Microsoft Azure Earns FedRAMP Approval - InformationWeek
11:49 AM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Microsoft Azure Earns FedRAMP Approval

Microsoft's Windows Azure platform passes key security hurdle, joins cloud vendor list for federal agencies.

Top 10 Government IT Innovators Of 2013
Top 10 Government IT Innovators Of 2013
(click image for larger view)
Microsoft has joined a select list of vendors authorized to provide cloud services to the federal government, with the announcement this week that it had received a pivotal security certification from the government's Federal Risk and Authorization Management Program (FedRAMP).

Microsoft's cloud infrastructure and Windows Azure public cloud platform received a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board. The board is comprised of representatives from the Department of Defense (DOD), the Department of Homeland Security (DHS) and the General Services Administration (GSA).

A P-ATO approval eases the process of obtaining federal contracts by ensuring that vendors have gone through the proper security assessment, authorization and monitoring. The authorization covers both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings.

[ How has cloud computing in government evolved in 2013? See 10 Ways Government Clouds Have Changed This Year. ]

The approval process hasn't been easy for agencies in the past. Complicated security requirements called for reevaluation of already approved platforms whenever a new agency wanted to deploy it. FedRAMP has changed that by creating a standardized approach.

"This not only opens the door for faster cloud adoption, but helps agencies move to the cloud in a more streamlined, cost-effective way," Susie Adams, chief technology officer for Microsoft's federal division, wrote in a blog post.

That addition of Microsoft's offerings comes at critical time as agencies prepare for a June 2014 FedRAMP deadline to meet prescribed security requirements. "It is paramount for cloud service providers and agencies to get compliant ATOs in place," said Matt Goodrich, program manager for FedRAMP's Program Management Office at the U.S. General Services Administration, in a prepared statement. "[Microsoft's provisional authorizations for Windows Azure] demonstrates that different types of cloud services -- public to private and infrastructure to software -- can meet the rigorous security requirements for FedRAMP," he said.

Microsoft received the highest level of FedRAMP P-ATO available, and it's the first public cloud platform with infrastructure services and platform services. Windows Azure is used to build, deploy and manage applications and services through Microsoft-managed datacenters, Adams explained. Microsoft datacenters were also evaluated by the FedRAMP board. "Other Microsoft cloud services are ultimately better aligned to meet these security controls as well," Adams added.

Other companies that have received P-ATO accreditation include AT&T, HP, CGI Federal, Autonomic Resources and Lockheed Martin. Most recently, Amazon was granted authorization in May for AWS GovCloud with the Department of Health and Human Services (HHS), while Akamai got FedRAMP approval in September for its globally distributed, publicly shared cloud platform for federal agencies.

Despite all the effort to move agencies to the cloud, the already lengthy process could get even longer in light of Tuesday's government shutdown. Members of the House and Senate couldn't reach a deal to fund government operations before Oct. 1, resulting in a closure that will last until a funding bill is passed. The disruption is likely to affect the adoption of cloud services and slow down existing projects, according to industry experts, and could potentially push back projects by several months.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
10/1/2013 | 8:54:58 PM
re: Microsoft Azure Earns FedRAMP Approval
It's been nearly three years since former Federal CIO Vivek Kundra issued his "Cloud FIrst" memo. Back then, it seemed like cloud computing platforms, as logical as they were, were years away, given the endless hurdles of regulations, inertia, etc. But in reality, this latest ATO is an encouraging sign that momentum is really building for agencies to get to the cloud.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll