How public-private partnerships can strengthen U.S. cybersecurity

A message from
 
Microsoft Federal

The U.S. needs to bring together the brightest minds and most advanced technologies from the public and private sectors to protect the nation from malicious cyber-attacks. 

Why it’s important: Strengthening the country’s cybersecurity is achievable through close collaboration between government and industry, leveraging modern cybersecurity strategies across the entire digital ecosystem.

The background: On May 12, the Biden Administration signed an Executive Order on Improving the Nation’s Cybersecurity.

The Cybersecurity Executive Order (EO) represents a bold step in recognizing cybersecurity as a national priority and provides concrete recommendations to address ever-evolving and increasingly sophisticated threats.

  • The goal: Modernize the government’s IT infrastructure with a set of standards that will enable agencies to be more proactive when dealing with cyber threats.
  • The EO is both an acknowledgment of the threat faced by government agencies and a requirement for action within a tight timeframe.

The order provides numerous short-term requirements that federal agencies must meet in the coming weeks and months.

  • These requirements are meant to improve the overall security posture of the federal government and should fit within an agency’s long-term security strategy.
  • Some agencies may not realize they already have technology in place that simply needs to be activated or fined tuned to meet the EO requirements.  

Microsoft Federal is ready to partner with federal agencies to define and drive a new era in cybersecurity.

What this means: The company is committed to answering the nation’s call to strengthen inter- and intra-agency abilities to unlock the government’s full cyber capabilities — for the immediate EO deliverables and the longer-term EO vision.

The idea: Microsoft’s communication and collaboration tools combined with its Zero Trust Architecture dramatically reduce cyber risks while protecting an agency’s sensitive systems and data.

The technology company has outlined a few immediate steps agencies can take to meet the important EO milestones:

1. Accelerate modernization by identifying and monitoring risk.

Agencies can get started by enabling sign-on applications, setting up conditional access to enforce multi-factor authentication (MFA), and registering and provisioning devices to establish a dynamic asset inventory.

2.  Build on monitoring insights to establish risk-prioritized actions.

Adding a dynamic and risk-based context evaluation to authorization can be achieved through a simple and consistent centralized policy with Azure AD Conditional Access.

  • Using a cloud-native, security information event management (SEIM) and security orchestration automated response (SOAR) solution like Azure Sentinel can provide additional insights through anomaly detection.
  • Agencies should focus on identifying this data to address EO requirements while also providing additional monitoring insights from the aggregation of sensitive data flows.

3. Focus on increasing protection.

Agencies can increase cyber protection by enforcing BYOD mobile device management (MDM) enrollment during authorization to provide an inventory of non-enterprise devices.

  • Solutions like Azure Defender and Microsoft Cloud App Security provide deeper analytics and fine-grained control so agencies can gain greater visibility into cloud apps and services to control sessions and protect workloads in real-time.

The takeaway: Working in partnership, government and industry can come together to accelerate security modernization, meet short- and long-term EO requirements and adopt a robust cyber posture that evolves with the complexity of modern government.