BlueHalo: Accelerated Growth Using Microsoft 365 GCC High and Azure Government for CMMC

Introduction

The Defense Industrial Base (DIB) describes the vast network of companies that provide goods and services to the Department of Defense (DoD). DIB companies typically have two paths for corporate growth: win contracts or mergers and acquisitions (M&A).

Mergers and acquisitions offer tremendous drivers for growth — expanding the company’s capabilities, adding greater value to its customers, and providing a competitive advantage in the market.

These fast-paced business transactions can change the trajectory of a company but require the keen ability to navigate cybersecurity risks that can occur with integration. One organization who is successfully executing the aforementioned growth model is BlueHalo, a long-term client of Summit 7.

BlueHalo is a leading provider of advanced engineering solutions and technology to the national security community. Its purpose is to provide industry-leading capabilities in the domains of Space Technologies and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

BlueHalo has grown quickly since 2019, and by leveraging the Microsoft Cloud Platforms, Microsoft 365 GCC High, and Azure Government they have been able to:

• quickly integrate IT operations
• increase user productivity
• add strategic value
• reduce capital expenses
• maintain compliance with DIB contract regulations

The Problem

Integration to Microsoft Cloud Platforms

Under the umbrella of its investment company, Arlington Capital Partners, BlueHalo has executed a successful strategic approach by having a unique understanding of the federal government’s priorities and regulatory environment. This allows the company to identify attractive companies with strong industry expertise while developing business relationships that lead to acquisitions.

This strategy provides confidence in their ability to close a transaction allowing for a repeatable and scalable growth framework within the Defense Industrial Base.

Effects of Rapid Growth in the Defense Industrial Base

BlueHalo has been extremely successful in its growth phase through these acquisitions, however it is imperative to assess and estimate the potential consequences of such rapid growth.

With each acquisition the portfolio company takes on the technical assets of the infrastructure within the selling company. This alone can cause a mountain of hidden IT technical debt – a critical issue that can disrupt business operations even the most clear-sighted CIO finds challenging.

A recent survey reports that 69% of IT leaders identify technical debt as a major threat to their companies’ ability to innovate. 97% of IT leaders report that they will rely on third-party resources for their cybersecurity assessments.

The Solution

The trusted partner relationship with Summit 7 began with an implementation project for NIST 800-171 compliance, and then expanded as BlueHalo began to execute its growth and acquisition strategy.

Summit 7, a Microsoft Gold Partner, provides security and compliance solutions built on the Microsoft 365 GCC High platform and Azure Government to meet regulatory requirements set by the federal government and foreign nations; focus areas for Summit 7 include CMMC, DFARS, NIST, and ITAR.

As BlueHalo brought multiple companies together with the vision of a national security and defense technology company, a core requirement was to create a compliant IT infrastructure that could support the integration of new users and unique source environments without interrupting business operations.

BlueHalo trusted Summit 7 to build both a secure and compliant infrastructure that could scale based on their growth strategy in the DIB. Summit 7 established a CMMC-compliant infrastructure within Azure Government, then rehosted various IaaS and PaaS solutions, including SQL Databases and servers, to align with the regulations outlined in CMMC L2.

The Platforms

The Microsoft 365 GCC High and Azure Government platforms implemented by Summit 7 enabled BlueHalo to migrate acquired IT environments quickly and in a compliant manner.

Moreover, BlueHalo chose Microsoft 365 GCC High and Azure Government as their platforms because of the platforms’ ability to meet CMMC 2.0 technical compliance requirements, the ability to handle sensitive data such as Controlled Unclassified Information (CUI) and International Traffic and Arms Regulations (ITAR) data, the involvement in GCC High with other prime contractors in the DIB, and many other reasons.

By configuring the Microsoft 365 GCC High Tenant for CMMC 2.0 Level 2 technical requirements using workloads within the platform including Enterprise Mobility + Security (EM+S) and products such as Microsoft Purview Information Protection (previously Azure Information Protection/AIP), organizations can freely store CUI in OneDrive, Exchange Online, Microsoft Teams, and other locations without concern of non-compliance for mandated controls.

Moreover, this CMMC 2.0 Level 2 Solution benefits BlueHalo and other DoD organizations by allowing their users to leverage the platform to its fullest without compromising compliance.

When asked about migrations from Microsoft Commercial, or other platforms, BlueHalo’s Chief Information Officer, Matt Ramsey, stated:

"Our team can do these migrations to M365 GCC High and adopt Azure Government as a platform for growth, but we look at everything through the lens of the business case. We have integrated 11 acquisitions and need our team to stay focused on supporting the end-users, so we treat these migrations as independent projects we want to be executed very professionally and without interruption to our daily operations tempo.

As we surveyed companies to help us with the original implementation and ongoing migrations, Summit 7 was the obvious answer based on reviews of proposals and their completeness as well as the analysis of costs relative to their maturity and experience."

Results

Summit 7 demonstrated excellence by delivering the scalable and compliant environment that fast- growing companies like BlueHalo require.

BlueHalo CIO Matt Ramsey continued to state:

"The Azure Government security boundary created by Summit 7, which includes the Azure firewall, Sentinel SIEM, Enterprise Mobility, and the Security Suite, allows BlueHalo to easily and efficiently scale our IT enterprise to keep up with our growth - both organically and through acquisitions.

When operating within the Defense Industrial Base, it's become critical to have a solid foundation onto which we can quickly migrate acquisitions and scale BlueHalo with minimal operational impact."

Managing the technical debt that mergers and acquisitions can create is no easy task, yet BlueHalo was ready for the challenge, and they have proven to be successful time and time again.

The implementation of Summit 7 solutions and services has prepared BlueHalo to navigate future acquisitions in their mission to rapidly prototype new technology innovations and transition capabilities for their customers.

Ultimately, the partnership between Summit 7 and BlueHalo is a great example of the DoD’s vision for security and compliance in the Defense Industrial Base.