“How do we achieve the necessary level of interoperability while ensuring that our data is secure?” It’s a critical question that surfaces time and again in our conversations with defense and intelligence customers and partners across the globe. While legacy thinking, policy perceptions, and risk aversion once triggered responses focused on sovereign and on-premises solutions, lessons learned from recent global conflicts have challenged traditional thinking.
There’s now a greater understanding that in the face of aggressive and integrated cyber and kinetic actions, the physical dispersal of critical infrastructure, systems, and data is a critical defense strategy. Data security and resiliency are now being enhanced by the distribution of digital operations and data assets across borders and into other countries. It’s underscored the value of, and need for, the migration of defense and intelligence workloads to the cloud—so long as that cloud is built from a foundation of trust, privacy, and security, like Microsoft Azure.
“Before the invasion of Ukraine, governments thought that data needed to stay inside a country in order to be secure. After the invasion, migrating data to the cloud and moving outside territorial borders is now a part of resiliency planning and good governance.“—Cristin Flynn Goodwin, Associate General Counsel, Customer Security and Trust, Microsoft.1
Microsoft for Defense and Intelligence
Learn how defense and intelligence agencies advance their missions to promote stability and security for residents, nations, and multinational alliances with the help of Microsoft Cloud solutions.
Digital transformation in defense hinges on partnership and interoperability
Recent geopolitical events have highlighted advances in cyber threat intelligence and end-point protection. They’ve also demonstrated that a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive attacks, espionage, and influence operations is required.
The latter point recognizes the principle at the heart of interoperability—that allies and industry must collaborate and develop a collective response for the most effective defense. When responding to adversaries, allied support and coordination are critical. With today’s adversaries engaging in hybrid warfare methods, cyberattacks, disinformation campaigns, and domestic terrorism, defense agencies are increasingly reliant on data-sharing and collaborating—across organizations, agencies, and national and international borders.
Furthermore, it’s clear that digital transformation and technology acceleration in defense hinges on partnerships with the defense industrial base and non-traditional technology vendors—including commercial tech companies and the start-up ecosystem.
Nevertheless, the risk appetite for sharing resources remains low due to legacy policies that continue to guide the adoption of on-premises solutions that are vulnerable to modern attacks.
Instead, through the adoption of hyper-scale cloud and edge, with a cybersecurity approach built on a foundation of trust and security, defense and intelligence organizations can achieve their goals as it relates to both security and interoperability. When defense and intelligence organizations migrate workloads into the Microsoft Azure Cloud, they benefit from an unprecedented, ever-deepening, and unwavering commitment to securing data from the ever-increasing number of cyber threats.
The Microsoft Cyber Defense Operations Center (CDOC) is one example of the more than USD20 billion we’ve committed to investing over the next five years in security, data protection, and risk management. The CDOC brings together cybersecurity specialists and data scientists in an every day facility to combat threats in real-time. Microsoft is connected to more than 8,500 security professionals globally across our product development teams, information security groups, and legal teams to protect our cloud infrastructure and services, products and devices, and internal resources.2
So let’s take a look at the threat environment that is shaping the Microsoft cybersecurity approach.
The Current threat environment
National defense and intelligence organizations around the world are facing three types of cyber adversaries that threaten national security:
Cybercriminals look to monetize compromised data either through ransomware directly from victims or by selling it to Foreign Nation States.
2. Foreign Nation State actors
Foreign Nation State actors aim to engage in intellectual property theft, espionage, surveillance, credential theft, and disruptive and destructive attacks to further their national interests.
Hacktivists conduct cyberattacks to cause disruption in order to further social or political goals.
Given the motivation, scale, organization, and sophistication of adversaries launching cyberattacks, defense and intelligence organizations must modernize their cybersecurity systems and approach. Otherwise, they risk being outmaneuvered by more sophisticated adversaries (or even less sophisticated actors with access to technology) leveraging AI, automation, and the scale of hyper-cloud systems to carry out their attacks.
Three steps to improving cybersecurity capabilities
Below are three key actions defense and intelligence organizations can take to modernize and improve their cybersecurity capabilities:
1. Enhance early-detection systems across the defense digital ecosystem continuum
Leveraging a hyper-scale cloud enables defense and intelligence organizations to detect, respond, and deter attacks early. For example, Microsoft Cloud spans over 200 data centers across 140 countries and analyzes 43 trillion security signals daily. Combined with the intelligence gained by tracking more than 250 unique nation-states, cybercriminals, and other threat actors, we provide defense and intelligence organizations with a unique global perspective. This global threat intelligence perspective enables early detection and response to emerging threats across multi-cloud, hybrid, on-premises, and heterogeneous platforms.
2. Adopt an organization-wide Zero Trust philosophy
Beyond the technical architecture and products necessary to implement a Zero Trust Framework, every individual at every level of the organization must live by, implement, and adhere to the three core principles of Zero Trust:
- Explicitly verify: Always authenticate and authorize users based on all available data points before allowing access to resources. This includes user identity, location, device health, service or workload, data classification, and anomalies.
- Use least privilege access: Limit user access with just-in-time (JIT) and just-enough-access (JEA), risk-based adaptive policies, and data protection to help secure both data and productivity.
- Assume breach: Assume system defenses have been breached and systems might be compromised. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
3. Use Automation as a force multiplier to mitigate threats at scale
According to the 2022 (ISC)² Cybersecurity Workforce Study, there’s a global shortage of 3.4 million workers in cybersecurity. With this deficit, modern automated security platforms must be used by all organizations, including the defense and intelligence community, as a force multiplier to fill in the cyber talent gap.
Microsoft offers best-in-class capabilities across all security pillars of the digital estate. According to the Forrester Total Economic Impact Studies, Microsoft Security tools reduce the likelihood of a data breach by 45 percent,3 reduce the time to threat mitigation by 50 percent,4 and reduce the amount of labor associated with advanced investigations by 80 percent.5
A foundation that supports the mission
As mentioned, defense and intelligence organizations seek to simultaneously increase security, while also increasing interoperability. In the face of the threat environment highlighted above, Microsoft is committed to meeting the increasing need for defense and intelligence organizations to interoperate with allies and collaborate with trusted partners. Hyperscale cloud serves as the digital foundation for interoperability and collaboration while offering improved security postures over traditional legacy, on-premises approaches.
That’s not to say that the cloud is appropriate for every single scenario. Certainly, in our industry, we know that’s not the case. For instance, there are currently requirements for mission data to remain air-gapped. Nonetheless, we also recognize that the vast majority of workloads across all industries—defense and intelligence included—can and should be serviced in the public hyper-scale cloud because it is the gold standard for security, resilience, and economics.
So how can we deliver on the unique needs of our defense and intelligence customers who work across the entire classification spectrum, and for which classified mission workloads must be air-gapped? We take an end-to-end view of our customer’s needs—from the enterprise to tactical edge—and include coalition and industry requirements for interoperability and collaboration.
For classified mission workloads, hybrid and on-premises capabilities remain an important part of the overall landscape and Microsoft will deliver on that need. We also recognize the need to leverage contemporary capabilities, such as AI, digital twin, and simulation, and understand how information superiority, through the application of these capabilities, is a force multiplier.
That’s why we support your mission by first leveraging our hyper-scale capabilities, to meet as many customer requirements as we can, across the entire classification spectrum. Where this isn’t possible (like some classified and mission workloads) we leverage our Azure Stack portfolio for air-gapped and disconnected operations, whilst continuing to invest in hybrid infrastructure and provision of control plane technologies that bring all of these environments seamlessly together.
Achieving a secure digital backbone
The task to modernize and increase interoperability while navigating today’s threat environment is achievable with partnership across defense, intelligence, government, non-government organizations and industry, academia, and the science and technology (S&T) community. Cybersecurity threats are increasing and will continue to evolve as threat actors gain access to technology and evolve their techniques to conduct destructive cyber-attacks, espionage, and influence operations. Defense and intelligence organizations can have confidence knowing Microsoft Azure is designed to implement the steps discussed to improve cybersecurity and serve as the organization’s secure digital backbone to achieve the mission.
We recognize, though, that transformational progress can be often tempered by policies that seek to simply reinforce legacy approaches rather than inspire new ones. To move forward, we encourage open discussion between defense and industry and across government alliances, working together to express your interest in sharing a common digital backbone and data fabric.
To discuss how Microsoft can help you deliver a secure digital defense and intelligence backbone, we invite you to connect with us on LinkedIn or reach out to your account team representative.
For more insights, you can also listen to a two-part cybersecurity miniseries on the Microsoft Public Sector Future Podcast, Episode 36: Cyber Resilience in Government and Episode 37: Military Lessons on Cyberdefense, where we discuss how public sector organizations can be better prepared for future attacks, best practices for protecting sensitive data, and why making risk-based decisions are so important.
1Microsoft Digital Defense Report 2022 | Microsoft Security
2 Microsoft Cybersecurity Defense Operations Center—Security | Microsoft Docs
3 The Total Economic Impact™ Of Securing Apps With Microsoft Azure Active Directory
4 The Total Economic Impact™ of Defender for Cloud from Forrester Consulting
5 The Total Economic Impact™ of Microsoft Sentinel from Forrester Consulting.