Government // Cloud computing
News
3/5/2014
04:48 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Lets Agencies Test Government-Only Cloud

Microsoft lets federal agencies take its newly operational Azure for Government for a "shakedown cruise."


Top 20 Government Cloud Service Providers(Click image for larger view.)
Slideshow: Top 20 Government Cloud Service Providers.

Microsoft has begun giving a select group of federal customers the chance to put Microsoft's new government-only cloud service through a series of private tests. "The processes, people, technology, and infrastructure are all in place. We want real-world test loads," for a shakedown cruise, said Greg Myers, VP of federal sales, in announcing the news Tuesday at Microsoft's US Public Sector Federal Executive Forum in Washington. 

Although Microsoft's commercial Azure cloud offering has received authority to operate under the FedRAMP program for cloud services, the new government platform -- announced last fall and called Azure for Government -- has not yet been certified.

[Who's seeking FedRAMP approval? Check the Web portal. Read FedRAMP Cloud Security Approval: Look Who Applied.]

The government-only offering is housed in two specially constructed datacenters located in the United States and isolated physically and logically from the public cloud. All personnel will be US citizens screened for moderate public trust clearance and the servers will house only data from federal, state, and local government customers. The new platform, although operational, is not finished and will keep evolving to provide enhanced security, said Myers.

"We see this as a dynamic environment," he said. "It is very labor intensive, very capital intensive. It's not an environment for the weak."

A dynamic system is necessary to provide adequate security, because defense in modern, complex systems requires the ability to respond and adapt, said David Aucsmith, senior director of Microsoft's Institute for Advanced Technology for Governments.

John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.
John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.

Aucsmith, an author of the Defense Department's 1985 Orange Book, Trusted Computer System Evaluation Criteria, said at the federal forum that after 30 years of trying, "I do not believe you can create a secure computer system."

The complexity of IT systems makes it impossible to understand them fully, and this complexity makes it impossible to specify conditions and requirements with enough granularity to ensure security, he said. Testing and built-in processes are necessary but not sufficient to ensure security.

Because "we don't know what we don't know," any static system will become vulnerable to an adversary, Aucsmith added. The only effective defense requires the ability to recognize and respond to threats, which includes keeping systems fully patched and up-to-date.

Because patching and updating IT systems in a large enterprise is complex and time consuming, cloud platforms can provide enhanced security because dedicated staff can handle these jobs for multiple customers, and usually deploy them more quickly, he said. Patches represent a healthy way to combat adversaries. But if enterprises don't apply the patches quickly -- within about five days of release -- hackers can get the upper hand by exploiting the vulnerabilities revealed by patches.

"Hackers today are better organized, certainly better financed, and outcome driven," said forum guest speaker Tom Ridge, the former Pennsylvania governor who helped lead the creation of the Homeland Security Department. "There's still some people in the private sector that see a (cyber threats) as an IT problem instead of a business risk."

Azure for Government initially will host workloads with higher security clearances than usual and will not take the place of the commercial Azure offering, which still will be available to government customers. But Myers said that eventually the new platform would become the default for all government customers.

There is no timeline for general availability of the new offering, but the next step in the rollout, a public preview, is expected in late spring.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

William Jackson is a technology writer based in Washington, D.C. He has been a journalist for more than 35 years, most recently covering the $80 billion federal government IT sector for Government Computer News. His coverage has ranged from architecture to international ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
3/6/2014 | 6:26:56 PM
Re: Government choice
Yes that's basically right.  It's a secured, government only data center using Microsoft Windows Azure, which encompasses scalable, on-demand IaaS, PaaS and Data cloud services. It will allow government customers to  build, deploy, and manage applications while adhereing to federal security compliance regulations.

 
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
3/6/2014 | 12:22:51 AM
Government choice
To my understanding the government-only cloud is a kind of private cloud with enhanced security. Here the similar kind of thing happens in China. The government agencies use cloud computing widely but all come from local vendors in the form of private cloud. For the cloud service provider, it would be a good thing to win government procurement deal - compared to hardware offering, the cloud computing service offering more a kind of long-lasting business.:-)
Gov Cloud: Executive Initiatives, Enterprise Experience
Gov Cloud: Executive Initiatives, Enterprise Experience
In this report, we'll examine the use of cloud services by government IT, including the requirements, executive initiatives and service qualifications, and auditing and procurement programs that make government cloud adoption unlike that in the private sector.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.