Microsoft Azure Government is among the cloud providers selected to build the FedRAMP High Impact Baseline, and is adding two new regions specifically for the Department of Defense (DoD) to meet Defense Information Systems Agency (DISA) Impact Level 5 requirements, the company announced Tuesday.
So far federal agencies have only been able to migrate low and moderate impact workloads to the cloud, but Microsoft has cleared several regulatory hurdles on the way to providing Azure services for processing high-impact level DoD data.
“The creation of the FedRAMP High Security Baseline is essential in allowing agencies to migrate more high-impact level data to the cloud,” Matt Goodrich, director for FedRAMP’s Program Management Office at the U.S. General Services Administration said in a post to the Azure blog. “Selecting Microsoft Azure Government to participate in FedRAMP’s High Impact baseline pilot and its forthcoming Provisional Authority to Operate (P-ATO) from the FedRAMP JAB are testaments to Microsoft’s ability to meet the government’s rigorous security requirements.”
Microsoft expects Azure to meet DISA Impact Level 4 requirements “shortly” after completing a security assessment report for processing controlled unclassified information. The two new Azure regions, which will be US DoD East and West, are physically isolated and designed with specific engineering controls to meet DISA Impact Level 5 requirements. They are expected to reach availability later this year.
“With the recent White House cybersecurity action plan announcement, governments are feeling the pressure to modernize IT and Microsoft is mirroring investments both at the client and cloud levels,” said Matt Rathbun, Cloud Security Director, Cloud Health and Security Engineering, referring to the plan which includes hiring a federal Chief Information Security Officer and drastically increasing the government’s cybersecurity spending.
Rathbun also said that security will displace cost savings and agility as the main driver of government cloud adoption by 2018, citing a Gartner report.
Azure Government has also expanded to include seven new Azure services, including Web Apps, Azure Key Vault, and D-Series VM sizes.