Microsoft has labeled its cloud service the most trusted for industrial base and ITAR critical workload, following compliance with a new set of DoD requirements.
The requirements are part of DFARS 252.204-7012 and protect against loss, misuse, and modification of protected information. They also cover the systems that contain that information (i.e. Azure).
Azure Government Strengths
Microsoft has clearance as a defense contractor, and as such can obtain the necessary certificates to report cyber attacks. Principle Program Manager Indy Crowley also mentions some other benefits:
“Additional strengths include malware detection and reporting, and data and media disposal methodologies that meet DoD standards. As required by the nature of DoD data and Export Controls, all data is maintained and administration performed within U.S. Jurisdictions by personnel meeting DoD standards.”
Further advantages come from Azure's FedRAMP certification. Microsoft first announced the authorization on June 23rd, the same day as Amazon's AWS GovCloud.
FedRAMP covers a huge list of services, including:
- “Azure. These services are covered at the FedRAMP Moderate Impact Level: Application Gateway, Azure Active Directory, Cloud Services, Key Vault, Load Balancer, Multi-Factor Authentication, SQL Database, Storage, Traffic Manager, Virtual Machines, Virtual Network, and VPN Gateway.
- Azure Government. These services are covered at the FedRAMP High Impact Level: App Service: Web Apps, Application Gateway, Azure Active Directory,* Cloud Services, ExpressRoute, Key Vault, Load Balancer, SQL Database, Storage, Traffic Manager, Virtual Machines, Virtual Network, and VPN Gateway.”
In addition, Azure has DISA Impact Level 4 Provisional Authorization and supports ITAR obligations. This means Microsoft can host Controlled Unclassified Information (CUI), as well as federal civilian and defense information.
Microsoft has a lot of certifications, but whether or not this makes them the most trustworthy Cloud is fairly subjective. Amazon is certainly a big competitor, and also supports FedRAMP, CUI, ITAR and more. The company is yet to announce anything regarding DFARS 252.204-7012, but it's likely just a matter of time.