Secure clouds for secure agencies

CSC on Cloud CSC Blogs

Sure, we’re all concerned about cloud security, but maybe the cloud really is more secure than we think it is. After all, if cloud security is good enough for the CIA, maybe it’s good enough for you too.

Indeed, some companies have worked out that it’s easier to protect data on the cloud than it is outside the cloud. As  Ovum Senior Analyst for IT Infrastructure Solutions Alan Rodger recently said, some companies have realized that “some organizations do not have the resources to apply the right protection to this data if it is held internally.”

That sounds good, but what if your customers insist on high levels of security. Well, what if they do?

Both the Azure Government cloud and Amazon Web Services’ GovCloud recently received a Provisional Authority to Operate (P-ATO) from the authorization board under the Federal Risk and Authorization Management Program (FedRAMP) High baseline. This is FedRAMP’s top security accreditation.

Azure Government is Microsoft’s cloud offering for all government agencies and their resellers/solution partners. As Susie Adams, Microsoft Federal’s Chief Technology Officer, said, “Up until this point, federal agencies could only migrate low and moderate impact workloads. Now, Azure Government has controls in place to securely process high-impact level data — that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations, assets, or individuals.”

In addition, Azure Government new Impact Level 4 Provisional Authorization by the Defense information Systems Agency (DISA) enables DoD clients to sure Azure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) services unclassified data.

Finally, Azure Government now supports International Traffic in Arms Regulations (ITAR) readiness, which means customers and partners who store and process ITAR-regulated data can keep them in Azure clouds..

Microsoft isn’t the only one to achieve this level of cloud security recognition.

AWS’s GovCloud (US) Region also received a P-ATO under FedRAMP High baseline.

“We are pleased to have achieved the FedRAMP High baseline, giving agencies a simplified path to moving their highly sensitive workloads to AWS so they can immediately begin taking advantage of the cloud’s agility and cost savings,” said Teresa Carlson, AWS’s VP of Worldwide Public Sector. “Over 2,300 government customers across the world are using the AWS Cloud to innovate in amazing ways – from analyzing data on social media to collect information on adverse drug effects, to making genomic data publicly accessible, to collecting images from Mars. By  demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations.”demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations.”

What all this means is that major public clouds now have official government blessing to handle highly sensitive workloads. If you’re looking for a highly secure cloud service, they’re out there.

Are security concerns still holding your enterprise back from the cloud?


Enterprises continue to struggle with breach response, cloud security

Increasingly unfounded cloud fears stubbornly remain

Why you need to double (or triple!) check cloud performance expectations and SLAs


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: