Office doesn’t cut the mustard for ensuring regulatory compliance
When it comes to government agencies and their contractors and subcontractors, there are a plethora of security regulations that must be adhered to in order to protect our nation’s most valuable data. To make things more complicated, security regulations of the United States government are in a constant state of flux as adjustments are made to keep up with the ever-evolving threat environment in which the world now operates.
This is especially true for the U.S. Department of Defense (DoD) and contractors holding or processing controlled unclassified information (CUI). Contractors and subcontractors are often also subject to the Defense Federal Acquisition Regulation Supplement (DFARS) and International Traffic in Arms Regulations (ITAR). What it all boils down to is that government agencies and their contractors (as well as subcontractors) require the highest level of information security available. That’s where Microsoft Government Community Cloud (GCC) High and DoD come in.
Email as a Risk Factor
One of the greatest mistakes businesses make is not working in a secure email environment leaving them vulnerable to one of the most common ways breaches occur. That’s why it’s so imperative that the government and companies contracting or subcontracting with the government employ Microsoft GCC High and DoD environments to address security threats and achieve regulation compliance.
According to the blog “Cyber Security Statistics for 2019” online at Cyber Defense Magazine, 43 percent of all cyberattacks are aimed at small businesses and 91 percent of attacks are launched with a phishing email. The same blog reported that in 2019, “85 percent of all attachments emailed daily are harmful for the intended recipients.” As small businesses are a huge target for bad actors, 61 percent of data breach victims were of companies with fewer than 1,000 employees, per the blog.
Microsoft GCC High achieves compliance requirements by the DoD and U.S. government. This is accomplished through the inclusion of security controls and control enhancements required by the Federal Risk and Authorization Management Program at a moderate baseline (FedRAMP Moderate). Microsoft GCC High also achieves the regulatory requirements outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53. Additionally, GCC High also meets the required security controls and control enhancements for the U.S. DoD Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5).
Higher Level Access
While Microsoft GCC High includes Office 365, it also includes other features to achieve a higher security level. For example, it has integrated Exchange Online, SharePoint Online, and Skype for Business. As a security feature, businesses cannot integrate on-premises IP-PBX systems with Exchange Online Unified Messaging as they can with the standard version of Office 365. Another feature that has been discontinued in GCC High for security purposes is Public Switched Telephone Network (PSTN) for telephone-oriented services.
Through GCC High or DoD environments, one can keep documents private, share with everyone in their organization, or allow only specific personnel access to the information. This is a critical component for government agencies, contractors, and subcontractors dealing with CUI which must employ the principle of least privilege. In addition to limited access, multi-factor authentication is another integrated feature in GCC High environments to provide an extra level of personal security in the workplace.
External application access is also limited. Data sources for add-ins are limited in GCC High but some are allowed within the security boundary for a given organization’s cloud service. Some business connectivity services are also supported but sandbox solutions have been halted. If sandbox solutions are a necessity for some reason, they can be migrated through SharePoint add-ins.
Purchasing GCC High
In the past, GCC High was targeted to larger companies; those with more than 500 employees. Now Microsoft 365 GCC High licensing is available to companies with fewer than 500 employees through a certified Microsoft reseller such as Dox Electronics. As a Microsoft Silver Partner and one of only a handful of authorized resellers for the smaller licenses for GCC High, Dox can provide access to this incredible level of higher security that achieves several government regulations.
While government regulations can be confusing, Dox makes understanding them and achieving compliance simple. If your organization is a contractor or subcontractor with the DoD or you fall under the requirements of DFARS, ITAR, and/or the new Cybersecurity Maturity Model Certification (CMMC), you must be utilizing GCC High in order to be in compliance. DFARS requires your cloud environment to be FedRAMP compliant and Microsoft is not able to supply the FedRAMP controls under the regular Office 365 software that is available to the general public. Microsoft only certifies DFARS compliance in the GCC High environment.
In conclusion, it’s incredibly important that businesses contracting or subcontracting with the U.S. government ensure they are employing the right email software to achieve regulatory compliance. If your business is doing government work or is in manufacturing, you can’t work in the standard Office 365 suite and expect your data to be properly secured. Now is the time to migrate to Microsoft GCC High if you haven’t done so already.
Dox is here to answer all of your questions and assist you in achieving better data security as well as regulation compliance so you can focus on your business. For more information about Microsoft GCC High, contact Dox online or call us now at (585) 473-7766.