Gear Check: The Commanding Officer’s Guide to Data Security

It’s 0400 on the flight line. Troops stand in formation, rucks unzipped, and every piece of kit is laid out on the pavement: plates, cold weather gear, CAC, Kevlar — no excuses. That ritual matters because once the wheels leave the tarmac, there’s no second chance to grab what’s missing. 

Your network is running its own deployment every day. Data items are “moving out” to cloud drives, mobile endpoints, and joint partners to be used in business decisions daily.  

What is the difference between these two scenarios? Nobody’s lining up those files for an inspection. If they are, it’s a clipboard audit that ends long before the next folder is created. 

In kinetic ops, a missing NVG costs mission time. In cyber ops, a missing permission costs the mission itself. 

To ensure the information they are acting on is trustworthy, accurate, and confidential, Commanders and Deputy Commanders should ask their IT and cyber experts the following questions: 

• Do we know exactly what types of files we have and where they are? 

• Do we know the snapshot of the risk of spillage, breach, and exposure to our users? 

• Do we know what our users do day-to-day so we can’t detect when they act anomalously?  

The modern network list: Three must haves in data security 

All troops have a plethora of equipment, and all networks have a plethora of data. Seeing the equivalence between the two is imperative for commanders and leaders who are not on the ground floor.  

Non-Commissioned officers report up to a Staff-Non-Commissioned officer, who then routes the information up the chain to land on the command desk, like how cybersecurity efforts need to be consolidated on user-friendly dashboards for ease of understanding and use. 

Why human-only inspections fail 

In these analogies, delegation and automation can be viewed as the same thing. A commander cannot command if he has to do every supervisory job, nor can a cybersecurity/IT department secure networks if they have to individually check each file in real-time.

• Volume – A single wing easily tops 50 million files across on Prem and M365. Zero chance individual teams can appropriately brief you on security posture.  

• Velocity – Shares, SharePoint sites, and Teams channels spin up faster than any checklist can track. 

• Variety – CUI, SAP, medical, intel, personnel—each with a different marking rule set. 

Manhour math: 30 seconds to evaluate an ACL × 50 million = 47 years of nonstop work… just to capture today’s snapshot. 

How to win by automating the “Open Your Ruck” moment with Varonis 

Varonis gives you an automated inspection line to the data layer: 

• Discover and classify – Scans every repository (Windows shares, SharePoint, NAS, GovCloud) and tags data to DoD markings. 

• Map your blast radius – Exposes effective permissions, nested groups, and stale admin accounts in one view. 

• Monitor in real time – Audits every read, write, or share — even over JWICS, SIPR, or Google Workspace. 

• Remediate automatically – Removes “Everyone” access, trims orphaned SIDs, kicks off owner reviews, or quarantines sensitive files the moment risk appears. 

• Report up the chain – Dashboards translate terabytes of telemetry into commander level KPIs: risk reduced 37 % this quarter, x GB of SECRET files moved off NIPR, insider caught doing X, network intrusion attempts thwarted…etc 

Mission impact: What “inspection-ready data” looks like 

Quantifiable value is needed from all directorates involved with a mission to demonstrate command readiness. Deployment "workups" are a key example of documenting faults and deficiencies so a command can address bad practices and change posture to increase lethality once in theatre.  

Varonis takes well known gaps from incident response and compliance and solves them with automation. 

Commander’s charge: Equip the digital formation 

You would never send a squad to the field with missing plates or expired gas mask filters. Likewise, sending cyber, intel, and RMF teams forward without automated data controls leaves the mission exposed and the commander liable. 

• Risk ownership – Congress, OIG, and the press don’t debrief sysadmins; they call the flag officer whose name is on the risk acceptance memo. If the problem exists within the unit, the equipment needed to solve it must come from the unit. 

• Modern warfare, modern tools – Adversaries are using automation, machine learning, and never-before-seen Zero Day attacks to get into systems. Equipping your cybersecurity, records management, and counterintelligence professionals with automated data monitoring is the only way to have the quick response needed to deter, detect, and stop threats in real time. 

• No more waiting for third parties – It is common for a CPT, FBI branch, or third party to come in when they have been apprised of a breach. Instead of waiting for a news report or weeks for a forensic turnaround on where, what, who, when, and why, get real time contextual reports around attack path, actions, data insights and dozens of metrics needed to give answers rather than busy work.  

Conduct your digital gear check today 

Uniform, gear, room, and compliance inspections are not for show and cannot be scheduled taskers to be scoffed at. Real-time change detection and foresight are performed by several military professions that demand uninterrupted ability to deploy when needed.  

Varonis will augment the following suggestions with reciprocity from federal agencies as requested. 

• Ask for the list – Can your staff name every file that contains PII or weapons system schematics, and who can open it, right now? 

• Audit one share – Pick the busiest SharePoint site, run Varonis, and watch the over-permissioned groups light up. 

• Measure results – Track risk burndown just as you track FISMA, RMF, SORTS, or CORA readiness. 

Is your gear check complete? If every byte is accounted for and every permission has a purpose, you’re cleared for takeoff. If not, it’s time to add Varonis to the packing list. 

Get started with our free Data Risk Assessment, provided through our DoD ESI. In less than 24 hours, you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation.