Microsoft says it’s close to Secret-level cloud authorization
Microsoft is another step closer to being able to host the federal government’s Secret-level data in its Azure Government commercial cloud, a move that will make it a stronger competitor for some of the government’s highest-profile ongoing cloud procurements.
The company announced Wednesday that it has launched Azure Government Secret, an offering that meets Department of Defense Impact Level 6 cloud hosting capabilities. With an IL6 authorization, Microsoft would be able to work with some of DOD’s and the intelligence community’s most sensitive data up to a Secret level — something that, to this point, only Amazon Web Services has achieved.
But Microsoft isn’t completely there yet. Azure Government Secret is in what the company calls “private preview and pending accreditation.” Asked to elaborate that qualification, a Microsoft spokesperson said, “Private preview is evaluated on a case by case basis for existing Microsoft customers as Azure Government Secret is pending accreditation. At this time, we are working closely with our government partners to achieve accreditation.”
Microsoft didn’t detail the timeline of that accreditation. But until that time, it seems customers can only test the new offering in “private preview.” In October, the company said it would achieve IL6 by the end of the first quarter of 2019.
Azure Government Secret is built around two separate hosting regions 500 miles apart, “providing geographic resilience in disaster recovery (DR) scenarios and faster access to
services across the country,” Lily Kim, Azure Global general manager, wrote in a blog post.
“[T]he Azure Government Secret regions are built to maintain the security and integrity of classified workloads while enabling fast access to sensitive, mission-critical information,” the post says. “These dedicated datacenter regions are built with additional controls to meet the regulatory and compliance requirements for DoD Impact Level 6 (IL6) and Director of National Intelligence (DNI) Intelligence Community Directive (ICD 503) accreditation.”
Microsoft also announced the expansion of coverage up to DOD Impact Level 5 — for highly sensitive and controlled but unclassified information — to all of its Azure Government regions.
Microsoft’s progress in achieving IL6 authorization slightly narrows the lead AWS has as the only vendor able to provide Secret-level cloud capabilities to the DOD, intelligence agencies and others. It’s currently down to just Microsoft and AWS in the bidding for the Pentagon’s Joint Enterprise Defense Infrastructure (JEDI) cloud, a $10-billion contract that would require IL6 and Top Secret cloud offerings, the latter of which, again, only AWS currently is authorized to provide. There’s also DOD’s $8 billion Defense Enterprise Office Solution (DEOS) procurement for cloud-based communications and collaboration tools up to IL6, and the CIA is in the very stages of developing a contract a next-generation intelligence community cloud environment that will deal with Top Secret information.