Microsoft Lets Agencies Test Government-Only Cloud - InformationWeek
Government // Cloud computing
04:48 PM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Microsoft Lets Agencies Test Government-Only Cloud

Microsoft lets federal agencies take its newly operational Azure for Government for a "shakedown cruise."

Top 20 Government Cloud Service Providers(Click image for larger view.)
Slideshow: Top 20 Government Cloud Service Providers.

Microsoft has begun giving a select group of federal customers the chance to put Microsoft's new government-only cloud service through a series of private tests. "The processes, people, technology, and infrastructure are all in place. We want real-world test loads," for a shakedown cruise, said Greg Myers, VP of federal sales, in announcing the news Tuesday at Microsoft's US Public Sector Federal Executive Forum in Washington. 

Although Microsoft's commercial Azure cloud offering has received authority to operate under the FedRAMP program for cloud services, the new government platform -- announced last fall and called Azure for Government -- has not yet been certified.

[Who's seeking FedRAMP approval? Check the Web portal. Read FedRAMP Cloud Security Approval: Look Who Applied.]

The government-only offering is housed in two specially constructed datacenters located in the United States and isolated physically and logically from the public cloud. All personnel will be US citizens screened for moderate public trust clearance and the servers will house only data from federal, state, and local government customers. The new platform, although operational, is not finished and will keep evolving to provide enhanced security, said Myers.

"We see this as a dynamic environment," he said. "It is very labor intensive, very capital intensive. It's not an environment for the weak."

A dynamic system is necessary to provide adequate security, because defense in modern, complex systems requires the ability to respond and adapt, said David Aucsmith, senior director of Microsoft's Institute for Advanced Technology for Governments.

John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.
John Pepper, computing and network services director at Sandia National Laboratories, talks about using unified communications at Microsoft's US Public Sector Federal Executive Forum.

Aucsmith, an author of the Defense Department's 1985 Orange Book, Trusted Computer System Evaluation Criteria, said at the federal forum that after 30 years of trying, "I do not believe you can create a secure computer system."

The complexity of IT systems makes it impossible to understand them fully, and this complexity makes it impossible to specify conditions and requirements with enough granularity to ensure security, he said. Testing and built-in processes are necessary but not sufficient to ensure security.

Because "we don't know what we don't know," any static system will become vulnerable to an adversary, Aucsmith added. The only effective defense requires the ability to recognize and respond to threats, which includes keeping systems fully patched and up-to-date.

Because patching and updating IT systems in a large enterprise is complex and time consuming, cloud platforms can provide enhanced security because dedicated staff can handle these jobs for multiple customers, and usually deploy them more quickly, he said. Patches represent a healthy way to combat adversaries. But if enterprises don't apply the patches quickly -- within about five days of release -- hackers can get the upper hand by exploiting the vulnerabilities revealed by patches.

"Hackers today are better organized, certainly better financed, and outcome driven," said forum guest speaker Tom Ridge, the former Pennsylvania governor who helped lead the creation of the Homeland Security Department. "There's still some people in the private sector that see a (cyber threats) as an IT problem instead of a business risk."

Azure for Government initially will host workloads with higher security clearances than usual and will not take the place of the commercial Azure offering, which still will be available to government customers. But Myers said that eventually the new platform would become the default for all government customers.

There is no timeline for general availability of the new offering, but the next step in the rollout, a public preview, is expected in late spring.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

William Jackson is writer with the <a href="" target="_blank">Tech Writers Bureau</A>, with more than 35 years' experience reporting for daily, business and technical publications, including two decades covering information ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
3/6/2014 | 6:26:56 PM
Re: Government choice
Yes that's basically right.  It's a secured, government only data center using Microsoft Windows Azure, which encompasses scalable, on-demand IaaS, PaaS and Data cloud services. It will allow government customers to  build, deploy, and manage applications while adhereing to federal security compliance regulations.

Li Tan
Li Tan,
User Rank: Ninja
3/6/2014 | 12:22:51 AM
Government choice
To my understanding the government-only cloud is a kind of private cloud with enhanced security. Here the similar kind of thing happens in China. The government agencies use cloud computing widely but all come from local vendors in the form of private cloud. For the cloud service provider, it would be a good thing to win government procurement deal - compared to hardware offering, the cloud computing service offering more a kind of long-lasting business.:-)
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll