Microsoft has 10 new tools available in FedRAMP High. Giving Microsoft a present total of 67 services within their FedRAMP High Authority-to-Operate (ATO) environments. As government entities and contractors continue to move critical resources to cloud infrastructure in-line with the Cloud First / Cloud Smart Policy, Microsoft has been adding additional capabilities to its already robust line of FedRAMP compliant offerings included within GCC and Azure Government.
Let’s go over these new services, and talk a little about why this is important for CIOs working with government files in a cloud environment.
Understanding Microsoft FedRAMP High ATO
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that standardizes security and compliance procedures for cloud providers. For this reason, FedRAMP certifications — which follow NIST SP 800-53 security controls — help government agencies and contractors select an appropriate cloud environment for their documents.
The governance of FedRAMP is complicated. Currently, many agencies are involved in the overall governance, including:
- Joint Authorization Board (JAB)
- National Institute for Standards and Technology (NIST)
- Department of Homeland Security (DHS)
- CIO Council
- Office of Management and Budget (OMB)
- FedRAMP Program Management Office (PMO)
There are also other agencies that are involved in the overall process, including the Department of Housing and Urban Development (HUD) which granted Microsoft’s FedRAMP Agency ATO at the High Impact Level certification for Dynamics 365 U.S. Government.
For a detailed look at FedRAMP governance, see official FedRAMP policy memo.
Currently, Microsoft has FedRAMP High ATO (or FedRAMP at a high baseline) for Dynamics 365 U.S. Government. While Dynamics U.S. Government is the only Microsoft service that has the High ATO certification, other Microsoft services (e.g., GCC) contain the same FedRAMP controls, making them compliant.
Microsoft was one of the three provisionary cloud services granted FedRAMP High ATO (which includes stricter controls than light and moderate baselines.) The other two are Amazon GovCloud and ARC-P.
FedRAMP High ATO lets contractors and agencies know that Microsoft has the capabilities to handle their sensitive government data while remaining compliant to FedRAMP requirements. So, when Microsoft adds services to FedRAMP High ATO, they are adding additional capabilities to their government cloud solution. Typically, these services have already been thoroughly tested and are fully operational in their non-government cloud environments.
Let’s take a look at these 10 new ones.
10 New FedRAMP High ATO Microsoft Services
1. Azure Security Center
Security Center gives you posture scores for your security environments. So, this service can help you both breed better security controls into your cloud workflows and provide directive on setting up environments that are compliant to specific regulatory requirements (e.g., CIS, ISO, COS, etc.) The Secure Score can help you figure out your weaknesses and give you guidance on what objectives need to be achieved.
2. Azure Advisor
Advisor acts as a one-stop-shop for recommendations within your Azure environment. It may give you insights into ways you could be more cost-effective or resource conservative. Or, it may help you with security and availability. It will also give you accurate timeline information so that you can see how rapidly you can launch these changes. The easiest way to think about Azure is as a personalized assistant that helps you maintain best-practices in your specific environment.
3 – 4. Azure DB for MySQL and Azure DB for PostgreSQL
Both DB for MySQL and DB for PostgreSQL are managed services for MySQL and PostgreSQL through Azure. So, instead of spinning up a VM to run a MySQL or PostgreSQL server on your own, Microsoft handles the management aspect. This gives you more scalability and flexibility. Plus, it saves you some Tylenol for all of those headaches.
5. Azure File Sync
File Sync centralizes your file shares in Azure Files. This is great if you have multiple offices or you’re a large organization with regional offices because you can deploy common files quickly while keeping the same compatibility as your on-premise server. Plus, File Sync lets you specify data syncing at a tiered level — which can help you dump stale data out of your common files.
6. Azure Lab Services
Another really useful service is Lab Services. This lets you create environments rapidly to utilize for a variety of scenarios. Microsoft’s big sell point for Lab Services is classroom labs, which can be a pain to set up for each instance without Lab Services. But, it can also be used to set up testing, staging, or development environments.
7. Azure Migrate
Migrate is a godsend and invaluable when it comes to Azure migration. It assesses your on-premise machines and servers (or hybrid servers/cloud servers) and workflows for cloud migration. It will give you cost estimates, resource estimates, and more. Its availability in Azure government has been requested for quite some time.
8. Azure Policy
Azure Policy Service gives IT pros clarity on compliance issues. Not only does it help you enforce policy rules and maintain definitions, but it has some really nifty features. For example, you can immediately see all non-conforming resources under a policy, and you can quickly do things like set naming conventions.
9 – 10 Microsoft Flow and Microsoft PowerApps
These next two, Flow and Apps, are incredibly powerful workflow tools. Alone, they can completely disrupt your daily business processes and introduce your non-IT employees as IT assets.
Flow lets you set up automated workflows. For clarity, “you” means anyone in your business. It’s incredibly simple, and it’s designed to help you leverage non-IT resources to reduce IT workflows. indeed, anyone can log in and set up a quick automated workflow between apps and services.
PowerApps, on the other hand, lets you build business apps with point-and-click ease. Furthermore, anyone in your business can use this to design simple apps. Of course, more complex apps will probably need to be run through IT. Thankfully, applications developed in PowerApps can be expanded by traditional software developers.
We have a comprehensive guide to how organizations can leverage Flow and Apps to empower first-line workers, and a great demo from David Branscome showing how to automate security responses with flow and cloud app security.
We’re extremely excited that these two are now FedRAMP compliant. It will be an incredibly transformative asset for government clients.
Microsoft continues to increase its government cloud offerings. In fact, achieving FedRAMP High compliance on these applications will be immensely helpful for those who deal with government resources.
Are you looking for a partner who understands the nuances involved with government cloud management? Not only does AgileIT have significant experience managing government cloud architecture, but we have 16 gold competencies with Microsoft, and we’re one of only 6 global AOS-G partners who can sell GCC High to those with under 500 seats.
Thinking about making the switch to government cloud? Fill out the form below to get in touch.