Feeds

Microsoft follows Amazon in gaining critical US gov certification

Redmond zooms onto FedRAMP, but where's Google?

Boost IT visibility and business value

Microsoft has gained a US federal government certification that makes it easier for agencies to buy cloud services from Redmond.

The company announced on Monday that the platform-as-a-service and infrastructure-as-a-service components of its Windows Azure cloud have been given a Joint Authorization Board (JAB) provisional version of the FedRAMP certification.

FedRAMP "is a government-wide, standardized approach to security assessments and ongoing assessments and authorizations (continuous monitoring)," according to the US General Services Administration, and was created in 2010 as a way to help agencies assess cloud service providers.

"FedRAMP builds upon the existing baseline security controls in place today, adding a standardized approach to security assessment, authorization and continuous monitoring for cloud services," Susie Adams, CTO for Microsoft's Federal division, wrote in a separate post on Monday. "This approach uses a 'do once, use many times' framework which reduces the costs, time and staff required to conduct redundant security assessments."

There are various levels of FedRAMP, but versions of the certificate with more aconyms – such as Microsoft's JAB pATO – are better [Your tax dollars at work.—Ed].

So far, seven organizations including Microsoft hold full JAB pATO FedRAMP certification, and two including Amazon have a provisional version of it known as a FedRAMP ATO.

"Windows Azure is the first public cloud platform, with infrastructure services and platform services, to receive a Provisional Authority to Operate from the FedRAMP Joint Authorization Board," Microsoft said in a press release announcing the move.

Though rival Amazon Web Services gained FedRAMP certification in May for IaaS services from its US East, US West, and GovCloud data centers, Microsoft's certification is slightly broader and better, which could lead to greater use by government.

Besides Microsoft and Amazon, other companies that hold FedRAMP include AT&T, Akamai, Autonomic Resources, CGI Federal, HP Enterprise Cloud Services, Lockheed Martin, and the USDA National Information Technology Center.

At the time of writing, Google had not given us a statement when we requested clarification on whether it was pursuing FedRAMP, but given the Obama administration's commitment to cloud and the aggressive competition among Microsoft, Amazon, and the Chocolate Factory, we reckon the company is in the process of getting approved.®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Flash could be CHEAPER than SAS DISK? Come off it, NetApp
Stats analysis reckons we'll hit that point in just three years
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.