Hot on the heels of Microsoft’s Windows Azure being used to change gaming as it’s been known, to support Respawn’s Titanfall (just released) the tech giant is also testing how the new Azure can work in a government-only approach. According to reports, Microsoft has already given niche federal groups the opportunity to try the beta stage “government-only” cloud offering via a number of private tests.
VP of Federal Sales Greg Myers says, “The processes, people, technology, and infrastructure are all in place. We want real-world test loads.” This announcement was made in early March 2014 at Washington’s Microsoft US Public Sector Federal Executive Forum.
Previously a commercial cloud server only, Azure has been getting a lot of extra attention of late. Add to the mix the fact that it now has permission to operate via FedRAMP, as an up-and-coming government platform coined — most appropriately — Azure for Government.
However, it hasn’t yet been certified. That will likely come only after further testing. For now, the government-only cloud is being physically housed in two special data centers within the U.S., both completely isolated from public clouds.
Who has access?
Given the highly sensitive content, only personnel who are U.S. citizens and have undergone extensive screening and clearance will be able to get into the data centers. The screening includes categories for “moderate public trust,” but it’s useful to note that the platform isn’t complete yet.
It will continue to be developed and security-enhanced, according to Myers, even though it already houses information from local, state, and federal agencies. “We see this as a dynamic environment…. It is very labor intensive, very capital intensive.”
Myers sums up the operation by noting, “It’s not an environment for the weak.” Of course, being dynamic is a must in order to provide the necessary security, and adaptation abilities are required.
David Aucsmith, Senior Director of Microsoft’s Institute for Advanced Technology for Governments, says, “I do not believe you can create a secure computer system,” but he’s also behind the project. “We don’t know what we don’t know,” he says simply.
Testing the waters
Since IT systems have become so complex today that nobody can fully understand them, at least according to Aucsmith, certain requirements need to be met in order to make any cloud hosting as safe as possible for government clients.
This includes being able to handle threats, which inevitably means full patches and nearly constant updates. Of course, these processes take a lot of time in such a large endeavor, but clouds naturally raise security, since staff can deploy fixes pretty quickly.
However, there are still concerns about slow patches, and hackers can act extremely fast to reveal flaws in government security. According to former Pennsylvania governor TomRidge, “Hackers today are better organized, certainly better financed, and outcome driven.”
Ridge was behind the creation of the Department of Homeland Security itself. “There’s still some people in the private sector who see cyber threats as an IT problem instead of a business risk.” The good news is that the data in this testing stage is of relatively less-than-paramount security value, which allows room for pinpointing and addressing issues.