Skip to main content
Industry

Microsoft supports more holistic security for US Government Cloud customers

At Microsoft one of our biggest priorities in working with our US Government customers is helping them address their security needs holistically, providing a control-based foundation while enabling a risk-based security approach. We know that whether a customer is a large federal agency or a small municipality, navigating and meeting their compliance requirements can be a real burden. The benefit of having a cloud-enabled security strategy with Microsoft 365 for US Government is that customers can shift the responsibility for many of those controls onto Microsoft. Through a shared responsibility model, we work to ensure that we maintain continuous compliance with US Government requirements like FedRAMP Moderate and High, IRS 1075, and CJIS for our cloud infrastructure, while our customers are responsible for ensuring their processes and data within the Microsoft cloud are protected in a manner that meets their security requirements. By sharing the responsibility for baseline security controls our customers can achieve compliance with security requirements much more quickly, while leveraging security capabilities in Microsoft 365 to protect against cyber threats.

For many government customers, security begins—and sometimes ends—with meeting the basic regulatory requirements to ensure control-based security and show compliance. But being compliant does not make you secure. It makes you compliant. It’s a great starting point but compliance with static security baselines is not enough to combat dynamic threats. To start, that requires threat intelligence about emerging attacks. Here, Microsoft goes wide and deep. The Microsoft Intelligent Security Graph is central to our security strategy. First, we go wide, collecting information from four key areas: identity, apps and data, infrastructure, and devices—think 400 billion emails scanned by our Outlook.com, and Office 365 email services, 450 billion authentications through our Azure Active Directory service, over a billion Windows device updates every month. Then we go deep, delivering insights from AI that are guided by threat data from our security researchers, incident response teams, Digital Crimes Unit, law enforcement agencies, and partners. And this intelligence isn’t just collected in a little booklet for security teams to reference in the event of an attack; it’s continuously applied across Microsoft services like Office 365 that consume it, in many cases with little or no customer configuration or interaction required. Especially for government customers that are resource-constrained and don’t necessarily have large SOCs with teams of active threat hunters, that additional layer of security is a great benefit.

The truth is, threats are always evolving, and attackers are always working to find new ways to get sensitive government data, whether they want to sell it, hold it for ransom, or destroy it. This is where having an agile security strategy that is based on real-world risks comes into play. Lately, I’ve been focusing on strategies to help our government customers mitigate risk from these three cyber threats:

  • Phishing attacks. One of the most popular ways to get past the firewall of any organization, these attempts to steal identity and information via malicious email attachments or URLs are continuing to increase yearly and are more frequently being used as gateways to additional attacks, like ransomware. Government customers can be particularly susceptible to these attacks because so much of their information related to their work is publicly accessible.
  • Ransomware attacks. Various federal, state, and local government agencies across the US have been hit with these attacks, which lockdown systems and threaten victims with encryption of mission-critical data, deletion or destruction of data, as well as disclosure of sensitive information if the requested ransom is not paid. Ransomware hackers can gain entry through email, websites, remote desktop or file sharing programs, or worms, among others.
  • “Living off the land” or fileless attacks. These attacks use tools already installed on a computer or run simple scripts or shellcode for reconnaissance, exfiltrate sensitive data, or spread ransomware. These attacks easily evade traditional anti-virus software and could be rapid attacks that leave no footprint or stealth attacks with fileless persistence.

To address these threats and more, Microsoft takes a “defense in depth” approach, with tools across the Microsoft 365 stack—Office 365, Enterprise Mobility + Security, and Windows— designed to significantly reduce risk by preventing, disrupting, or mitigating attacks against users, applications and data, or devices:

Office 365 Advanced Threat Protection (ATP) not only protects email from zero-day malware and malicious URLs but goes beyond email to protect documents stored in SharePoint or OneDrive or opened locally in Office 365 ProPlus. Safe Attachments uses detonation in a virtualized environment to help protect against zero-day attacks from files or email attachments, while Safe Links uses time-of-click protection to block links to malicious URLs and web pages. Additionally, deep integration with Windows enables Office 365 ATP to exponentially expand the number of malicious URLs and web pages that the service can identify and block.

Office 365 Threat Intelligence monitors signals and gathers data from multiple sources, such as user activity, authentication, email, compromised PCs, endpoints, and security incidents. It provides a dashboard view to help security teams diagnose and stop the spread of threats across the organization by helping them to identify, monitor, and understand attacks and quickly address threats based on what’s happening in their Office 365 environment. It also leverages the Microsoft Intelligent Security Graph to help security teams differentiate between attack types and scope such as targeted versus global attacks.

Azure Active Directory is Microsoft’s identity and access management solution designed to help organizations manage user identities and associated access privileges. Centralization, hardening, and continuous monitoring of authentication is essential to securing identity. From SSO and multi-factor authentication to identity protection through user risk profiles, Azure Active Directory Premium capabilities integrate with Office 365 as well as thousands of third-party applications.

And finally, Windows Defender has been completely redesigned from the ground up, providing updated security capabilities like Block at First Sight, which provides a way to detect and block new malware within seconds, or Credential Guard, which uses virtualization-based security to isolate secrets so that only privileged system software can access them.

Overall, Microsoft wants to help our US Government customers do more than just check boxes for security compliance, we want to help them protect sensitive government, worker, and citizen data at every level. We can enable government agencies of any size to implement a mature risk-based security strategy by reducing the burden of control-based security requirements while enhancing their ability to respond to dynamic threats. I invite you to join our webinar, “Cybersecurity as a foundation for government,” to learn more about how Microsoft is helping government agencies like yours address security threats, or participate in a Security in a Day session at a nearby MTC location.