DoD will not be able to afford a fragmented security posture; its cyber analysts and defenders will need visibility across the entire cloud landscape, rather th...
This content is sponsored by Microsoft.
When the Defense Department announced its Joint Warfighting Cloud Capability contract in December, it was a major step on DoD’s multi-cloud journey. By implementing multi-cloud governance, which is centered in security, DoD has the opportunity to align this multi-cloud adoption with its zero trust strategy. That strategy is very explicit about the outcomes it’s looking for to secure an environment and provides metrics to determine success – for example, can DoD identify and track the same individual across multiple environments? It also provides flexibility, giving DoD the ability to try multiple approaches to achieve the desired outcome, and choose the best option.
“While there are operational benefits to DoD leveraging the various cloud service provider environments and all their native security capabilities that exist, having security capabilities that can extend and cover gaps in certain CSP environments will give them that holistic view across their system,” said Steve Faehl, security chief technology officer for Microsoft Federal. “Azure security capabilities can help defend other clouds as well, which is somewhere we can see the DoD generating significant efficiency and economies of scale: having a common operational picture by leveraging those Azure components that span across the board.”
To further secure DoD’s networks and systems, and achieve the goals of its zero trust strategy, DoD’s cyber analysts and defenders will need visibility across the entire cloud landscape, rather than having to swivel between separate instances. DoD needs a common picture of user identities, a common means of putting policy and protection onto endpoints, and a common defensive layer.
“We do believe that zero trust is measurable,” said Jay Bhalodia, director of customer success in Microsoft Federal’s security division. “By starting with that common layer of being able to see everything, you’re then able to add on top of that policy and governance. And there should be a measurable change within the environment reflecting that. If you’re capturing telemetry first, and understand what your starting point is, you have the ability to measure the maturity of those relative environments, and know where you need to de-risk or address certain concerns. Measurability starts with visibility.”
But it’s not just about the capabilities themselves; DoD analysts and defenders will have to be educated in how to operationalize these capabilities as well. They’ll need training to learn how the tools work, and how to understand the dashboards and visibility across different cloud solutions. They’ll also need training on how to apply that knowledge to the context of the organization to achieve the specific objectives and outcomes DoD is looking for. Microsoft has invested in DOD outcome-specific engagements for faster paths to implementation and hands-on training programs to support capability development for DoD and Federal employees.
One of the key components to that visibility is standardizing identity across environments. The security team needs to be able to verify each user in each environment, in order to perform user entity behavior analysis. That allows analysts and defenders to source the identities involved in an attack, even if an attack traverses environments. That’s important because identity is a common attack path in cloud; the network isn’t as vulnerable compared to on-premises.
Standardizing identity also saves time and overhead during incident response, because defenders aren’t trying to correlate identities across platforms. The security team can focus on the actions taken by the compromised identity instead, allowing cyber defenders to operationalize security rather than spending precious time trying to connect all the data manually.
“In the moment, it can be very compelling to go a different route and spin up multiple identities because it’s faster, you don’t have to rely on a central process, you’ll have an identity per CSP, maybe you’ll have an identity permission environment,” Faehl said. “But take a look at what is going to make you successful in the long term, and then burn down the amount of effort that it takes to get there. How do we make it easier to use an existing identity than to spin up a new identity? How do we audit to find out where different identities are being used? Those types of questions upfront provide an opportunity to make some of the right decisions from the start.”
One innovation that can help cyber analysts and defenders make those decisions easier is the use of artificial intelligence (AI). AI can help harmonize data from the different environments to make it easier to understand, as well as help analysts track down the data they need without the analyst needing to be an expert in the subtle differences of each CSP. Microsoft Security CoPilot combines advanced large language models with security-specific skills and training that will help empower cyber defenders’ ability to scan and assess security threats. The boost provided by advanced AI tools like CoPilot translates into gains in the quality of detection, speed of response and ability to strengthen security posture.
“For those mission outcomes, the DoD really looks at cloud as a force multiplier and a source of innovation,” said Jason Payne, chief technology officer for Microsoft Federal. “The pace at which the department wants to push innovation needs to be balanced between the comfort of status quo weighed against the potential mission outcomes and improvements that will drive towards continued decision advantage. But I think it’s a natural tension. Projects in DoD succeed where they surface that to the beginning.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.