With the Sony breach still in the forefront of many minds, the threat of cyber attacks and the methods agencies have to thwart them are high on the agendas of leaders in the GovCon arena.
ExecutiveBiz spoke with Microsoft executives Scott Price, general manager of the national security group and Pat Arnold, managing architect for cyber, to discuss cybersecurity in federal marketplace.
ExecutiveBiz: Describe two areas of the business you focused on in 2014.
Scott Price: From a cultural standpoint, Microsoft has been very focused on working hard with our clients to take a very strong protect, detect and response posture for their enterprises. Our teams are pushing our clients towards a very high vigilance posture and the hardening effort of their service as well as application accounts to accomplish this. We can certainly take advantage of the fact that Microsoft is a ubiquitous product and operating system. We have a very sophisticated understanding and a powerful forensics team to assist us in responding to attacks. Our response starts with this posture of protect, detect and response and is followed up with a direct response to an increasing number of intrusions.
Patrick Arnold: Fundamentally many customers struggle with the configuration, operations, and management of their complex on-premises IT environments. There are many security technologies and solutions that can add value but it’s important to get the fundamentals right. A high percentage of the time the basics are overlooked and these are the reasons enterprises, whether government or industry, are falling victim to attackers.
ExecutiveBiz: Considering the issues Microsoft is working on, what is the biggest change in cyber that you’ve seen within the past five years?
Scott Price: We have a few things converging together. First, the footprint size in the Internet of Things – the huge interconnectivity of our devices from routine home appliances to sophisticated computers and devices. We’ve really provided a broader landscape and footprint to make it easier for the intruder to attack. Second, the adversary has become so much more sophisticated and very well-organized while using very comprehensive program management rigor. Taking those two things and throwing in the hygiene notion of corporations and individuals of not remaining current and vigilant due to the perception that intrusions will not happen to them, we start to have fertile grounds for the intruder to get into our networks.
Patrick Arnold: Over the past five years there have been new conversations in corporate boardrooms right up to CEOs around these threats. These threats have driven new levels of conversation and different points of legislation and policy that are merging to include creative legal instruments to disrupt cybercrime. Most recently we worked with Europol and Symantec to take down, Ramnit, a dangerous botnet with malicious toolsets providing criminals the ability to steal account credentials and manipulate banking websites.
ExecutiveBiz: What role could cloud and mobile technologies play in federal cybersecurity?
Scott Price: We take a two-step approach when working with our federal clients on the cloud. First, we do an inventory of the enterprise to identify high-value assets that need to be safeguarded with maximum protection. Then, we look at other assets as excellent candidates to move to the cloud. We often find that the federal and corporate enterprises can have a hodgepodge of all the new systems and others that are not current but provide exposure to the client. The cloud basically provides the client with a single environment that is current, controlled, maintained and hardened. We can keep it updated at a much faster rate than a typical IT organization can do. So there’s a very strong security component in that sense.
Patrick Arnold: All the certifications and accreditations that industry requires are really critical for the space because they provide levels of assurance for our clients, particularly the federal government. We are very diligent about these and we have been great leaders here. We have taken these to a new level with Microsoft’s Security Development Lifecycle (SDL) which has transformed the way we approach security. We developed the SDL over a decade ago to address the security quality of our products and services. Now for the cloud we have Operational Security Assurance (OSA), something that was born out of the work with SDL. It is a highly agile, quick turning process that makes sure we are constantly addressing new threats, new needs or privacy aspects – everything we do from a technology-people-process perspective with the cloud. On top of all the accreditations and attestations, we are diligent about this process so that directly benefits our end customers.
ExecutiveBiz: How do you see continuous diagnostics and mitigation (CDM) efforts shaping itself this year?
Scott Price: CDM is a huge twenty-two billion dollar contract with a great philosophy and a pragmatic approach because it takes advantages of the agency’s tools today. Microsoft has been very conscientious of those investments. We work hard with the clients on their existing toolsets. That being said, it is early to say what is going to happen to that particular procurement. We are anxious and excited to be a part of it.
Patrick Arnold: The program and the technical merits of what it aims to drive are super important. We are waiting and seeing where this all goes. We’ve been encouraging our customers to leverage what they have because much of what they need for CDM are in place with the Windows platform itself.
ExecutiveBiz: What is another cyber trend that we should watch in 2015?
Scott Price: There’s a cultural trend here. We have been pushing the methods of assuming they have already been breached and accordingly operate in a model of continuous detection and containment. We will continue to see a huge transformation across the IT space as customers move to the cloud. There are so many advantages to the cloud experience although cost is most frequently cited. Security plays a big role in this experience and it is an important trend in the cloud environment. We are proud of the cloud that Microsoft brings to the table. As companies continue to get hurt in this environment due the relentless attacks, decision-makers are going to consider whether they are still equipped to completely take care of their enterprise or they want to turn to cloud for a secure experience.
Patrick Arnold: In addition to protecting our government customers’ information technology systems, we have been developing rich threat detection capabilities for them as well. Rich threat detection capabilities are critical and there are key threat indicators in the Windows platform itself. Thus, it is important to make sense out of this Windows rich event-driven information and to provide a rich correlation of that data. The industry doesn’t have all the standards in place yet and you will see this as a continued and emerging area in the years ahead.