Learn how to boost your agency’s information security with our free ebook “More than Security: Public Sector Cloud-to-Cloud Data Protection for Office 365 and Microsoft Teams.“
This is the 1st installment in a series addressing the challenges facing the DOD as they move into Microsoft 365. The others are here:
- Considerations for Governance in DOD365
- Is Zero Trust Enough to Secure Your Data?
- How Teleworking and the CVR Affect Records Management for the DoD/IC
- How to Prepare for Unified Labeling in Microsoft 365 DoD
- Backup & Retention Policies for Microsoft 365: Why the DOD Needs Both
- Smart Data Governance Lessons Worth Learning From the CMMC
- What to Use When for Secure Microsoft 365 Collaboration
Listening into yesterday’s AFCEA Tampa’s virtual luncheon hosted by Major General Garrett Yee and his DISA team, a key interest to me was DISA’s announced plans post CVR.
One of the biggest questions I had coming from the lunch was how DISA plans to provide administrative autonomy across a centralized tenant within Office365 for each of the 45 agencies and commands that will be in this new environment.
What is the CVR?
For those not aware, in response to COVID 19, Microsoft partnered with DOD to provide telework capabilities to 4M users via Microsoft Teams in an environment called the “Commercial Virtual Remote (CVR) Environment“.
This has been ahuge success and many I talk to across Army, AF, and COCOMs are keen to keep this type of cross-command and modern collaboration capability long term.
Dr. Brian Hermann, DISA Service Development Executive, briefed the luncheon attendees that CVR has been extended to Dec 15th and DISA will then offer an Impact Level 5 (IL5) version at that time for all of the 4th Estate and COCOMs.
As a Microsoft Federal Partner, having helped thousands of organizations evaluate, plan, and execute their move to O365, I was immediately excited to see the DOD community moving full speed into the collaboration capabilities of Microsoft 365. This is an important step towards IT modernization and force readiness.
How Do We Collaborate With Autonomy?
Microsoft has made Office 365 VERY simple to use and has robust security features, but it also has a central architecture.
Being under a central tenant is advantageous in that it allows quick collaboration and removes collaboration silos among/within the different commands. However, there are some configurations and settings that follow a “one-tenant, one rule” policy that can complicate each command’s ability to tailor the environment to their specific needs or protect different types of data in different ways.
For example: DCAA is going to have strict requirements over contractor access to audit data and workspace management, while agencies like CENTCOM, DTRA, and MDA may lean heavily on contractors to manage their own collaborative workspaces and be key players in information collection.
With native controls, each of these agencies’ contractors will have the same privileges, access to workspace management and creation, and deployment of security features against workspace-required manual intervention. More specifically, if DCAA wants to exclude contractors from administering their SharePoint site collections, then no contractor across the entire DISA tenant can be a SharePoint Service Administrator, period.
Knowing this, I think to myself, “…how will DISA orchestrate bringing 45 different agencies and COCOMs into the same tenant WHILE allowing them to maintain their autonomy and craft and maintain their own policies and processes?”
I would also note, DISA isn’t alone. I imagine the Army, Air Force, and Navy are facing the same challenges of providing MAJCOM autonomy in a branch service wide tenant.
Solving for Delegated Administration
AvePoint has been solving this problem going back as far as SharePoint 2003. Organizations with a centralized IT department deploy “SharePoint as a Service” and use AvePoint’s software to delegate administration to IT leads at the Directorate or Business Unit Level. With Office 365, we’ve taken that same process and expanded it beyond SharePoint management.
In the video below, Dux does a great job of articulating the need for delegated administration. Additionally, the Minneapolis Metropolitan Council used AvePoint to give their five independent councils autonomy while moving everyone to a single Office 365 tenant as part of their COVID-19 response.
CVR has shown us the immense benefit of connecting the major commands, the collaboration that can happen, and the empowerment our service members and civilians have being able to work from anywhere. Let’s continue to not only offer them this capability but do it in a way that maintains their service/agency/command’s operational independence.