with a modern self-service experience and boost IT efficiency with codeless configurations, built-in AI, and advanced automation with Service Management Automation X (SMAX).

• Deliver modern IT services: Take productivity and service experiences to new heights with codeless configs, ITIL best-practice templates, and AI-powered work options.
• Extend services beyond IT: Apply ITSM principles and capabilities to business functions like HR, R&D, facilities, finance, and marketing.
• Built-in AI and automation: Accelerate incident resolution, problem identification, and change management with fast CI detection and advanced analytics.

IT Asset Management (ITAM) – Govern your IT assets across their lifecycles. Procurement, financial, vendor, and contract management processes are included in one centralized platform with Asset Management X (AMX).

• Manage assets end to end: Oversee all aspects of your hardware assets by combining contract, financial, and carbon footprint information in a single tool.
• Deliver greater asset value on budget: Streamline management of your hardware assets across their lifecycle—reducing costs, optimizing ROI, and making better decisions about budget spend.
• Simplify procurement complexity: Create vendor catalogs for approved purchase options and easily enter received assets into inventory or track against service tickets.

Discovery and CMDB – Discover, map, and manage your hybrid IT configurations—on cloud or off. Service dependency mapping and proactive impact analysis improve your IT visibility and reduce service disruptions with Universal Discovery and CMDB.

• Achieve true IT visibility: Get a clear understanding of the all the hardware and software running in your complex IT environment and how it is configured.
• Understand service delivery: Knowing how your infrastructure delivers business critical applications and services is a must for effective change and configuration management.
• Improve change metrics: Change is constant in IT, but before you or a service agent makes one, you should see how it’s going to affect your service delivery.

Project and Portfolio Management (PPM) – Drive agency value through comprehensive strategic portfolio management and investment optimization, while ensuring projects are on time, in budget and satisfy goals. A strong workflow engine and what-if analysis scenario planning power this strategic portfolio and project management tool.

• Strategically manage your portfolio: Monitor with smart KPIs and take advantage of what-if-scenarios to determine the right mix of deliverables versus investments.
• Embrace agency Agile: PPM integrates with the most popular Agile tools, including ALM Octane, Agile Manager, CA Rally, Jira, VersionOne, and more.
• Accelerate project delivery: Plan projects and set up workflows to gather approvals and track project status.

Fortify on Demand

OpenText Fortify on Demand (FoD) for US Public Sector, available in the FedRAMP Marketplace, performs security assessments of application code and web site/web services testing without any software to install or manage. Static Code Scanning of code such as Java, .NET and other major programming languages for security defects are performed in the FoD System at the code layer followed by an audit review by an OpenText Fortify Static auditor. Dynamic Web Site and Web Services testing use OpenText Fortify's WebInspect software as the scan engine, followed by a review from an OpenText Fortify Dynamic tester.

• Enable comprehensive security testing: Leverage a wide range of security testing techniques, including SAST, DAST, and MAST.
• Scale to any AppSec need: Manage a few applications or thousands with a solution that can scale to meet any needs, regardless of the agency’s or entity’s size.
• Detect the latest vulnerabilities: Regularly update rule packs with the latest vulnerabilities to ensure scan results are audited and false positives are removed.

Cloud for Government

Available on the FedRAMP Marketplace, OpenText Cloud for Government is a secure, scalable, cloud environment designed for the unique requirements of FedRAMP compliance. US federal agencies and entities requiring FedRAMP certification can use OpenText Cloud for Government to enable their digital transformation and cloud first initiatives as they move Information Management workloads to the cloud. The following OpenText applications are delivered as a service designed with a FedRAMP moderate level security control framework: 

Content Management for Government – These tools allow agencies to manage public sector records with compliant government document management.  Content Management for Government links the digital workplace and applications that power ERP, HCM, BPM and CRM agency processes to drive operational excellence and govern unstructured content.

• Eliminate paper: Digitize record keeping and processes with eFile and eCase electronic record keeping and case management for a modern, digital administration.
• Strengthen compliance and consistency: Adhere to governmental guidance and standards for electronic record keeping with a defined file plan aligned to DoD certified records management.
• Improve process efficiency and speed: Streamline content related processes and collaboration within and across agencies for more back-office efficiency and better citizen service.

Process Automation for Government - Low-code development platform for building engaging process automation and dynamic case management applications. Fully integrated with Content Management for Government, Process Automation for Government helps re-engineer agency processes around citizen, employee, contractor, and fellow agency needs to deliver seamless digital experiences and adapt to changing expectations while improving efficiency and managing risk.

• Speed application development: Create applications quickly and at a lower cost with low-code, drag-and-drop modeling, reusable building blocks and accelerators.
• Deliver streamlined, intuitive user experiences: Successfully deliver a dynamic, relevant customer experience with smart, content-rich applications designed for modern work.
• Integrate enterprise information: Seamlessly connect and orchestrate information flows across lead applications and other systems from within business applications.

Without a doubt, OpenText can help government agencies and entities achieve their mission-critical objectives while being responsible stewards of their budgets.  These FedRAMP authorized solutions, along with our other public sector solutions, are helping government agencies across the globe deliver better information management and experiences to their citizens, employees, and contractors!

The post FedRAMP® Authorized: OpenText Solutions Help Government Agencies Achieve Mission-Critical Objectives appeared first on OpenText Blogs.

Given the critical nature of cybersecurity for industry sectors such as defense, healthcare, finance, and government, ensuring SIEM data sovereignty has never been more crucial. These organizations must balance the advantages of cloud-based SIEMs with the need for strict internal security controls. The urgency intensifies when existing on-prem SIEM solutions approach end-of-life due to vendor acquisition, threatening the continuity of their customized, heavily invested cybersecurity infrastructure. 

 Balancing risk vs. control

While SaaS solutions offer benefits like reduced management costs, increased update frequency and OpEx flexibility, they are also not without significant risks. SaaS-based SIEMs rely on shared cloud infrastructure and third-party security practices, increasing the risk of data interception and leakage, including supply chain attacks. Their reliance on internet connectivity also makes them vulnerable to DDoS attacks. Additionally, compliance and data residency requirements such as GDPR, CCPA, HIPAA, and FedRAMP are not met when data is stored outside local regulatory jurisdictions. 

For organizations that prioritize deep control over security, data sovereignty, and compliance—especially for classified information, medical records, or PCI data—on-prem SIEM solutions offer a more secure and appealing option. 

But aren’t on-prem SIEMs a relic of the past? 

The data suggests otherwise. According to IDC's December 2023 Security Analytics TAM report, the total addressable market for on-prem SIEM/Security Analytics in EMEA is expected to grow from $2.008 billion in 2022 to $2.111 billion by 2027. Moreover, Grand View Research highlights that the on-prem SIEM segment is projected to expand at a compound annual growth rate (CAGR) of 12.8% from 2023 to 2030. This growth is driven by on-prem SIEMs’ ability to offer complete control over data, especially historical data for forensic purposes, and critical administrative functions such as disaster recovery. 

Why choose ArcSight for your on-prem SIEM? 

For organizations that prioritize security, governance, and data sovereignty, ArcSight on-prem is a smart choice. Here are the key reasons why: 

• Proven track record of maturity: In 2025, ArcSight will celebrate its 25th anniversary. Founded on May 3, 2000, the company launched its first product in 2002 and was recognized as a visionary in Gartner's 2003 ‘IT Security Management Magic Quadrant,’ where there were no leaders at that time. 
• Leading real-time correlation engine: ArcSight’s real-time correlation engine is highly customizable, with an extensive range of fields, functions, categories, enabling organizations to detect and respond to threats as they happen, rather than relying on scheduled searches. 
• Extensive connector support: ArcSight provides over 400 pre-built connectors for seamless integration across diverse security domains, including anti-virus, databases, cloud environments, mail servers, operating systems, firewalls, IDS/IPS, identity security, network management, and threat intelligence. For specialized needs, custom 'flex connectors' can be developed to meet any unique monitoring requirements. 
• SOAR integration as a complimentary add-on: To offset on-prem SIEM maintenance costs, ArcSight includes SOAR capabilities as a complimentary add-on, enhancing ROI. It also offers seamless, customizable integration with third-party solutions, essential for any SOAR platform. 
• Comprehensive MITRE ATT&CK coverage: In a GigaOM evaluation, ArcSight was found to cover 10 out of 10 of the common MITRE ATT&CK techniques.  
• Secure threat intelligence and vulnerability data import: ArcSight on-prem allows the import of threat intelligence and vulnerability data from third-party vendors without cloud exposure. 
• Ease of migration: ArcSight allows easy migration of correlation rules and policies, ensuring minimal disruption and continuity when transitioning from a SIEM with similar correlation technology. 
• Fast and scalable log management platform: ArcSight Recon simplifies log management and compliance with powerful analytics, an intuitive UI and query language, and actionable insights. 
• Guaranteed event handling —even under attack: ArcSight prevents event loss during EPS spikes, even in DDoS attacks, by accommodating short-term bursts beyond the licensed limit without penalty. 

Conclusion 

Despite the shift to SaaS, on-prem SIEMs still play a crucial role, especially in highly regulated or sensitive industries. For organizations that prioritize security, data sovereignty, autonomy, and compliance, ArcSight on-prem offers a mature, reliable, scalable, and highly customizable solution. 

What customers are saying: high praise for ArcSight's performance  

‘The great integration capabilities demonstrated in the ArcSight toolset have allowed us to create an end-to-end SIEM with MITRE ATT&CK compliance and new data sources in ArcSight ESM, additional use cases and reporting with ArcSight SOAR, and enhanced overall security with ArcSight Intelligence.’ Cihan Yuceer, Cyber defence center manager, Turkcell 

‘ESM reveals security events to us that we were never able to detect before. We’re very happy with ESM and confident we can find threats before they compromise our network or disrupt business. ArcSight provides critical insurance against the damage modern cyber-attacks can inflict on an organization.’ Mark Beerends, Head of Security Operations Center, Rabobank 

‘Rather than writing multiple playbooks for each type of potential security threat, we use a single set of branching logic in ArcSight SOAR to help us close 33% of cases without any human involvement.’ Emrecan Batar, Information Security Senior Specialist, Odeabank 

For detailed insights on how OpenText ArcSight can enhance your cybersecurity posture, please refer to the ArcSight Enterprise Security Manager (ESM) data sheet. 

The post Ensuring SIEM data sovereignty: the case for on-prem OpenText ArcSight SIEM appeared first on OpenText Blogs.

Government agencies are making strides on their cloud migration journey, but there is still progress to be made. At OpenText, we are well-situated to help public sector agencies move to the cloud. Our Cloud for Government solution has been listed on the FedRAMP marketplace as fully authorized, providing a low-risk, highly secure content management cloud option for the public sector.

Whether you’re looking to fast-track your cloud adoption or are looking for a starting point on your cloud migration, the cloud can bring significant benefits to government. Here are four use cases for cloud in the public sector.

1. Simplify and improve approval workflows

A United States federal health agency is responsible for regulating the manufacturing, distribution, and marketing of certain over-the-counter, age-restricted drugs. This includes approving new products.

The approval process for new age-restricted products is complex and requires thousands of highly technical and proprietary documents to be exchanged. First, a vendor submits their information to the regulatory agency, and the application goes through comprehensive evaluation by government scientists. Throughout the process, the scientists require the ability to correspond with the vendor to request clarification or additional information as needed.

The federal health agency was looking to implement new cloud-based functionality to simplify and manage this workflow. The agency required complex data models and workflows to be built in under a year—a timeline unprecedented for technology and systems projects in the public sector. With the OpenText Cloud for Government solution, the federal health agency had this functionality up and running within nine months.

With OpenText™ Extended ECM and OpenText™ AppWorks™ the agency was able to quickly deploy a document-centric workflow for electronic management of the approval process for new age-restricted drug products. Submissions are automatically run through the workflow based on the submission and approval type and the submission is then sent to government scientists for review.

Through the Extended ECM platform, the documentation is routed to multiple users for review and approval, enabling collaborative editing and streamlining the review process. A tool called Letter Generator allows the health agency to correspond directly with vendors to request additional information or documentation as required. The low-code development platform AppWorks enables rapid response to future requests for functionality—allowing for quick and easy mock-up and prototypes of new functionality.

2. Shift from paper to digital

Harris County, the largest county in the state of Texas (No. 3 in America), delivers key public services to more than 4.7 million residents, including education, public health and social services. Harris County Universal Services—the organization that provides IT solutions to the 80 departments in Harris County—was looking to improve its records management practices.

Traditionally, departments relied on individual systems and processes to manage records and used warehouses to store paper documents or shared drives for sharing information. Physical archives increased the risk of data loss in a disaster scenario, and data silos restricted collaboration and slowed service delivery. A massive flood caused by Hurricane Harvey in 2017, which submerged 25-30% of Harris County, highlighted the risks of warehousing paper documents.

To modernize its records management, Harris County deployed Extended ECM, a central enterprise content management platform that all departments could use to store their records digitally. With Extended ECM, Harris County was able to replace the paper-based process used in the Public Health department for budget requests to the Commissioner’s Court with a streamlined digital workflow. Digitizing the budget requests workflow has resulted in significant time savings, allowing the department to receive faster responses to budget requests.

In addition, the solution has enabled Harris County to replace manual document management processes in the property tax division and leverage OpenText Information Capture and Data Extraction solutions to streamline accounts payable processes. The new solution has cut records management effort by up to 50% in some cases.

3. Securely manage documents in the cloud

A well-known government agency facilitates equitable and sustainable access to homeownership and quality, affordable rental housing across America.

The federal housing agency manages a large number of documents related to its core business, such as loan applications, lender details, loan details, legal documents, and contracts. The housing agency was looking to upgrade its existing content management software to the latest version, hosted in the OpenText Cloud.

The agency was able to upgrade and move to the cloud all at once. With their new solution, the agency now has a secure, cloud-based content management system that meets their access and security requirements—up and running in a five-month period. In addition to having a modernized user interface, the upgrade also ensures increased security and reduced costs as the agency has retired its own data center.

4. Manage records and maintain compliance

A government defense agency was looking for a records management solution that can support a wide variety of use cases and significant amounts of files across internal and external instances of their content management solution. The agency also required the solution be compliant with governmental regulations to ensure the proper management, preservation, and disposition of electronic records.

The agency has a versatile ecosystem with multiple internal and external instances of its content management solution. Within this environment, the agency implemented Extended ECM as their compliant records management solution, hosted in the Microsoft® Azure Cloud.

In addition to being a records management solution certified to meet all the requirements of the Defense Department records management strategy, the solution has also helped to streamline the agency’s overall content management. Since its implementation in 2014, additional repositories and legacy systems have been migrated to the OpenText system, breaking down data siloes and allowing legacy systems to be retired. Today, the system boasts over 22,000 users and manages over 100 million files. It is fully integrated with other agency IT tools and processes.

Government Cloud Solutions that are FedRAMP-authorized enable a seamless, secure shift to the cloud.

The post Cloud for government: A look at 4 agency transformations appeared first on OpenText Blogs.

The concept of security posture, as defined by the National Institute of Standards and Technology (NIST), refers to an organization's overall cybersecurity strength—including its defenses and adaptability to evolving threats. This blog explores the transition of cybersecurity strategies from a reactive approach to enabling actionable visibility, for proactive protection across the expanding attack surface, and reducing risk in today's digital enterprises. 

Today’s Cyber Threats and Challenges in Maintaining Security Posture 

The digital-first shift has broadened the enterprise attack surface significantly, necessitating advanced security measures to reduce the risk of breaches. For instance, the stealthy tactics of threat actors like Volt Typhoon, who remained undetected in U.S. critical infrastructure for years, underline the need for robust defences. Bolstering an organization's security posture remains a challenge for cybersecurity teams; here are some reasons why: 

• In the application security space, tool sprawl leads to isolated scanning activities that hinder the unified analysis and prioritization of vulnerabilities. And it is worth noting that eight of the top 10 data breaches of 2023 were related to application attack surfaces. 
• Complying with various data residency and sovereignty laws using point tools and spreadsheets is an overwhelming task. Additionally, there is the ever-present risk of inadvertent breaches due to the limited visibility into a) where PII/PHI data resides and b) whether it is adequately protected. 
• Verizon, in their 2023 DBIR report, found that 74% of all breaches are identity related, with threat actors exploiting the human element via privilege misuse, stolen credentials, social engineering, or just plain user error.  

Enabling Automated, Proactive Protection—The Next Crucial Step 

Security posture management is the ongoing process of monitoring and improving an organization's security measures. It includes identifying vulnerabilities, ensuring adherence to security policies, and rapidly addressing new threats to maintain robust security defenses and minimize risks. 

So, beyond simply introducing new acronyms, what essential benefits do security posture management solutions offer to an organization? 

Application Security Posture Management: 

• Aggregates and contextualizes security findings from various scanning tools throughout the SDLC. 
• Implements AI to identify critical vulnerabilities—including internal, LLM-generated, and open-source code—with the highest business impact.  
• Automates vulnerability fix suggestions and remediation early in the SDLC and, by orchestrating workflows, enables DevSecOps collaboration and eliminates tool sprawl. 

Data Security Posture Management: 

• Employs AI-driven analytics to automate the discovery and protection of sensitive data entities. 
• Effectively reduces storage costs and minimizes the risk associated with data breaches through AI-driven financial risk modelling. 
• Ensures compliance with a broad spectrum of regulatory requirements, including user and group access, to enhance overall data security and governance. 

Identity Security Posture Management: 

• Strengthens an organization’s defenses by providing a proactive framework that maintains the security posture of an organization’s identity infrastructure through automated workflows. 
• Provides AI/ML behavior monitoring of identities and user/entity access and implements multi-factor authenication/passwordless authentication. 
• Ensures comprehensive governance through regular assessments and certifications. 
• Applies the ‘least privilege principle’ and provides ongoing security awareness training. 

Conclusion 

The shift from point tools to comprehensive security posture management solutions marks the cybersecurity industry's move from reactive responses to proactive, automated protection in increasingly complex and interconnected IT environments. This transition underscores the need for actionable visibility; to not only detect threats but also to aggregate and correlate data across various security layers to automate defenses and contextualize risk. By adopting this integrated approach, organizations can enable proactive risk management and develop a more dynamic, comprehensive, and automated strategy for cyber resilience. 

OpenText™ offers solutions in application security, data security, and identity security as part of its broad-scope cybersecurity portfolio. Customers utilizing these platforms report: 

Application Security 

‘We looked at alternatives but found it a challenge to find a solution that identifies a wide range of vulnerabilities and makes them visible in an easy-to-action way. Once we saw what Fortify on Demand was capable of, we knew it was the solution for us.’ Jair García Osorio, Chief Technology Security Officer, Coca-Cola FEMSA    

Data Security 

‘We had investigated other vendors, but OpenText demonstrated clearly that it was the only company to provide integration between its solutions and our specific data repositories. This, coupled with the expertise we saw from OpenText consultants, convinced us that Voltage Fusion and File Reporter were the right match for us.’ Senior VP of Infrastructure & Information, Major United States Bank. 

Identity Security 

‘We have worked with the NetIQ suite of identity and access management solutions for the last 20 years and felt NetIQ Identity Governance ticked all required boxes. We introduced it in a proof-of-concept (POC) and beat the other vendors in the mix.’ Brent Kynaston, Solutions Architect, TriVir 

The post Beyond the buzzwords: Automating protection with AI-enabled solutions for modern cybersecurity appeared first on OpenText Blogs.

Exciting news! OpenText Project and Portfolio Management (PPM) achieved FedRAMP Ready and is currently FedRAMP in Process--plus it's available on the FedRAMP Marketplace in the OpenText IT Management Platform (ITMX) package. This means PPM On-Cloud can easily be adopted by government agencies. The OpenText ITMX Platform featuring Service & Asset Management, Universal Discovery, CMDB, and Project & Portfolio Management is in the final stage of FedRAMP certification.

Organize, integrate, and protect data and content as it flows through business processes inside and outside your organization with the OpenText ITMX Platform. With ITMX, government agencies can reduce Tier 1 support, increase IT visibility, and reduce service disruptions, while accelerating application delivery through private generative AI and automation.

OpenText ITMX key capabilities include the following:

• Single intuitive self-service portal for IT Service Management, AI-driven support, and a mobile app for empowering users and reducing service desk costs
• Codeless configurations, ITIL-certified processes, plus technology-agnostic workflow and process automation to boost IT productivity
• Powerful discovery of traditional IT assets and cloud services, change-risk analysis, and IT asset and software license management to reduce risks and control costs
• Investment and strategy alignment through a top-down and bottom-up analytics approach to application portfolio and project management

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP®) is a government-wide program that standardizes the security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. FedRAMP certification provides assurance to federal agencies that the cloud services they use meet stringent security standards, thereby helping to protect sensitive government data from cyber threats and unauthorized access.

Why is FedRAMP certification important?

Cloud Service Offerings (CSO) that achieve FedRAMP authorization can be implemented by government agencies with confidence. FedRAMP certification offers several benefits for government agencies:

• Enhanced Security: FedRAMP ensures that cloud services meet stringent security standards, protecting sensitive government data from cyber threats and unauthorized access.
• Streamlined Procurement: FedRAMP certification streamlines the process of procuring cloud services by providing a standardized framework for security assessment and authorization, reducing duplication of efforts and saving time and resources.
• Cost Savings: By leveraging FedRAMP-certified cloud services, government agencies can realize cost savings through reduced infrastructure and maintenance costs, as well as by avoiding the need for individual security assessments.
• Facilitate Collaboration: By adhering to common security standards, FedRAMP promotes interoperability among government agencies and facilitates seamless data sharing and collaboration. This enhances efficiency, communication, and decision-making across different departments and agencies.
• Compliance Assurance: FedRAMP certification provides assurance that cloud services comply with federal security and privacy regulations, helping government agencies meet their legal and regulatory obligations.

Learn more about OpenText PPM and how it can help government agencies strategically align projects with organizational objectives, optimize resource allocation, mitigate risks, facilitate informed decision-making, measure performance, and govern project portfolios efficiently. Follow us to stay in the loop on the OpenText ITMX Platform’s FedRAMP certification and authorization.

The post Look for OpenText™ Project and Portfolio Management (PPM) on the FedRAMP Marketplace appeared first on OpenText Blogs.