Skip to content

CASE STUDY

PSI Pax Changes from PreVeil to Microsoft 365 GCC High with Summit 7 for CMMC

PSI Pax Logo

 

"We wanted to regain centralized control of data permissions, sharing, and configuration management. GCC High afforded the achievement of these goals."

Debra Hill-Cherry
CIO at PSI Pax

About PSI Pax

Industry: Aerospace, Contract Management, Defense

Services: PSI Pax, Inc. was established on January 1, 2006 to provide professional support services to customers in various Department of Defense (DoD), civilian, and state agencies. In October 2014, PSI Pax welcomed Patty Robrecht, Lisa Mann, and John McAllister to their executive management team, and became certified as an Economically Disadvantaged Women-Owned Small Business (EDWOSB). Over the years, they have gained a reputation for excellent service at cost-effective prices, enabling continued growth, exponentially increasing their company’s size to what it is today – PSI Pax has grown 150% since 2014 and has gone from holding 1 prime contract to 6 prime contracts. 

Problem: PSI Pax was determined to achieve Cybersecurity Maturity Model Certification (CMMC) compliance and initially turned to PreVeil for their CUI file-sharing and security needs. However, the experience with PreVeil proved to be problematic and frustrating for the team. 

PSI Pax Image

 

PSI Pax Changes from PreVeil to Microsoft 365 GCC High with Summit 7 for CMMC

 

Learn how PSI Pax achieved:

  • Stronger CMMC Compliance: Discover how Summit 7 guided PSI Pax through the transition to Microsoft 365 GCC High, ensuring greater control over CUI and aligning with FedRAMP and NIST requirements.

  • Enhanced Visibility & Control: Learn how PSI Pax leveraged Microsoft Purview to gain centralized oversight of data permissions, file sharing, and configuration management—resolving key transparency issues from their previous platform.

  • Seamless Transition to a Familiar Platform: See how moving to Microsoft 365 GCC High allowed PSI Pax’s team to work within a known environment, reducing friction and improving efficiency compared to their experience with PreVeil.

  • Improved Security & Audit Capabilities: Find out how detailed audit trails and security policies in Microsoft GCC High addressed PSI Pax’s concerns about file versioning, unauthorized changes, and compliance risks.

  • Long-term Compliance & Operational Efficiency: Explore how Summit 7’s expertise not only helped PSI Pax achieve immediate compliance goals but also positioned them for sustained success in federal contracting.

"It all comes down to control with CMMC. Using PreVeil, we were unsure what was happening in the processing, transmission, sharing, and storing of the data in our environment. We needed more visibility into the changes occurring. Transitioning from PreVeil to a Microsoft 365 GCC High secure enclave brought familiarity in the environment to all of our users and confidence to our compliance and IT teams. We wanted to regain centralized control of data permissions, sharing, and configuration management. GCC High afforded the achievement of these goals."

Debra Hill-Cherry
CIO at PSI Pax

Challenge 

PSI Pax was determined to achieve Cybersecurity Maturity Model Certification (CMMC) compliance and initially turned to PreVeil for their CUI file-sharing and security needs. However, the experience with PreVeil proved to be problematic and frustrating for the team. Here are some of the key issues their team identified:

Functionality Problems: Users encountered frequent issues with the functionality of PreVeil, particularly with the sync process. Files needed to be synced to users' laptops, leading to multiple versions and outdated files being used. 
Lack of Control and Transparency: PSI Pax found it challenging to maintain control and visibility over file changes. The audit trails were insufficient, as they did not provide details about who made changes when shared with others.
Silo Effect: PreVeil's design led to a silo effect, where each user had their own isolated account, causing confusion and inefficiencies. There was no overarching configuration management to monitor or control file sharing.
Compliance Concerns: The FedRAMP memo released on 12/21/23 prompted a reevaluation of their cloud service provider's compliance, and PreVeil's limitations became more apparent. There was also a lack of confidence in CUI being protected at every stage of its journey.

CUI Data Flow with Preveil

 

Solution 

Recognizing the need for a more robust user-friendly solution, PSI Pax decided to transition to Microsoft 365 GCC High, with the expert guidance of Summit 7, the most experienced and awarded Microsoft Gov partner. This transition offered several advantages:

Confident Compliance: Moving to GCC High ensured that PSI Pax met the necessary compliance requirements, alleviating concerns raised by the FedRAMP memo, and providing assurance that CUI is protected throughout its lifecycle in PSI Pax.
Familiar Platform: The team was already familiar with Microsoft SharePoint and other Microsoft Suite products, which GCC High utilizes in a government instance, making the transition smoother and more intuitive for users and day to day operations.
Enhanced Control and Security: Microsoft Purview allowed PSI Pax to enforce centralized control over CUI files, ensuring that users could only share, print, or download files as permitted. This feature was critical in maintaining security and compliance and being confident of their upcoming CMMC assessment.
Improved Audit Trails: Purview also provides detailed audit trails, offering visibility into CUI file changes and user activities, covering vital NIST controls, thus addressing one of the significant pain points with PreVeil. 


GCC High Protects CUI

Results

The transition to Microsoft GCC High, facilitated by Summit 7, yielded significant positive outcomes for PSI Pax:

Confidence In Their CMMC Posture: The move brought PSI Pax closer to achieving CMMC compliance, a crucial goal for the company.
Increased Efficiency: The team experienced fewer issues with file synchronization and version control, leading to more efficient workflows and reduced frustration.
Better Control and Visibility: Enhanced audit trails and centralized control over file sharing improved overall security and management of sensitive information.
Strategic Partnership: Summit 7 provided exceptional support throughout the transition. Their knowledge, patience, and years of industry experience helped PSI Pax navigate the complexities of the switch and address any concerns promptly.

Patty Robrecht, PSI Pax Chief Executive Officer, noted the improved control and clarity, stating, “We now have a clear view of what is happening with our files and can ensure that our data is secure and compliant with CMMC standards.”

GccHigh vs Preveil
The cost of M365 GCC High was initially a concern, but was justified by the substantial benefits and peace of mind gained from the transition.

In summary, PSI Pax's move from PreVeil to GCC High, with the expert assistance of Summit 7, resulted in enhanced security, better control, and a smoother path to CMMC compliance.

To learn more about the limitations of file sharing tools like PreVeil and discover the benefits of M365 GCC High, read our blog here.

 

Should You Use File Sharing Tools like PreVeil for CMMC Compliance

 

"We now have a clear view of what is happening with our files and can ensure that our data is secure and compliant with CMMC standards."

Patty Robrecht
PSI Pax Chief Executive Officer

S7_logomark

Custom-Built CMMC Solutions on Azure Government

Summit 7 has developed a comprehensive CMMC compliant solution as well as a robust set of managed security tools in its product line to form the CMMC Managed Security Solution. This Managed Security Solution set is designed to support the DIB in their journey to protect critical US data.

The core requirements of the CMMC Managed Security Solution utilize E5 licensing in Microsoft 365 GCC High and multiple security workloads within Azure Government.