Summary
In the wake of new federal regulations, vendors to the Department of Defense (DoD) were forced to meet compliance in a timely manner or risk losing contracts. Many contractor businesses invested in Microsoft’s cloud products or infrastructure that could more readily meet the standards required for information systems. This new venture into enterprise cloud came with unfamiliar architecture, governance, and security considerations. Summit 7’s Change Control Board (CCB) Solution, using Office 365 and the Power Platform, assisted in the facilitation and capture of this decision-making process.
Challenge
For federal contractors in the defense industry, security and compliance is of the upmost importance. Compliance requirements require systems in place to:
- Establish and enforce security configuration settings for workloads in organizational information systems
- Analyze the security impact of changes prior to implementation
- Employ the principle of least functionality by configuring the information system to provide only essential capabilities
Balancing the needs of the business (getting work done) with the requirements of the government, requires significant attention. To strike this balance, federal contractors charter a CCB to govern these complex decisions. The federal contractor customer base that Summit 7 serves was looking to streamline the processes for handling change-requests and conducting CCB meetings. The solution goals were to provide better collaboration tools for a contractor’s CCB, provide better platform stability, and improve the tenant configuration change control process.
Strategy
Summit 7 designed and delivered a new solution to streamline and automate organization’s change-control process, which is driven by a working group and monthly CCB meetings.
This involved the use of SharePoint Online, Microsoft Flow, and PowerApps to automate the change-request submission, routing, and approval processes. The solution also leveraged Flow and Planner to handle task-management for tenant changes and the collection/storage of change logs.
The solution also integrated Microsoft Teams and PowerApps to streamline the Change Control Board’s in-person meeting and review process wherein stakeholders will discuss the security impact of tenant changes and vote on the implementation of those changes.
Results
Prior to Summit 7’s involvement, much of this process was carried out over email and spreadsheets. This new solution has organized and streamlined DoD contractors’ change-control process and has led to significant improvements in turn-around time and compliance as changes are inevitability needed within their environment. As Microsoft releases new features or enhancements, customers are more agile to assess and determine the company’s configuration management plan. The working group’s embrace of Microsoft Teams has also been instrumental in how this core group collaborates and reviews new requests.