Microsoft Lets Agencies Test Government-Only Cloud - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cloud computing

Microsoft Lets Agencies Test Government-Only Cloud

Microsoft lets federal agencies take its newly operational Azure for Government for a "shakedown cruise."

Top 20 Government Cloud Service Providers(Click image for larger view.)
Slideshow: Top 20 Government Cloud Service Providers.

Microsoft has begun giving a select group of federal customers the chance to put Microsoft's new government-only cloud service through a series of private tests. "The processes, people, technology, and infrastructure are all in place. We want real-world test loads," for a shakedown cruise, said Greg Myers, VP of federal sales, in announcing the news Tuesday at Microsoft's US Public Sector Federal Executive Forum in Washington. 

Although Microsoft's commercial Azure cloud offering has received authority to operate under the FedRAMP program for cloud services, the new government platform -- announced last fall and called Azure for Government -- has not yet been certified.

[Who's seeking FedRAMP approval? Check the Web portal. Read FedRAMP Cloud Security Approval: Look Who Applied.]

The government-only offering is housed in two specially constructed datacenters located in the United States and isolated physically and logically from the public cloud. All personnel will be US citizens screened for moderate public trust clearance and the servers will house only data from federal, state, and local government customers. The new platform, although operational, is not finished and will keep evolving to provide enhanced security, said Myers.

"We see this as a dynamic environment," he said. "It is very labor intensive, very capital intensive. It's not an environment for the weak."

A dynamic system is necessary to provide adequate security, because defense in modern, complex systems requires the ability to respond and adapt, said David Aucsmith, senior director of Microsoft's Institute for Advanced Technology for Governments.

John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.
John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.

Aucsmith, an author of the Defense Department's 1985 Orange Book, Trusted Computer System Evaluation Criteria, said at the federal forum that after 30 years of trying, "I do not believe you can create a secure computer system."

The complexity of IT systems makes it impossible to understand them fully, and this complexity makes it impossible to specify conditions and requirements with enough granularity to ensure security, he said. Testing and built-in processes are necessary but not sufficient to ensure security.

Because "we don't know what we don't know," any static system will become vulnerable to an adversary, Aucsmith added. The only effective defense requires the ability to recognize and respond to threats, which includes keeping systems fully patched and up-to-date.

Because patching and updating IT systems in a large enterprise is complex and time consuming, cloud platforms can provide enhanced security because dedicated staff can handle these jobs for multiple customers, and usually deploy them more quickly, he said. Patches represent a healthy way to combat adversaries. But if enterprises don't apply the patches quickly -- within about five days of release -- hackers can get the upper hand by exploiting the vulnerabilities revealed by patches.

"Hackers today are better organized, certainly better financed, and outcome driven," said forum guest speaker Tom Ridge, the former Pennsylvania governor who helped lead the creation of the Homeland Security Department. "There's still some people in the private sector that see a (cyber threats) as an IT problem instead of a business risk."

Azure for Government initially will host workloads with higher security clearances than usual and will not take the place of the commercial Azure offering, which still will be available to government customers. But Myers said that eventually the new platform would become the default for all government customers.

There is no timeline for general availability of the new offering, but the next step in the rollout, a public preview, is expected in late spring.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

William Jackson is writer with the <a href="" target="_blank">Tech Writers Bureau</A>, with more than 35 years' experience reporting for daily, business and technical publications, including two decades covering information ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
3/6/2014 | 6:26:56 PM
Re: Government choice
Yes that's basically right.  It's a secured, government only data center using Microsoft Windows Azure, which encompasses scalable, on-demand IaaS, PaaS and Data cloud services. It will allow government customers to  build, deploy, and manage applications while adhereing to federal security compliance regulations.

Li Tan
Li Tan,
User Rank: Ninja
3/6/2014 | 12:22:51 AM
Government choice
To my understanding the government-only cloud is a kind of private cloud with enhanced security. Here the similar kind of thing happens in China. The government agencies use cloud computing widely but all come from local vendors in the form of private cloud. For the cloud service provider, it would be a good thing to win government procurement deal - compared to hardware offering, the cloud computing service offering more a kind of long-lasting business.:-)
IT Employment Trending Up; Data, Cybersecurity Skills in Demand
Jessica Davis, Senior Editor, Enterprise Apps,  11/11/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
How to Approach Your Mission-Critical Big Data Strategy
Mary E. Shacklett, Mary E. Shacklett,  11/17/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll