Microsoft Azure Government, a secure cloud services suite for government agencies, is on track to be awarded FedRAMP High accreditation later this month, the company announced today.
FedRAMP, short for the Federal Risk and Authorization Management Program, is a government initiative that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud solutions. Compliant cloud products and services have a chance at the billions of dollars the U.S. federal government spends on IT each year. In 2015, the U.S. government spent nearly $80.4 billion on IT, and this year, government-wide IT spending is expected to reach $81.5 billion.
Microsoft isn't the only IT heavyweight to pursue the FedRAMP stamp of approval. In 2015, both IBM and Adobe announced they gained FedRAMP approval for their respective cloud services.
FedRAMP High certification opens up a whole new class of workloads for Azure Government, according to Matt Rathbun, cloud security director of Microsoft Cloud Health and Security Engineering.
"Up until this point, federal agencies could only migrate low and moderate impact workloads," wrote Rathbun in a March 11 blog post. "Now, Azure Government has controls in place to securely process high-impact level data—that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations or, assets, or individuals."
And Microsoft's cloud is poised to soak up more of a growing amount of sensitive and mission-critical government information, according to Rathbun.
Azure Government is on the cusp of attaining Defense Information Systems Agency (DISA) Impact Level 4 authorization. Impact Level 4 data describes controlled unclassified data that includes protected health information and data subject to export control. It can also include information not meant for public consumption, typically labeled "For Official Use Only, Law Enforcement Sensitive or Sensitive Security Information," Rathbun added.
Relatedly, Microsoft also announced today that it plans to build two physically isolated Azure Government data centers, specifically for U.S. Department of Defense (DoD) data.
Dubbed US DoD East and US DoD West, the facilities will comply with DISA Impact Level 5 standards, revealed Rathbun. DISA Impact Level 5 calls for an even higher level of data security and restrictions on controlled unclassified information. It also requires dedicated IT infrastructure, ensuring that DoD customers are physically separated from non-DoD cloud tenants.
Azure Canada and Germany in Preview
Addressing the data sovereignty concerns of Microsoft's northerly neighbors and customers in Germany, the company also announced today an operational preview of cloud services provided by the new Azure Canada or Azure Deutschland data centers.
Select customers can begin to move their enterprise workloads to facilities that not only offer lower-latency cloud performance, but also provide in-country data residency along with business protection and continuity capabilities. In Germany, Microsoft partnered with T-Systems, a subsidiary of Deutsche Telekom, to offer Azure cloud services, Office 365 and Dynamics CRM Online, among other products, in the country. T-Systems controls access to customer information under a data trustee model.