Information Technology Navigator

In today’s cloud-driven world, controlling cloud costs without sacrificing performance is a key challenge. Microsoft Azure FinOps (Financial Operations) is a framework that brings a strategic approach to managing cloud expenditures, transforming it from a guessing game into a structured process. For businesses utilizing Azure, learning FinOps fundamentals can unlock new cost-saving opportunities and enhance collaboration across finance, IT, and business teams.

Daymark Solutions’ comprehensive Azure FinOps workshop offers hands-on labs, expert-led discussions, and interactive exercises designed to teach critical cost management skills. Participants dive into rightsizing Azure resources, managing orphaned resources, and leveraging Azure’s unique cost-saving options like Azure Hybrid Benefit, Reserved Instances, and Azure Savings Plans. Each session balances theory with practical exercises to build a solid foundation for financial governance within Azure environments.

Read More

The Cybersecurity Maturity Model Certification (CMMC) program journey started back in 2019, which eventually led to DFARS Case 2019-D041. Since then, it has gone through several changes and program evolutions. Nearing 4 years in the making and getting closer to being finalized, companies are wondering what is next. What is the target date for the new rule?

CMMC Rulemaking Timeline

The rulemaking process illustrated in the graphic below shows a high-level workflow from the Government Accountability Office (GAO).

Figure 1: GAO Federal Rulemaking

Read More

Read More

One of the most common cyberattack vectors is compromised credentials. Malicious actors with access to AI technologies have increased the sophistication and effectiveness of their attacks. The rise in phishing attacks and malicious actors gaining access to AI technologies has resulted in sharp increases in credential theft. In addition to credential theft, token theft or hijacking is also on the rise. Staying one step ahead of the bad guys is a constant battle for organizations of every size.

Why is This Critical Now? The Deadline is Looming.

In March 2023, Microsoft announced the deprecation of managing authentication methods in the legacy multifactor authentication and self-service password reset (SSPR) policies. Beginning September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies.

Enter Microsoft Entra ID!

Getting Started with Entra ID

Read More

Pure Storage Portworx has established itself as the gold standard for cloud-native Kubernetes data storage, offering scalable persistent storage, multi-cloud data mobility and zero RPO data protection and disaster recovery. At Daymark, we have been impressed with Portworx and view it as being in a class of its own when compared to other suppliers of storage for Kubernetes-orchestrated container apps. Once you transition from development to production with Kubernetes, persistent storage and enterprise data services become critical components of your Kubernetes environment.

A recent report by research house GigaOm concurs, recognizing Portworx as an “Outperformer” — the only product with that designation in the report. The GigaOm Radar for Kubernetes Data Storage Report reviewed nine vendors in the Kubernetes data storage space, down from twenty-two vendors in 2021.

Read More

Companies performing work in the Defense Industrial Base (DIB) often contemplate whether they should use a cloud service provider for their business, then wonder which version of the cloud service they should consider. The rules and regulations passed down to the DIB from the Federal Government are quite confusing when it comes to trying to figure out what their requirements are. In this article, we will try to clear some of that up!

Read More

Protecting sensitive and classified information when working for the Federal Government requires constant vigilance. When the government issues a contract, it must specify to the performing contractor when covered defense information (CDI) or controlled unclassified information (CDI) will be generated under the contract. Many prime contractors “flowdown” every FAR and DFARS clause to subcontractors and vendors without considering if that subcontractor or vendor will be processing, storing, or transmitting CDI. Anticipating where CDI may reside once awarded a contract can be a challenge. Here is guidance on ways CDI can flowdown to subcontractors and the defense industrial base (DIB), and steps those organizations should take before signing an agreement.

An Introduction to DFARS

Read More

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders to improve and monitor the domain’s protection from fraudulent email.

DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages. Because cyber security continues to be a top priority for businesses, DMARC adoption is on the rise for several good reasons.

Top 3 Reasons to Implement DMARC

Read More

Many companies are currently evaluating how they might fund initiatives necessary to move their businesses towards compliance with the Cybersecurity Maturity Model Certification (CMMC). There are a few ways to fund these initiatives, but many key items have the potential to impact the amount of funding needed to prepare your organization for certification. So, where do you start to appropriately scope the project, and how do you know how much it will actually cost?

Whether your company plans to meet the CMMC objectives or to stop doing business with the Federal Government, keep in mind that cybersecurity is an important part of maintaining your business health and ensuring resiliency in the future. When businesses suffer a cyberattack and cannot afford the cost to recover, they often go bankrupt. In addition to the new federal regulations being pushed out by the Defense Federal Acquisition Regulations (DFARS), many states have laws requiring levels of protection for different types of information. Other federal governments have also enacted cybersecurity protection measures for their citizens (such as GDPR). Not doing so can also leave you open to lawsuits in the event of a breach or incident.

5 Phases for Cybersecurity Compliance

Read More

Over the past few months, Microsoft has slowly rolled out Copilot for Microsoft 365 through their many channels, making it available to all customers. As I mentioned in my last blog, "Copilot for Microsoft 365 – What You Need to Know," there are still some prerequisites for purchasing, including a minimum term of 1 year, however, the minimum purchase quantity of 300, which was a limiting factor for most, has been eliminated. This major shift by Microsoft resulted in a sharp increase in activity with most organizations being very interested in the promise of the significant productivity gains touted by Microsoft.

However, those same organizations tend to fall into one of two camps:

• First are those that are fast-tracking a pilot or internal testing.
• Second are those that are concerned about data privacy and protection and will not allow Copilot, or any other AI, to be used in their organization.

Read More