CASE STUDY
J&J Worldwide Services: Enhancing CMMC compliance with Microsoft Purview and the M365 G5 License Stack
About J&J Worldwide Services
Industry: Government
Services: Facility services including aseptic cleaning and maintenance for military healthcare facilities
Problem: With CMMC on the horizon as a contract requirement, it was imperative that J&J find a premiere provider to maintain compliance and safeguard their business.
The Cyber War and Its Threat to National Security
The United States is currently engaged in a Cyber War, with Advanced Persistent Threats (APTs) from foreign adversaries seeking to steal critical information about U.S.
technologies. This advanced technology serves as the backbone of our nation’s industrial and defensive superiority. The primary target of these attacks is the U.S. Department of Defense (DoD) and its associated supply chain known as the Defense Industrial Base (DIB).
China, through intellectual property theft, has now surpassed the United States in 37 out of 44 critical technologies, including areas such as Optics, Advanced RF, and Cybersecurity. Former NSA Director General Keith Alexander has even referred to this cybersecurity crisis and intellectual property theft as "the largest transfer of wealth in human history."
In order to safeguard sensitive data and intellectual property such as Controlled Unclassified Information (CUI), the DoD has required the Defense Industrial Base to prioritize cybersecurity through the Cybersecurity Maturity Model Certification (CMMC) program. Organizations that achieve a CMMC certification not only defend our nation in the Cyber War, but they also gain a competitive advantage in the Defense Industrial Base by achieving CMMC Level 2 Certification early in the CMMC program. Demonstrating a commitment to robust cybersecurity practices sets them apart from not-yet-compliant competitors and increases their resilience as a holder of sensitive data.
Summit 7 leverages the Microsoft Compliance Suite to empower defense contractors to thrive in this challenging environment. Summit 7 has developed a unique solution to help organizations achieve compliance transformation, utilizing Microsoft 365 Government Community Cloud (GCC) High and Azure Government. The heart of this solution is the Microsoft 365 G5 license, which offers a range of robust security and compliance features including Microsoft Purview, Sentinel, Defender, and more.
Summit 7's deployment of Microsoft Government for 1,000+ DoD contractors has yielded impressive utilization metrics, including:
- YoY revenue growth of 41% (CY23)
- Maintained status as the #1 reseller of M365 E5/G5 billed revenue (FY23)
- Designation as the only Azure Expert MSP focused on the U.S. Government Cloud (CY23)
- Early entrant partnering with Microsoft to deploy Azure Government Secret cloud to DoD Contractor
- Addition of 160 new customers (FY23)
Prime DoD Contractor Leverages Compliance Posture for Acquisition
J&J Worldwide Services (J&J) is a renowned DoD Contractor providing a variety of facility services including aseptic cleaning and maintenance for military healthcare facilities, as well as facility management and operational support for Department of Defense military bases. J&J is a global company with a workforce of more than 3,300 employees.
As CMMC came on their horizon as a contract requirement, J&J prioritized Microsoft’s best-in-class compliance suite for two strategic reasons:
-
As a prime DoD contractor and with federal contracts as their chief source of revenue, it was imperative that J&J find a premiere provider to maintain compliance and safeguard their top revenue stream.
-
As a fast-growing company J&J saw their compliance posture as a key strategy for increasing their value to potential buyers.
“We wanted to be a company that was known for partnering with the best. We knew Summit 7’s Microsoft G5 License with its compliance suite would increase our value to a potential buyer – they would know we are aligned with a partner that is truly the best in class.” – Jeff Smedley, J&J Worldwide Vice President and Chief Information Officer
Microsoft Purview: A Cornerstone of Compliance for J&J with Enterprise G5 Licenses
Summit 7 leveraged the full Microsoft 365 G5 license stack, increasing J&J’s CMMC compliance posture by:
- Migrating from M365 Commercial to M365 GCC-High.
-
Utilizing Identity and Access Management (IAM): Offering secure entry to sensitive data and resources via features such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
-
Utilizing the suite of Microsoft Purview tools including Purview Information Protection, Purview Insider Risk Management, Purview Data Loss Prevention, Purview Data Lifecycle Management, and Purview eDiscovery (Premium).
-
Deploying Azure Gov leading to an increase of Azure spend in FY23 by 34X.
Taking advantage of the Microsoft 365 G5 stack ensured comprehensive identity management, compliance, and security while optimizing cost-effectiveness by consolidating multiple functionalities into a single license.
Purview offers a robust solution to J&J’s business challenges associated with data governance, addressing:
- Issues with data spanning multiple departments and companies
- Data management complexities
- Ensuring governance standards and permanence in record-keeping to maintain data integrity and compliance
Microsoft’s compliance suite allowed J&J to proficiently adapt their System Security
Plan (SSP) for CMMC compliance. They are well-prepared for an upcoming 3rd party CMMC Level 2 compliance audit scheduled for Q2 2024, led by a C3PAO and with DIBCAC coordination and participation – which, when passed, offers a clear pathway to CMMC certification.
By utilizing Microsoft’s tools and Summit 7’s expertise to reach these compliance milestones, J&J was able to both ensure their dedication to national security and significantly raise their company’s value in the eyes of potential buyers.
Purview Helps Drive CBRE Strategic Acquisition of J&J for $1 Billion
This year, CBRE Group, Inc. completed the acquisition of J&J for over $1 billion in total value. CBRE sought to diversify lines of business and decided to expand holdings in the federal contracting market. J&J's value brings experience in the Federal space and, with the Microsoft secure cloud solutions leveraged, the ability to scale quickly.
According to Bob Sulentic, Chair & Chief Executive Officer of CBRE, J&J’s strong government contracting portfolio, which sits on a foundation of Microsoft’s compliance suite, was a key factor in the acquisition. Sulentic stated, “We are adding a contractor with deep government contracting experience, long-term customer relationships and a 50-year record of outstanding technical service delivery.” J&J’s government contract relationships have a promising future thanks to the foundation laid by Microsoft’s compliance suite.
For J&J, compliance was more than checking a box; it contributed to their billion-dollar acquisition, and the potential for CBRE to roll that proven solution into future government client acquisitions.
Microsoft Compliance Solutions: A Platform for Launch
As the ongoing cyber war continues to make its way to the forefront of American consciousness, Microsoft’s compliance-enabling tools – specifically Microsoft Purview – are proving to be a valuable differentiator for defense contractors.
With the CMMC final rule being published this year, defense contractors will have to comply with federal cybersecurity regulations or lose multimillion-dollar contracts and risk the possibility of business closure. Summit 7 is prepared to continue to leverage the Microsoft Compliance Suite as the backbone of its offerings to the 300,000 contractors seeking CMMC compliance in the DIB as a best-in-class partner to fulfill its mission of Protecting the American Dream.
"We wanted to be a company that was known for partnering with the best. We knew Summit 7’s Microsoft G5 License with its compliance suite would increase our value to a potential buyer – they would know we are aligned with a partner that is truly the best in class."
Jeff Smedley
J&J Worldwide
Custom-Built CMMC Solutions on Azure Government
Summit 7 has developed a comprehensive CMMC compliant solution as well as a robust set of managed security tools in its product line to form the CMMC Managed Security Solution. This Managed Security Solution set is designed to support the DIB in their journey to protect critical US data.
The core requirements of the CMMC Managed Security Solution utilize E5 licensing in Microsoft 365 GCC High and multiple security workloads within Azure Government.