The Biden administration, through a recent executive order, is directing agencies to improve their cybersecurity posture following several high-profile intrusions across government and industry.
For cloud providers like Microsoft, that means sharing more threat intelligence with agencies and providing them with advanced audit and e-discovery capabilities.
Heidi Kobylski, Microsoft’s general manager for federal civilian government, said Microsoft last year thwarted 30 billion email attacks and 31 billion authentication attacks.
“If you’re a customer in the Microsoft Cloud, you’re taking advantage of that capability and the thousands of cyber personnel we deploy at our cybersecurity centers, who are working 24/7, monitoring and investigating all the attack vectors out there,” Kobylski said on Federal News Network’s Cloud Exchange.
The Biden administration’s executive order sets goals to establish better sharing of threat information between government and industry. The executive order also directs agencies to harden their data classification, their multi-factor authentication and deploy zero-trust architecture.
Kobylski said Microsoft is taking steps to support agencies meeting the EO’s goals.
“It’s asking more of the vendor community to step up, and so Microsoft is doing that in a big way,” she said.
The Small Business Administration, for example, relied on Microsoft’s zero-trust architecture to expand its workforce from 2,500 to 20,000 employees during the COVID-19 pandemic, in order to support the disbursement of hundreds of thousands of emergency loans to small businesses.
“In doing so, they were able to take these 20,000 newly onboarded employees and look at certain data. What [is] the behavior of the user, and make sure they’re authenticating into the service. What is their geographic location? Does that match and correlate with the data of where they say they’re located and where they reside, or where their office is? So they marry all that up, and then they develop a zero-trust framework. That way, they feel confident when the employee enters the environment, that that employee is trusted. That really enabled them to get those 500,000-some loans deployed quickly. It was probably one of the best shows of immediate payment that we’ve seen out of government in a really long time,” Kobylski said.
Kobylski said Microsoft, as a cloud provider, recognizes that some agencies require different capabilities to have a more secure cyber posture in the cloud and address specific vulnerabilities. Cybersecurity, she added, is not just about detection, but also compliance with existing standards.
Microsoft offers zero-trust workbooks and CMMC compliance capabilities as part of its cloud portal, in order for agencies to stay current on the latest compliance documents.
Throughout the pandemic, Microsoft partnered with the Veterans Affairs Department to prepare its workforce to work remotely.
Before the pandemic, Kobylski said the VA had the capability to have about 60,000 employees working remotely at any time. But over the course of a weekend in the early stages of the pandemic, Microsoft helped the agency deploy Microsoft Teams and Windows Virtual Desktop to 400,000 users.
Kobylski said these tools allowed physicians to collaborate and track the availability of beds for patients at VA medical centers across the country.
Microsoft, she added, also stood up Azure AI capabilities, machine learning and predictive analytics in order for VA to create dashboard tracking COVID test results and other pandemic metrics.
“Those clinicians, they could look across the spectrum of all of those medical centers, and help figure out how do we ensure the care of these 9 million enrolled veterans, and also make sure we have bed space available that they could divert and avert situations — make sure they had enough ventilators available. They even coupled that with interactive mapping to look at whether they have beds available, or they could divert people to places where there was availability,” Kobylski said.
Microsoft is also looking at ways to empower innovation at VA. The company, together with Verizon and Medivis, partnered with the VA Palo Alto Health Care System to stand up a 5G-enabled clinical care system.
Kobylski said this new infrastructure allows surgeons to make real-time decisions while operating on patients. It also allows physicians to consult with colleagues in remote locations and conduct 3-D ultrasounds.
Microsoft is also working with the National Oceanic and Atmospheric Administration on a number of projects looking at how to use predictive analytics to help agencies track the trajectory of major storms and decide where to send resources ahead of time.
“Predictive analytics is really probably the biggest capability that I would see coming out of the next wave of innovation with the federal government,” Kobylski said.
In terms of other trends, Kobylski said Microsoft is also looking at how to keep supporting digital work while maintaining cybersecurity.
“How do you get things done in a more digital-friendly way, and how do you make sure that you’re really empowering digital employees? Part of that is making sure you have a strong cyber posture. But the other part of that is, in order to enable the future of modernization and the future of productive work, citizens are going to demand that when things like the pandemic happen, they can get access to money quickly from SBA, that those things continue. So we’re now seeing a shift in the conversations around what’s the next phase of that modernization, and it really is around things in the mission,” Kobylski said.