Microsoft Clears FedRAMP Hurdle, Sets Sights On Big Government Cloud Deals


Microsoft said Monday that its Windows Azure public cloud has received preliminary approval from the Federal Risk and Authorization Management Program (FedRAMP), which certifies security of cloud services for use in U.S. government agencies.

FedRAMP's Joint Authorization Board (JAB) has given Microsoft its "Provisional Authorities to Operate," or P-ATO, for Windows Azure. Microsoft has one more hurdle to clear to get Windows Azure fully authorized by FedRAMP, and that could open the door to more cloud deals with government agencies.

"Windows Azure is the first public cloud platform, with infrastructure services and platform services, to receive a JAB P-ATO," Susie Adams, chief technology officer for Microsoft Federal, said Monday in a blog post.

[Related: Delta Replacing Pilots' iPads With Surface 2 Tablets, And Pilots Reportedly Aren't Thrilled]

Hewlett-Packard, Akamai and AT&T have also received the JAB P-ATO, which is a broad authorization covering the entire federal government but isn't tied to specific types of workloads.

Amazon Web Services, which had a big head start in the public cloud, got authorization from the Department of Health and Human Services (HHS) in May through what's known as an "Agency ATO." This means actual HHS workloads have been authorized for use in the cloud.

While Microsoft is trailing Amazon in public cloud, its preliminary FedRAMP authorization covers both infrastructure-as-a-service and platform-as-a-service, which is what Windows Azure was originally built to deliver when it launched in 2010.

Ric Opal, vice president at Peters & Associates, a Microsoft partner in Oakbrook Terrace, Ill., told CRN the breadth of cloud services Microsoft brings to the table makes it an attractive option for enterprises that want to get everything from a single vendor for simplicity's sake.

"Microsoft's cloud has a lot to offer customers that don't want to deal with the complexity that comes with working with multiple vendors," Opal said in an interview. "With Microsoft, customers are dealing with one set of legal paperwork and one service-level agreement."

All cloud vendors will have to get FedRAMP certified before the government's June 2014 deadline, so Microsoft, Amazon and others are getting an early start. There's a lot at stake here, as illustrated by Amazon and IBM's ongoing legal tussle over a $600 million, 10-year cloud services contract with the CIA.

Where older regulations like the Federal Information Security Act (FISMA) spelled out guidelines for making more secure products, FedRAMP's key advantage is providing a standard for vendor certification, Adams said in the blog post.

"The FedRAMP process for this type of approval is very rigorous and the JAB authorization is a big step forward for Microsoft," she said in the blog post.

PUBLISHED Oct. 1, 2013

See the latest cloud technologies, learn best practices, and interact with your peers at the channel’s first all-inclusive cloud event: NexGen Cloud Conference & Expo, December 4-5, 2014 at the San Diego Convention Center. Register now at  www.NexGenCloudCon.com