The US Department of Defense (DoD) has a vested interest in making the process of working with them as challenging as possible.
For the DoD, ensuring that all communications both internally and with their contractors are secure is a top priority. With state actors like Russia, China, North Korea, and plenty of others seeking to steal secrets from the government and the companies that contract with them, the case for putting additional security measures in place makes a lot of sense.
And there are a lot of standards that need to be followed.
In a true mix of alphabet soup, contractors working with the government on defense-related projects need to be in compliance with regulations like ITAR, DFARS, FedRAMP, NIST 801 71, and the more recently passed CMMC. The Cybersecurity Maturity Model Certification, which became law at the end of November 2020, has 130 controls for Level 3 compliance. That’s 20 more than NIST 801 71.
Hearing that your organisation has to meet 130 controls in order to keep your hard-won contract with the DoD can be a hard pill to swallow. But there’s more.
Along with these many requirements, organisations have to transition over from their commercial Microsoft (or even standard government (GCC) level licenses) to GCC High if they want to continue to work with the DoD.
Transitioning to a More Controlled Environment
Making this move can be complicated. Only a select number of companies are able to even sell GCC High, and it requires a process to audit and implement the necessary controls. But it is a necessary step.
Speaking with Sean Spicer from Agile IT, one of the limited number of providers that are able to sell GCC High. Every piece of the GCC High environment needs to be certified by the federal government. In working with their customers to make the move to GCC High, Agile IT helps them to perform internal discovery processes to help them assess their level of compliance. They then work with them to implement the necessary security controls so that their customers can keep their contracts.
Many of the basic controls include steps like implementing multi-faceted authentication and conditional access security controls. Spicer notes that as organisations start to make their move over to a more secure environment in order to start work with GCC, they will occasionally encounter some startling discoveries.
“Sometimes we will turn on MFA and conditional access,” says Spicer on their experience of starting with new customers. “That’s when we find out that somebody has been logging into the secretary’s account from Russia, and is suddenly locked out. This is when we start getting all these alerts, and it’s ‘Oh, you had somebody in your system, let’s go ahead and do some threat hunting, find out what’s going on.’”
Filling in the Voice Gap in GCC High
Spicer describes GCC High as a copy of the DoD environment that includes many of the features found in your standard Microsoft license. But not all.
A key feature that he notes is different from say an E5 license of Office 365 is the lack of voice calling over the PSTN.
If a defense contractor wants the ability to provide a call-in number for conferences, call backs to a person’s phone, or even just to add someone to the conversation, then the ability to connect their cloud-based PBX through the PSTN is a must.
While Teams offers various options for audio and video conferencing, the ability to help contractors connect over the phone is an important feature that Spicer’s customers demand –– especially for their workers who may be operating on a mixture of secured devices or in locations with poor connectivity.
In order to provide voice service through Direct Routing, Agile IT has partnered with Microsoft Gold Member CallTower. Only CallTower is able to offer Voice for Teams as they are the only certified provider.
Spicer tells UC Today that a critical advantage for Agile IT in working with CallTower is that CallTower’s Direct Routing for GCC High is already hosted in the Azure Government environment.
“This means that there is no need for Agile IT or their customers to take additional steps for handling compliance,” he says.
As a recognised, certified provider of GCC High and a Gold Partner with Microsoft, CallTower already meets all of the compliance requirements for everything from DFARS to ITAR to FedRamp. CallTower provides Agile IT’s GCC High customers with a full turnkey solution for all of their voice needs. This includes features like audio conferencing, local dial in numbers that connect directly into the Teams environment, the ability to add additional people into a call through the PSTN, as well as features like paging or call rolling depending on the needs of the organisation.
“For our customers, this means that they do not need to invest in additional expenses to start working in a secure and compliant Microsoft environment with their Direct Routing for Teams,” says Spicer, noting that, “CallTower provides them with the ability to scale up their operations in the cloud securely across their entire team”
By handling the heavy lifting of handling compliance for data security and sovereignty, CallTower is able to work with their partners like Agile IT to make the transition over to GCC High a little less complex for customers. Hopefully giving them the headspace to meet their requirements and continue working with their DoD contracts.
