Microsoft's Cloud Gets the OK for FedRAMP High-Impact Workloads

Feds give Microsoft Azure Government the nod to handle highly sensitive workloads and help keep U.S. DOD data under wraps.

Microsoft Azure Cloud Government

Microsoft Azure Government has been selected to take part in a FedRAMP pilot program to help usher in the new High Impact Baseline for moving sensitive data to the cloud, announced the Redmond, Wash., software giant this week.

Susie Adams, CTO of Microsoft Federal, revealed in a June 23 announcement that the company had "received a High Impact Provisional Authority to Operate (P-ATO) signature for [its] Azure Government environment. This is the highest impact level for FedRAMP accreditation."

FedRAMP, which stands for the Federal Risk and Authorization Management Program, standardizes cloud monitoring, security assessments and authorizations for U.S. government agencies. FedRAMP-compliant public cloud providers stand to win potentially lucrative contracts from the government as it increasingly shifts its IT burdens to the cloud.

However, instead of enabling increased cloud adoption, some government agencies are discovering that despite its moniker, the program is acting less like a ramp and more like a road block.

A majority (79 percent) of the 150 federal IT decision makers polled by MeriTalk said they were frustrated with FedRAMP, citing a lack of transparency and security assurances that fall short. A majority of defense agencies (65 percent) don't believe FedRAMP has helped increase security. Startlingly, an estimated 20 percent of respondents said that the mandatory FedRAMP program doesn't factor into the decision-making process.

Microsoft, meanwhile is touting Azure Government's ability to keep sensitive data under wraps.

"Up until this point, federal agencies could only migrate low and moderate impact workloads," said Adams. "Now, Azure Government has controls in place to securely process high-impact-level data—that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations, assets or individuals."

The U.S. Department of Defense has also awarded Defense Information Systems Agency (DISA) Impact Level 4 authorization to Azure Government. Impact Level 4 encompasses protected health information, data that is subject to export control and other unclassified data. Often, DISA Impact Level 4 data is labeled as Law Enforcement Sensitive, For Official Use Only or Sensitive Security Information.

Finally, Microsoft's government cloud portfolio has been cleared for International Traffic in Arms Regulations (ITAR) workloads. ITAR describes a set of U.S. government regulations that control the import and export of defense-related weaponry, systems and services.

On the backend, Azure Government now offers customers a Premium Storage option when they provision DS-series virtual machines. Premium Storage is backed by solid-state drives (SSDs) versus traditional spinning hard drives, boosting cloud application performance.

In addition, Microsoft has released new pre-configured Azure virtual machines for government customers seeking to quickly deploy select Microsoft-based services. New images include a trial version of SharePoint Server 2016, Visual Studio Enterprise 2015 Update 2 with Azure SDK 2.9 on Windows Server 2012 R2 and Windows Server Remote Desktop Session Host on Windows Server 2012 R2 or with Microsoft Office 365 ProPlus.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...