{"id":90266,"date":"2019-12-09T09:00:03","date_gmt":"2019-12-09T17:00:03","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90266"},"modified":"2023-09-26T09:28:51","modified_gmt":"2023-09-26T16:28:51","slug":"improve-cyber-supply-chain-risk-management-microsoft-azure","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/","title":{"rendered":"Improve cyber supply chain risk management with Microsoft Azure"},"content":{"rendered":"<p>For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/supply-chain-malware\" target=\"_blank\" rel=\"noopener noreferrer\">Supply chain attacks<\/a> target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise legitimate applications. This is a key concern for government cybersecurity in the cloud, as the expanding digital estate requires movement towards a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust security<\/a> model.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90267 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1.png\" alt=\"Infographic showing the expanding digital estate, including energy systems, smart cities, vehicles, marketplaces, sensors, equipment, customers, supply chains, citizens, on-premises, manufacturers, and mobile devices.\" width=\"1076\" height=\"607\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1.png 1076w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1-768x433.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1-1024x578.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-1-539x303.png 539w\" sizes=\"auto, (max-width: 1076px) 100vw, 1076px\" \/><\/a><\/p>\n<p>There are several techniques to attack cyber supply chains in Information Communications and Technology (ICT) products and services. Supply chain attacks are most concerning because they target vulnerabilities in your infrastructure before you even deploy your assets and software.<\/p>\n<p>Attackers can:<\/p>\n<ul>\n<li>Compromise software building tools to ensure that their malware is imprinted into all software generated from the building tools.<\/li>\n<li>Replace software update repositories with malicious replicas that distribute malware across entire software ecosystems.<\/li>\n<li>Steal code-signing certificates to make malicious software appear as legitimate code.<\/li>\n<li>Intercept hardware shipments to inject malicious code into hardware, firmware, and field-programmable gate arrays (FPGAs).<\/li>\n<li>Pre-install malware onto IoT devices before they arrive to target organizations.<\/li>\n<\/ul>\n<h3>Managing Supply Chain Risk Management (SCRM) to defend against supply chain attacks<\/h3>\n<p>Defending against supply chain attacks requires a comprehensive approach to managing Supply Chain Risk Management (SCRM). Federal risk managers must deploy strong code integrity policies and technical screening controls to ensure their software complies with organizational directives such as applying NIST SP 800-53A security controls for Federal Information Security Management Act (FISMA) compliance. Code integrity requires full non-repudiation of software to validate information producer associations, identity, and chain of custody for systems and components (NIST SP 800-161, 2015). One critical opportunity for addressing code integrity in your supply chain is to implement and adhere to a secure software development lifecycle for applications that you develop in-house and that you acquire from third-party supply chain partners.<\/p>\n<p>Microsoft continues to use the <a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security Development Lifecycle<\/a>, a fundamental process of continuous learning and improvement in the security, integrity, and resiliency of our enterprise applications. We require supply chain providers to adhere to these practices as well.<\/p>\n<p>Organizations should employ asset monitoring and tracking systems such as radio-frequency identification (RFID) and digital signatures to track hardware and software from producers to consumers to ensure system and component integrity. <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/fips\/200\/final\" target=\"_blank\" rel=\"noopener noreferrer\">FIPS 200<\/a> specifies that federal organizations \u201cmust identify, report, and correct information and information system flaws in a timely manner while providing protection from malicious code at appropriate locations within organizational information systems\u201d (FIPS 200, 2006).<\/p>\n<h3>How Microsoft fights against malware<\/h3>\n<p>Microsoft understands how to fight malware and have worked hard for many years to offer our customers leading endpoint protection to defend against increasingly sophisticated attacks across a variety of devices. These efforts have been recognized, for example, in this year\u2019s <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/08\/23\/gartner-names-microsoft-a-leader-in-2019-endpoint-protection-platforms-magic-quadrant\/\" target=\"_blank\" rel=\"noopener noreferrer\">2019 Gartner Endpoint Protection Platforms Magic Quadrant<\/a>. In addition, <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/windows\/microsoft-defender-atp\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Defender Advanced Threat Protection (ATP)<\/a> integrates directly with <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/security-center\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Azure Security Center<\/a> to alert your security teams of threat actors exploiting your vulnerabilities.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90268 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2.png\" alt=\"Image of the Gartner Magic Quadrant for Endpoint Protection Platforms, showing Microsoft as a Leader.\" width=\"816\" height=\"819\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2.png 816w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2-150x150.png 150w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2-300x300.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2-768x771.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-2-100x100.png 100w\" sizes=\"auto, (max-width: 816px) 100vw, 816px\" \/><\/a><\/p>\n<p><em>Magic Quadrant for Endpoint Protection Platforms.*<\/em><\/p>\n<p>Endpoint Protection Platforms can support software development and fight malware, but government organizations must follow <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/07\/26\/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks\/\" target=\"_blank\" rel=\"noopener noreferrer\">recommendations for software vendors and developers<\/a> by applying patches for operating systems and software, implementing mandatory integrity controls, and requiring Multi-Factor Authentication (MFA) for administrators.<\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-recommendations\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Security Center Recommendations<\/a> help government organizations eliminate security vulnerabilities before an attack occurs by facilitating actions to secure resources, including OS vulnerability detection, mandatory controls, and enforcing authentication with MFA and secure access with <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-just-in-time\" target=\"_blank\" rel=\"noopener noreferrer\">just-in-time (JIT)<\/a> virtual machine access.<\/p>\n<p>When you remediate recommendations, your Secure Score and your workloads&#8217; security postures improve. Azure Security Center automatically discovers new resources you deploy, assesses them against your security policy, and provides new recommendations for securing them.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90269 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3.png\" alt=\"Screenshot of Recommendations in the Azure Security Center.\" width=\"1676\" height=\"1017\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3.png 1676w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3-300x182.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3-768x466.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3-1024x621.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-3-440x268.png 440w\" sizes=\"auto, (max-width: 1676px) 100vw, 1676px\" \/><\/a><\/p>\n<p>Azure Security Center also facilitates cyber learning through gamification. Secure Score allows your SecOps and Security Governance Risk &amp; Compliance (SGRC) teams to remediate vulnerabilities through a points-based system. This capability can enhance system configurations and reinforce supply chain risk management in a single pane of glass for your infrastructure security posture, and even includes a <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/regulatory-compliance-dashboard-in-azure-security-center-now-available\/\" target=\"_blank\" rel=\"noopener noreferrer\">regulatory and compliance dashboard<\/a> to facilitate federal compliance requirements and can be tailored to your organization.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90270 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4.png\" alt=\"Screenshot of the Overview in the Azure Security Center.\" width=\"1474\" height=\"982\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4.png 1474w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4-300x200.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4-768x512.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4-1024x682.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-4-293x195.png 293w\" sizes=\"auto, (max-width: 1474px) 100vw, 1474px\" \/><\/a><\/p>\n<p>Security of federal information systems requires compliance with stringent standards such as NIST SP 800-53, FISMA, CIS Benchmarks, and FedRAMP Moderate. <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/blueprints\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Blueprints<\/a> facilitates compliance with these standards ensuring a secure-by-design approach to federal information security. Azure Blueprints enable cloud architects and information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization&#8217;s standards, patterns, and requirements.<\/p>\n<p>Azure Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as role assignments, policy assignments, and <a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/resource-manager\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Resource Manager<\/a> templates. Azure Blueprints also provide recommendations and a framework to directly apply compliance requirements to your environment while monitoring configurations through Continuous Monitoring (CM).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-5.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90271 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-5.png\" alt=\"Screenshot of a blueprint sample being created.\" width=\"761\" height=\"863\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-5.png 761w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-5-265x300.png 265w\" sizes=\"auto, (max-width: 761px) 100vw, 761px\" \/><\/a><\/p>\n<h3>Employing a comprehensive monitoring program<\/h3>\n<p>Protecting your supply chain also requires a comprehensive monitoring program with cyber incident response and security operations capabilities. <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel<\/a> is a cloud-native security information and event manager (SIEM) platform that uses built-in artificial intelligence (AI) to help analyze large volumes of data across an enterprise\u2014fast. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds.<\/p>\n<p>Azure Sentinel leverages the <a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Graph<\/a>, which detects threats, reduces false positives, and puts your responders on target. Azure Sentinel Workbooks optimize productivity with dozens of built in dashboards to enhance security monitoring.<\/p>\n<p>Azure Sentinel Analytics allow your cyber defenders to employ proactive alerting to detect threats impacting your supply chain security. Azure Sentinel Playbooks includes over 200 connectors to leverage full automation through <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/logic-apps\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Logic Apps<\/a>. This powerful capability allows federal agencies to compensate for the cyber talent gap with Security Automation &amp; Orchestration Response (SOAR) capabilities while leveraging machine learning and AI capabilities. Azure Sentinel <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/tutorial-investigate-cases\" target=\"_blank\" rel=\"noopener noreferrer\">deep investigation<\/a> allows your incident response teams to dig into incidents and identify the root cause of attacks.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-6.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90272 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-6.png\" alt=\"Screenshot showing an anomalous login.\" width=\"785\" height=\"344\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-6.png 785w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-6-300x131.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-6-768x337.png 768w\" sizes=\"auto, (max-width: 785px) 100vw, 785px\" \/><\/a><\/p>\n<p>Azure Sentinel\u2019s <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/hunting\" target=\"_blank\" rel=\"noopener noreferrer\">powerful hunting search-and-query tools<\/a> are based in the MITRE ATT&amp;K Framework, allowing your responders to proactively hunt threats across the network before alerts are triggered. The <a href=\"https:\/\/aka.ms\/asicommunity\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel community<\/a> is growing on GitHub and allows your team to collaborate with the information security community for best practices, efficiencies, and security innovation.<\/p>\n<p>\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n\t<div class=\"card d-block mx-ng mx-md-0\">\n\t\t<div class=\"row no-gutters\">\n\n\t\t\t\t\t\t\t<div class=\"col-md-4\">\n\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal.png\" class=\"card-img img-object-cover\" alt=\"\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal.png 150w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal-100x100.png 100w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/>\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"d-flex col-md\">\n\t\t\t\t<div class=\"card-body align-self-center p-4 p-md-5\">\n\t\t\t\t\t\n\t\t\t\t\t<h2>Azure Sentinel<\/h2>\n\n\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t<p>Intelligent security analytics for your entire enterprise.<\/p>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"link-group\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" class=\"btn btn-link text-decoration-none p-0\" target=\"_blank\">\n\t\t\t\t\t\t\t\t<span>Learn more<\/span>\n\t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/p>\n<p>Cyber Supply Chain Risk Management (SCRM) is a growing concern within the federal sector. Microsoft is committed to bolstering government cybersecurity in the cloud. Microsoft Azure goes the distance to protect your network against supply chain attacks through Microsoft Defender ATP\u2019s industry leading Endpoint Protection Platform, Azure Security Center\u2019s comprehensive continuous monitoring platform, Azure Blueprints approach to rapidly deploying a compliant cloud, and Azure Sentinel\u2019s cloud-native SIEM that harnesses the limitless power of the cloud through threat intelligence, machine learning, AI, and automation.<\/p>\n<h3>Learn more about government cybersecurity in the cloud with Microsoft<\/h3>\n<p>Here are some of the best resource to learn more about government cybersecurity in the cloud with Microsoft:<\/p>\n<ul>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/announcing-azure-government-secret-private-preview-and-expansion-of-dod-il5\/\" target=\"_blank\" rel=\"noopener noreferrer\">Announcing Azure Government Secret private preview and expansion of DoD IL5<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/enabling-intelligent-cloud-and-intelligent-edge-solutions-for-government\/\" target=\"_blank\" rel=\"noopener noreferrer\">Enabling intelligence cloud and intelligent edge solutions for government<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-your-environment-setup-while-meeting-compliance-needs-with-built-in-azure-blueprints\/\" target=\"_blank\" rel=\"noopener noreferrer\">Simplifying your environment setup while meeting compliance needs with built-in Azure Blueprints<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/enterprise-mobility-security\/solutions\/ems-govt-service-description\" target=\"_blank\" rel=\"noopener noreferrer\">Enterprise Mobility + Security for U.S. Government service description<\/a><\/li>\n<\/ul>\n<p>Also, join us for the <a href=\"https:\/\/www.microsoft.com\/en-us\/ignite-the-tour\/washington-dc\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Ignite Government Tour<\/a> in Washington, D.C., February 6, 2020.<\/p>\n<p>Bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters and follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> or visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noopener noreferrer\">website<\/a> for the latest news and updates on cybersecurity.<\/p>\n<p>Are you a federal government agency that needs help with cybersecurity? Reach out to <a href=\"https:\/\/www.linkedin.com\/in\/tjbanasik\/\" target=\"_blank\" rel=\"noopener noreferrer\">TJ Banasik<\/a> or <a href=\"http:\/\/www.linkedin.com\/in\/marmci\" target=\"_blank\" rel=\"noopener noreferrer\">Mark McIntyre<\/a> for additional details on the content above, or if you have any other questions about Microsoft\u2019s cybersecurity investments for the federal government.<\/p>\n<p><em>*This graphic was published by Gartner, Inc. as part of larger research documents and should be evaluated in the context of the entire document. The Gartner documents are available upon request from Microsoft. Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner\u2019s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and\/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.<\/p>\n","protected":false},"author":96,"featured_media":90273,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"content-type":[3662],"topic":[3681,3685,3687,3689],"products":[3726],"threat-intelligence":[],"tags":[],"coauthors":[1905],"class_list":["post-90266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-risk-management","topic-siem-and-xdr","topic-threat-intelligence","topic-zero-trust","products-microsoft-sentinel"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Improve cyber supply chain risk management with Microsoft Azure<\/title>\n<meta name=\"description\" content=\"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improve cyber supply chain risk management with Microsoft Azure\" \/>\n<meta property=\"og:description\" content=\"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-09T17:00:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-26T16:28:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-full-size-1024x575.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"575\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark McIntyre\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-full-size.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark McIntyre\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-mcintyre\/\",\"@type\":\"Person\",\"@name\":\"Mark McIntyre\"}],\"headline\":\"Improve cyber supply chain risk management with Microsoft Azure\",\"datePublished\":\"2019-12-09T17:00:03+00:00\",\"dateModified\":\"2023-09-26T16:28:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\"},\"wordCount\":1433,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\",\"name\":\"Improve cyber supply chain risk management with Microsoft Azure\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg\",\"datePublished\":\"2019-12-09T17:00:03+00:00\",\"dateModified\":\"2023-09-26T16:28:51+00:00\",\"description\":\"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg\",\"width\":440,\"height\":268,\"caption\":\"Image of cranes.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Improve cyber supply chain risk management with Microsoft Azure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improve cyber supply chain risk management with Microsoft Azure","description":"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/","og_locale":"en_US","og_type":"article","og_title":"Improve cyber supply chain risk management with Microsoft Azure","og_description":"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-12-09T17:00:03+00:00","article_modified_time":"2023-09-26T16:28:51+00:00","og_image":[{"width":1024,"height":575,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-full-size-1024x575.jpg","type":"image\/jpeg"}],"author":"Mark McIntyre","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-full-size.jpg","twitter_misc":{"Written by":"Mark McIntyre","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-mcintyre\/","@type":"Person","@name":"Mark McIntyre"}],"headline":"Improve cyber supply chain risk management with Microsoft Azure","datePublished":"2019-12-09T17:00:03+00:00","dateModified":"2023-09-26T16:28:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/"},"wordCount":1433,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/","name":"Improve cyber supply chain risk management with Microsoft Azure","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg","datePublished":"2019-12-09T17:00:03+00:00","dateModified":"2023-09-26T16:28:51+00:00","description":"To keep government agencies secure in the cloud, we must keep pace and stay ahead of cyber attackers by defending the cyber supply chain with Microsoft Azure.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/12\/Cyber-supply-chain-risk-management-card.jpg","width":440,"height":268,"caption":"Image of cranes."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/12\/09\/improve-cyber-supply-chain-risk-management-microsoft-azure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Improve cyber supply chain risk management with Microsoft Azure"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90266"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90266\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90273"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90266"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90266"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90266"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90266"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90266"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}