News

Microsoft, Amazon Clouds Get Highest-Level Gov't Approval

The Microsoft Azure and Amazon Web Services (AWS) public clouds are now certified to run highly sensitive workloads from government agencies.

The two companies each announced last week that they have been accredited with the highest level of compliance by the Federal Risk and Authorization Management Program (FedRAMP). CSRA, a provider that offers IT services specifically to government agencies, also reached the long-awaited FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) clearance.

The approvals, which were long-expected, pave the way for federal agencies to host the most sensitive, high-impact workloads on the three companies' public clouds, including personally identifiable information, financial data, law enforcement information and other forms of unclassified content. In all, the certification covers 400 different security controls.

Azure and AWS have been FedRAMP-compliant for several years, but only for low-level or moderate workloads. The upgraded FedRAMP status certifies that the approved cloud platforms have "controls in place to securely process high-impact level data -- that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations, assets, or individuals," said Susie Adams, chief technology officer of Microsoft Federal, in a blog post.

Teresa Carlson, public sector vice president of AWS, noted that more than 2,300 government customers worldwide use the AWS cloud. "By demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations," Carlson said in a statement.

That baseline, according to AWS, "is mapped to National Institute of Standards and Technology (NIST) security controls, which classify data as 'High' if a compromise would severely impact an organization's operations, assets or individuals."

For Microsoft, the FedRAMP High accreditation covers 13 customer-facing services, including Azure Key Vault, Express Route and Web Apps, "representing a significantly more agile pace of accreditation to the benefit of Federal customers," Adams noted.

For AWS, it covers the "AWS GovCloud (US) region, including Amazon Elastic Cloud Compute (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), Amazon Identity and Access Management (IAM), and Amazon Elastic Block Store (EBS)," according to the company.

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.