Microsoft Draws Up Azure Cloud Blueprint for Gov't Agencies
Microsoft is offering Azure Government Cloud customers documentation on deploying services that meet stringent federal security requirements.Microsoft Azure Government, a collection of cloud software and services for government agencies, has racked up numerous certifications confirming that the platform meets the security requirements imposed by the U.S. federal government. That's not enough to cut through the red tape for potential customers trying to implement security controls for their cloud environments. Microsoft's solution is the Azure Blueprint program, which offers government agencies guidance on using the company's cloud in a compliant manner. "The initial release includes documentation to assist Azure customers with documenting their security control implementations as part of their individual agency ATO [Authority to Operate] processes," Nate Johnson, Microsoft senior manager, explained in an Oct. 12 blog post. "The FedRAMP Moderate baseline Customer Responsibility Matrix (CRM) and System Security Plan (SSP) template are designed for use by Program Managers, Information System Security Officers (ISSO), and other security personnel who are documenting system-specific security controls within Azure Cloud." The company is working on updating the CRM and SSP template with baselines addressing FedRAMP High and DISA (Defense Information Systems Agency) Impact Levels 4 and 5, added Johnson.
This week, Azure Government customers also gained access to the Log Analytics service in Operations Management Suite (OMS), Microsoft's hybrid-cloud management software and services bundle. "It gives you real-time insights using integrated search and custom dashboards to readily analyze millions of records across all your workloads and servers regardless of their physical location," Sarah Weldon, Microsoft Azure program manager, said in a separate blog post, detailing how to enable the feature.