Microsoft's Windows Azure Meets Federal Security Standards

The FedRAMP stamp of approval puts Azure in the running for U.S. federal government workloads that are destined for the cloud.

Microsoft has scored a major coup in grabbing a slice of federal agencies' IT budgets. Windows Azure, the software behemoth's cloud platform, has achieved a "critical federal security milestone," announced the company on Sept. 30.

Susie Adams, chief technology officer for Microsoft Federal, announced on The Official Microsoft Blog that her company was notified that "Windows Azure was granted the FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO)." That earns Azure the distinction of being "the first public cloud platform, with infrastructure services and platform services, to receive a JAB P-ATO," she noted.

The Federal Risk and Authorization Management Program (FedRAMP) is a security assessment, authorization and monitoring program that governs the implementation of federal cloud services. The FedRAMP Joint Authorization Board consists of the chief information officers (CIOs) of the Department of Defense, the Department of Homeland Security and the U.S. General Services Administration.

U.S. federal cloud spending is expected to ramp up in the coming years, according to a recent forecast included in a report from IDC's Government Insights division. While private clouds are expected to lead the category—$1.7 billion in spending during 2013, reaching nearly $8 billion by 2017—public clouds will notch some gains.

After a period of flat federal cloud expenditures, which are forecast to last throughout 2014, the market will take off, according to Shawn McCarthy, research director at IDC Government Insights. "Investments should reach a critical mass around 2015 and beyond. A new emphasis on cloud solutions is expected to return within the next 18 months, and private cloud investments should approach $7.7 billion by FY2017," he said in a statement.

The research firm expects federal public cloud spending to grow from $110.4 million in 2012 to over $118.3 million in 2014. The report portrayed private clouds as "the top choice when it comes to federal cloud solutions" by their intrinsic security, control and privacy advantages. In receiving a JAB P-ATO, Windows Azure is narrowing the security gap with private clouds.

Matt Goodrich, program manager for FedRAMP's Program Management Office at the U.S. General Services Administration, said in a statement that "Microsoft's provisional authorizations for Windows Azure [demonstrate] that different types of cloud services—public to private and infrastructure to software—can meet the rigorous security requirements for FedRAMP."

Noting that Azure had obtained "the highest level of FedRAMP ATO available," Adams suggested that her company's underlying cloud technology platform puts more Microsoft services in contention for government IT contracts. She asserted in company remarks that "Windows Azure and its underlying datacenters will help pave the way for FedRAMP P-ATOs for even more Microsoft cloud services."

Microsoft isn't focusing on just the feds in its efforts to bolster Windows Azure security. On Sept. 26, the company announced that Windows Azure multifactor authentication had entered into general availability, enabling IT organizations to add another layer of protection to data stored on Microsoft's cloud by thwarting unauthorized attempts to access Azure accounts.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...