Microsoft's Windows Azure platform passes key security hurdle, joins cloud vendor list for federal agencies.
Top 10 Government IT Innovators Of 2013
(click image for larger view)
Microsoft has joined a select list of vendors authorized to provide cloud services to the federal government, with the announcement this week that it had received a pivotal security certification from the government's Federal Risk and Authorization Management Program (FedRAMP).
Microsoft's cloud infrastructure and Windows Azure public cloud platform received a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board. The board is comprised of representatives from the Department of Defense (DOD), the Department of Homeland Security (DHS) and the General Services Administration (GSA).
A P-ATO approval eases the process of obtaining federal contracts by ensuring that vendors have gone through the proper security assessment, authorization and monitoring. The authorization covers both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings.
The approval process hasn't been easy for agencies in the past. Complicated security requirements called for reevaluation of already approved platforms whenever a new agency wanted to deploy it. FedRAMP has changed that by creating a standardized approach.
"This not only opens the door for faster cloud adoption, but helps agencies move to the cloud in a more streamlined, cost-effective way," Susie Adams, chief technology officer for Microsoft's federal division, wrote in a blog post.
That addition of Microsoft's offerings comes at critical time as agencies prepare for a June 2014 FedRAMP deadline to meet prescribed security requirements. "It is paramount for cloud service providers and agencies to get compliant ATOs in place," said Matt Goodrich, program manager for FedRAMP's Program Management Office at the U.S. General Services Administration, in a prepared statement. "[Microsoft's provisional authorizations for Windows Azure] demonstrates that different types of cloud services -- public to private and infrastructure to software -- can meet the rigorous security requirements for FedRAMP," he said.
Microsoft received the highest level of FedRAMP P-ATO available, and it's the first public cloud platform with infrastructure services and platform services. Windows Azure is used to build, deploy and manage applications and services through Microsoft-managed datacenters, Adams explained. Microsoft datacenters were also evaluated by the FedRAMP board. "Other Microsoft cloud services are ultimately better aligned to meet these security controls as well," Adams added.
Other companies that have received P-ATO accreditation include AT&T, HP, CGI Federal, Autonomic Resources and Lockheed Martin. Most recently, Amazon was granted authorization in May for AWS GovCloud with the Department of Health and Human Services (HHS), while Akamai got FedRAMP approval in September for its globally distributed, publicly shared cloud platform for federal agencies.
Despite all the effort to move agencies to the cloud, the already lengthy process could get even longer in light of Tuesday's government shutdown. Members of the House and Senate couldn't reach a deal to fund government operations before Oct. 1, resulting in a closure that will last until a funding bill is passed. The disruption is likely to affect the adoption of cloud services and slow down existing projects, according to industry experts, and could potentially push back projects by several months.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Server Market SplitsvilleJust because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.