Microsoft Azure Earns FedRAMP Approval

Top 10 Government IT Innovators Of 2013

Microsoft has joined a select list of vendors authorized to provide cloud services to the federal government, with the announcement this week that it had received a pivotal security certification from the government's Federal Risk and Authorization Management Program (FedRAMP).

Microsoft's cloud infrastructure and Windows Azure public cloud platform received a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board. The board is comprised of representatives from the Department of Defense (DOD), the Department of Homeland Security (DHS) and the General Services Administration (GSA).

A P-ATO approval eases the process of obtaining federal contracts by ensuring that vendors have gone through the proper security assessment, authorization and monitoring. The authorization covers both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings.

[ How has cloud computing in government evolved in 2013? See 10 Ways Government Clouds Have Changed This Year. ]

The approval process hasn't been easy for agencies in the past. Complicated security requirements called for reevaluation of already approved platforms whenever a new agency wanted to deploy it. FedRAMP has changed that by creating a standardized approach.

"This not only opens the door for faster cloud adoption, but helps agencies move to the cloud in a more streamlined, cost-effective way," Susie Adams, chief technology officer for Microsoft's federal division, wrote in a blog post.

That addition of Microsoft's offerings comes at critical time as agencies prepare for a June 2014 FedRAMP deadline to meet prescribed security requirements. "It is paramount for cloud service providers and agencies to get compliant ATOs in place," said Matt Goodrich, program manager for FedRAMP's Program Management Office at the U.S. General Services Administration, in a prepared statement. "[Microsoft's provisional authorizations for Windows Azure] demonstrates that different types of cloud services -- public to private and infrastructure to software -- can meet the rigorous security requirements for FedRAMP," he said.

Microsoft received the highest level of FedRAMP P-ATO available, and it's the first public cloud platform with infrastructure services and platform services. Windows Azure is used to build, deploy and manage applications and services through Microsoft-managed datacenters, Adams explained. Microsoft datacenters were also evaluated by the FedRAMP board. "Other Microsoft cloud services are ultimately better aligned to meet these security controls as well," Adams added.

Other companies that have received P-ATO accreditation include AT&T, HP, CGI Federal, Autonomic Resources and Lockheed Martin. Most recently, Amazon was granted authorization in May for AWS GovCloud with the Department of Health and Human Services (HHS), while Akamai got FedRAMP approval in September for its globally distributed, publicly shared cloud platform for federal agencies.

Despite all the effort to move agencies to the cloud, the already lengthy process could get even longer in light of Tuesday's government shutdown. Members of the House and Senate couldn't reach a deal to fund government operations before Oct. 1, resulting in a closure that will last until a funding bill is passed. The disruption is likely to affect the adoption of cloud services and slow down existing projects, according to industry experts, and could potentially push back projects by several months.