Skip to content

CASE STUDY

Big Acronym University (BAU): Summit 7 Pioneers Scalable Security for Higher Ed Research

BAU Logo 1457x1247

About Big Acronym University

Industry: Higher Education and Defense Research

Services: Big Acronym University provides critical research services for the Department of Defense, adhering to stringent federal cybersecurity regulations to protect sensitive data and support national security efforts.

Problem: Big Acronym University faced significant compliance challenges with the Department of Defense's stringent cybersecurity regulations. Summit 7 helped BAU achieve robust security and regulatory adherence, protecting sensitive research data from advanced cyber threats.

BAU Campus 1000x667

Summit 7 Pioneers a Scalable MXDR Security Solution for Higher Ed Federal Research Leading to Major University’s Research Protection in the Cyber War 

 

The United States Department of Defense (DoD) has heightened cybersecurity regulations for the Defense Industrial Base (DIB) due to increasing cyber-attacks on the U.S. Critical Infrastructure, which experts are calling a Cyber War. Officials from the FBI, National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) recently gave an urgent warning on the escalating cyber threat posed by the Chinese Communist Party. FBI Director Christopher Wray says China's cyber threats to the U.S. are the “defining threat to our generation.” 

 

As tensions escalate, cyber theft costs exceed $600 billion annually, with China and Russia emerging as formidable adversaries, largely through intellectual property (IP) theft and the exfiltration of Controlled Unclassified Information (CUI). In an attempt to close the gap on the attack on U.S. Critical Infrastructure, the DoD created the Cybersecurity Maturity Model Certification (CMMC), requiring DoD contractors and higher education institutions to comply with federal cybersecurity regulations or lose multimillion-dollar contracts and risk the possibility of business closure. Summit 7 has responded to both the national security crisis and the DoD regulation by developing an innovative and scalable solution for organizations seeking a complete cybersecurity transformation, utilizing Microsoft 365 Government Community Cloud (GCC) High and Azure Government. This solution centers around the Microsoft 365 G5 license, leveraging the robust security features within Microsoft Sentinel and Defender to create Vigilance, Summit 7’s MXDR managed security offering. 

 Summit 7’s deployment of Microsoft Government for over 1,000 DoD contractors drove the following utilization metrics: 

  • YoY revenue growth of 41% (CY23)
  • Maintained status as the #1 reseller of M365 E5/G5 billed revenue (FY23)
  • Designation as the only Azure Expert MSP focused on the U.S. Government Cloud (CY23) 
  • Early entrant partnering with Microsoft to deploy Azure Government Secret cloud to DoD Contractors 
  • Addition of 160 new customers (FY23)

 

 

Big Acronym University (BAU)* Gears up for the Cyber War with a Full Microsoft Stack Security Solution 

 

The higher education sector has a difficult task balancing both research and security. Mitigating security risks while allowing collaboration in an environment with foreign national students is a challenge, especially with the potential to be audited by the Department of Justice (DOJ). The mishandling of sensitive DoD research data, specifically CUI, has been a trending topic of investigation and prosecution for the last three years in the DOJ. 

Big Acronym University chose Summit 7 to tackle this complex problem because of its extensive track record in building comprehensive security solutions to protect critical data. As a foundational defensive mechanism Summit 7 implemented its CMMC Compliance Solution built on M365 GCC-High and Azure Government to guard against Advanced Persistent Threats (APTs) and potential vulnerabilities. Summit 7 deployed the full strength of the M365 G5 license with its MXDR managed security service, Vigilance, built on M365 Defender and Sentinel. 

 

 

Summit 7's implementation of Defender and Sentinel leverages the following (but is not limited to): 

  • Cyber Threat Intelligence and Integration
  • Incident Response Initiation and Management
  • Sentinel Notification Refinement and Improvement
  • Security Operations Reporting and Dashboards
  • Security Posture Reporting
  • Vulnerability Identification and Reporting
  • 24/7 Active Monitoring

"Summit 7 provides all the security capabilities we need on our behalf. We can sleep well at night knowing Summit 7’s MXDR service, Vigilance - built on the backbone of Microsoft Defender and Sentinel - has 24/7 monitoring and is a cost-effective model for us."
– Reese Danger*, Big Acronym University Chief Research Security Officer 

 

Best in Class MXDR: Security with Vigilance 

 

By partnering with Summit 7’s MXDR service, Big Acronym University was able to offload cybersecurity tasks and conduct their research with the assurance that their cybersecurity posture was strong, responsive, and compliant to the highest standards. 

Highlights of Summit 7’s Vigilance Implementation for BAU: 

  • Delivered solution with Azure Lighthouse for additional protection
  • Implemented EntraID delegated access and conditional access
  • Created custom Security, Orchestration, Automation, and Response (SOAR) playbooks using Azure Logic Apps and Function Apps 
  • Average Time to Triage: ATT was reduced to an average of 1.6 hours. Forreference, BAU’s estimated ATT in Q4 2022 was 9.3 hours 
  • Implemented Automated Actions, which respond, on average, 3-6 seconds after an incident is created 

In CY 2023, regulated research was Big Acronym University’s #1 growth area and the Department of Defense was their #1 federal funding source. “When I got here nine years ago, we were at $80 million in research revenue,” the University’s Chief Research Security Officer shared:

 

“This year, we're going to pass $400 million. We're making headway in regulated research. Microsoft and Summit 7 have been a significant contributor toward that growth.” 

 

Big Acronym University shared that the choice to go with Microsoft was easy due to its combination of enhanced usability and security compared with competing solutions like Google, AWS, and CrowdStrike. Regulated research is complex; therefore, BAU chose to create an ecosystem where they could confidently reduce user friction and simplify onboarding. “The transition to GCC High is really intuitive for our researchers,” Reese shared, “once they’re in, they're ready to work. To know that GCC High is also secure, compliant, and scalable to meet our future needs made it a no-brainer.” 

 

A Model for Scaling Higher Ed Regulated Research with Microsoft Solutions 

 

Summit 7 is currently working with several regulated research universities who are responding to international cybersecurity threats with the implementation of CMMC. These prestigious universities and other critical DoD contractors are looking to utilize Microsoft’s security solutions and Vigilance and generate revenue. Universities know that the power of these solutions will position them ahead of their competition and provide layers of assurance to the DoD that critical data is protected. “We feel confident moving forward. As the threat continues to evolve, the requirements are going to continue to evolve. By being embedded in a Microsoft solution, we feel assured that we will be capable of meeting all the future requirements.”

 

Scaling Into the Future with Vigilance 

The Department of Defense, who has been increasing its investment in higher ed for the past decade, is making this security transformation a priority. The DoD estimates that some 80,000 DoD contractors and higher education institutions will need to enhance their cybersecurity and prove their ability to protect CUI. The Director of Defense Contracts Management Agency (DCMA) states that “less than 23% of the organizations supporting the DoD have successfully passed a DoD cyber compliance assessment,” showing a large need for growth in this sector. 

Therefore, Summit 7 is continuing to scale its existing managed security solutions utilizing Microsoft’s full suite of security solutions to allow organizations to do their part in protecting national security. The potential impact that Microsoft Security solutions could have on building a secure U.S. Critical Infrastructure is exponential. Summit 7, in partnership with Microsoft, continues to fight for victory in the Cyber War to fulfill its mission of Protecting the American Dream. 

 

*Name of University and contact changed to guard university’s cybersecurity posture.  

S7_logomark

Custom-Built CMMC Solutions on Azure Government

Summit 7 has developed a comprehensive CMMC compliant solution as well as a robust set of managed security tools in its product line to form the CMMC Managed Security Solution. This Managed Security Solution set is designed to support the DIB in their journey to protect critical US data.

The core requirements of the CMMC Managed Security Solution utilize E5 licensing in Microsoft 365 GCC High and multiple security workloads within Azure Government.