Skip to content

CASE STUDY

Seventh Sense Consulting: Limiting the Attack Surface of the Defense Industrial Base with Azure Government & M365

casestudylogo

About Seventh Sense Consulting

Industry: Government

Services: Acquisition, contract management, and cyber support services to federal and state governments

Problem: Since their business growth was reliant upon government contracts, they needed to secure their government tenant and enable their 100% virtual workforce to scale in a compliant manner.

CS2-HSV-204-1

The Protection of Critical Data: The US Defense Supply Chain

The Department of Defense (DoD) relies heavily on its partnership with suppliers and contractors in the Defense Industrial Base (DIB) making the US Defense supply chain a prime target for frequent and elaborate cyberattacks including ransomware initiatives and security breaches.

The DoD introduced the Cybersecurity Maturity Model Certification (CMMC) program to enforce the protection of sensitive information, specifically Controlled Unclassified Information (CUI), shared between the DoD and its DIB suppliers. The CMMC framework requires a third-party assessment wherein a team of professionals will interview and observe how the company secures sensitive information from the endpoint to the cloud.

Failure to keep this data secure leaves the potential for DoD being exposed to adversarial attacks and losing valuable intellectual property of the US government and military.

Seventh Sense Consulting is one of the many DoD suppliers who must adhere to these strict DoD regulations, and ultimately implement the right solutions, people, and processes to secure sensitive data.

A Path to Secure and Modern Workplace Growth 

Seventh Sense Consulting, a Service-Disabled Veteran Owned Small Business (SDVOSB) and a 100% virtually operated organization by design, provides acquisition, contract management, and cyber support services to federal and state governments. Seventh Sense was founded in 2012 by former government and industry acquisition and procurement executives who had a passion for serving the government. 

Seventh Sense was founded with one purpose: focus on bringing new and innovative solutions to Government agencies and apply new ideas to improve mission performance. Since inception, Seventh Sense has focused on people and has found success in delivering cutting-edge outcomes.

The Challenges Securing Data in a Modern Workforce 

Seventh Sense knew that winning government contracts was the path to continued growth for their business. The problem was, they weren't equipped to properly secure sensitive data in a compliant manner. Because of that, they were at risk of not being able to win government contracts. They knew that had to do something about it – and fast.

To complicate matters, their team was 100% remote, meaning sensitive data couldn't simply be housed in an on-premise environment. They needed to be able to securely and effectively exchange sensitive information with team members across the country – all in a manner which met government compliance standards.

This was a huge burden on the team at Seventh Sense, so they decided to call in outside help.

The Partner-Driven Solution 

Seventh Sense needed a partner with advanced technical expertise, government-level security capabilities, and appropriate resources available to run a secure managed IT and security operations program equipped to do business with the DoD.

They also needed a partner who could find and keep the resources needed to configure and implement a complex infrastructure at Seventh Sense.. This led them to the conclusion that they needed a partner who focused specifically on contractors in the DoD supply chain.

Seventh Sense’s journey with Summit 7, the #1 Security and Compliance partner for the DIB, started in 2019 as they made the decision to prioritize securing their government tenant. Even more importantly, Seventh Sense needed to enable employees to scale their operations in a virtual and compliant manner. For an organization with an all-remote workforce this meant that implementation and configuration against CMMC Level 2 Compliance (NIST SP 800-171A), as well as ongoing IT and Security management, had to be extremely precise.

Enabling Secure and Compliant Solutions 

In response to the security, compliance, and organizational challenges Seventh Sense was facing, Summit 7 delivered clear next steps that included thought leadership, education, resourcing, and a roadmap to a secure and compliant state for the DoD contractor. 

Specifically, the Summit 7 team enabled Seventh Sense to win via the following journey:

  • NIST 800-171 Project (Quick Start) 2019 
  • A Migration to the Microsoft Government platform (GCC High) 
  • The Upgrade of a 800-171 to a CMMC Level 2 Compliance project 
  • The Adoption of Guardian (Summit 7 MSP) 
  • The Adoption of Vigilance (Summit 7 MSSP)

Securely Migrating to Microsoft Government  

After many strategic conversations, it was clear to Seventh Sense that choosing Microsoft 365 GCC High and Azure Government as their future infrastructure was the way to go. Because of the organization’s need to handle CUI properly from existing DFAR 7012 requirements, and the potential of future existing contracts with ITAR data, M365 GCC High met the needs of Seventh Sense.

“Microsoft has always been a great partner, but we needed outside expertise to assist us with the migration of all users to the Government Cloud. This would have been a heavy lift on our resources and Summit 7 completed the migration without issue while providing education along the way” said Justin Willis, Director of Program Management at Seventh Sense Consulting.

GCC-High-ITAR-CUI

Note: Planning and mapping are the most critical components of migration - especially when transitioning from something like Google Workspace or AWS to the Microsoft Government Cloud. Migrating the wrong way, or to the wrong platform, can lead to headaches for organizations that want to quickly create compliant IT environments as CMMC continues to approach. 

Move off of on-prem and into the Cloud with Azure

movenocopyright

Migrate-Infrastructure-Microsoft-Gov-Step-4-Blog-2NOCOPY

Summit 7 then leveraged Microsoft Azure Government’s Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) capabilities to extend their organizational compliance boundary, affording them the ability to rapidly deploy new services in a secure and compliant manner using Microsoft Sentinel, Azure Premium Firewall, Defender for Cloud, Azure Blueprints, Azure Virtual Desktop, Windows 365, and more.

A Proper Organizational Configuration 

The Microsoft 365 GCC High and Azure Government platforms implemented by Summit 7 enabled Seventh Sense to re-host their Windows servers (and any future IT environments) on Azure quickly and in a compliant manner.

Moreover, Seventh Sense chose Microsoft 365 GCC High and Azure Government as their platforms because of the platforms’ ability to meet CMMC (NIST SP 800-171A) technical compliance requirements for handling CUI and potential ITAR data.

CMMC 2.0 Level 2 Solution Set

By configuring Seventh Sense’s Microsoft 365 GCC High tenant and Azure Government infrastructure to CMMC Level 2 (NIST 800-171A), the company was able to utilize existing workloads within the Microsoft platform. This equipped Seventh Sense with the ability to freely store CUI in OneDrive, Exchange Online, Microsoft Teams, and other locations without concern of non-compliance for mandated controls.

The CMMC Level 2 project was achieved by mapping all NIST SP 800-171 110 security controls and 320 assessment objectives within the NIST framework to the 900+ respective configurations within Microsoft 365 GCC High and Azure Government. 

The implementation and configuration of this project set Seventh Sense up for future success and allowed them to continue bidding on other DoD contracts; all while allowing their users to leverage the platform to its fullest without compromising security.

A Partner to Securely Scale Seventh Sense: Guardian MSP 

After migration, implementation, and configuration of the IT environment, the decision to utilize a fully resourced Managed Service Provider was the next step for the Seventh Sense team. Resourcing and maintaining the proper teams necessary to securely run a successful DoD contractor presented huge challenges for Seventh Sense. The decision was made to adopt Guardian, Summit 7’s MSP, for monthly support of their new IT environment.

At this stage, it was clear to the Seventh Sense team that the operational expenditure far outweighed the capital expenditure due to the difficulty of attempting to hire the right employees to support a fully secure and compliant IT environment.

A Managed Security Partner: Vigilance and MXDR to The Rescue 

MXDR-Microsoft

On top of the implemented and managed compliant IT environment, Seventh Sense was looking for a partner to help them control security threats. In the United States alone, there are over 2,220 cyberattacks each day, which breaks down to nearly 1 cyberattack every 39 seconds.

From the U.S. Government Accountability Office, the Defense Industrial Base – which includes entities outside the federal government that provide goods or services critical to meeting U.S. military requirements, has experienced over 12,000 cyber incidents since 2015.

Picture1

When Seventh Sense approached Summit 7, they were looking for more than just an Endpoint Detection and Response tool; they were introduced to the Microsoft Defender suite with Microsoft Sentinel as a part of Vigilance’s MXDR service. Summit 7 explained how MXDR, or the Defender stack, allows for a holistic view of the threat landscape at an organizational level as opposed to an off-the-shelf tool that only provides EDR (endpoint detection and response).

G&V Side by Side

Summit 7 and Seventh Sense leverage the M365 GCC High E5 license and Azure Government to use the robust suite of Purview and Priva security tools such as: 

  • MXDR – Managed Extended Detection and Response  
  • Microsoft Sentinel  
  • Conditional Access  
  • B2B Collaboration  
  • Defender for Endpoint 
  • Defender for Identity  
  • Defender for Cloud 
  • Defender for Office 365 
  • Defender for Cloud Apps 
  • Purview Microsoft Information Protection 
  • Azure AD Information Proxy  

Specifically, by utilizing Microsoft Defender for Endpoint, Summit 7 was able to help prevent potential insider risk events with Seventh Sense by assessing and remediating gaps within their security posture. 

A Partner to Aid Offensive Security: Vigilance 

Seventh Sense gained confidence by utilizing Summit 7’s Vigilance allowing them to actively perform business operations without worrying about potential threats to the environment or data exfiltration due to the constant monitoring performed by the Vigilance Security Operations Center (SOC).

Conclusion - Scaling for the Future

Director of Program Management at Seventh Sense, Justin Willis, stated “Utilizing Summit 7’s CMMC Managed Security Solution is a no-brainer for us and helps us sleep at night. Actively monitoring for threats and maintaining our security and compliance posture are two of our top priorities. The benefits outweigh the costs tremendously, so we’re looking forward to what the future holds with Summit 7 and Microsoft.” 

"Utilizing Summit 7’s CMMC Managed Security Solution is a no-brainer for us and helps us sleep at night."

Justin Willis
Seventh Sense Consulting

S7_logomark

Custom-Built CMMC Solutions on Azure Government

Summit 7 has developed a comprehensive CMMC compliant solution as well as a robust set of managed security tools in its product line to form the CMMC Managed Security Solution. This Managed Security Solution set is designed to support the DIB in their journey to protect critical US data.

The core requirements of the CMMC Managed Security Solution utilize E5 licensing in Microsoft 365 GCC High and multiple security workloads within Azure Government.