Microsoft recently announced an expansion of their Azure regions world-wide. The number of regions announced now sits at 30, with 22 being generally available (GA). The most recent wave, of Azure regions, focuses on trusted environments for government customers or regions with specific privacy needs.
In Canada, Microsoft is now offering an operational preview for select customers looking to run workloads in either of their Toronto or Quebec City regions. The introduction of Canadian regions is largely in response to customers with data sovereignty concerns or to comply with Federal Government procurement policies which prohibit the storage of any non-public data from leaving Canada. Microsoft plans to make these Canadian regions generally available in Q2 – 2016.
Microsoft has also made its Germany region available in preview to select customers. In order to adhere to data sovereignty concerns, Microsoft has partnered with Deutsche Telekom as a data trustee under the name Azure Deutschland. Microsoft has future plans in both Canada and Germany to extend its Office 365 and Dynamics CRM offerings in these regions once the Azure regions have reached GA.
In the United States, Microsoft has announced it will soon receive FedRAMP High accreditation. What this allows Microsoft to do is provide cloud computing services that have a high impact. This accreditation represents the highest impact level available in the FedRAMP program. Matt Rathbun, cloud security director at Microsoft, further explains the importance of this achievement: “Up until this point, federal agencies could only migrate low and moderate impact workloads. Now, Azure Government has controls in place to securely process high-impact level data—that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations or, assets, or individuals.”
Microsoft expects Provisional Authority to Operate (P-ATO) by the end of March 2016, in the Azure Government environment. Microsoft is not the only organization to reach this provisional status. Joining them in this pilot is Amazon Web Services and CSRA.
In addition to the FedRAMP news, Microsoft has also finalized the Security Assessment Report (SAR) in order to meet DISA Impact Level 4. Impact Level 4 data refers “to unclassified data that requires protection against unauthorized disclosure as established by Executive Order 13556 or other mission-critical data.” DISA Impact Level 4 data includes datasets “subject to export control, For Official Use Only, Law Enforcement Sensitive or Sensitive Security Information.”
Lastly, Microsoft will be establishing two new physically isolated Azure Government regions to support Department of Defense (DoD) DISA Level 5 requirements. These new regions will be known as US DoD East and US DoD West. Rathbun explains how these regions are different from traditional Azure regions: “US DoD East and US DoD West have been architected to meet stringent DoD security controls and compliance requirements, and will be specifically dedicated to DoD workloads and data at Level 5.” Such security controls include DoD unclassified information being processed on dedicated infrastructure that ensures of isolation between it and non-DoD tenants. Microsoft is targeting the availability of these two regions later in 2016.