Microsoft took a significant step forward late last week in overcoming security concerns related to cloud computing in government agencies. The step came in the form of an announcement that the watchdog body governing the Department of Health has given Office 365 the thumbs up to operate in the department.
Office 365 will be the first cloud based email and collaboration and communication product to obtain a FedRAMP authorization. The authorization could potentially open the doors to a rush of deployments across government services.
FedRAMP Stamp of Approval
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products. If you don’t get FedRAMP approval, you don’t get into government agencies.
And as we have seen in the past, many private companies look to these public sector standards as a way of judging the suitability of given products for private use.
In other words, if the Feds gives your product the go-ahead, then it’s likely that private companies that are justifiably cautious about security will be more favorable to the products as well.
In this case, it means approval for the use of Office 365-based products in more than 300 Department of Health programs including the Food and Drug Administration, and the Centers for Disease Control and Prevention.
This will likely only be the start. If the Department of Health is allowing its data on healthcare into the cloud through Office 365, then any objections that other departments in the public sector might have should dissipate.
Office 365 For Gov
So what are we talking about here? Bill Birkholz principal program manager for the Office 365 Trust Team explained in a blog post that Office 365 has been granted FedRAMP Authority to Operate (ATO) by the Department of Health and Human Services Office of the Inspector General (HHS OIG).
Microsoft’s authorization with HHS OIG makes Office 365 the first cloud based email and collaboration service to obtain a FedRAMP authorization. Microsoft worked with the HHS OIG and the FedRAMP PMO to demonstrate Office 365’s adherence to the stringent FedRAMP security requirements that are critical for U.S. government adoption of cloud services,” Matt Goodrich, acting FedRAMP director at the General Services Administration said.
Any product that goes into Federal agencies will have to be adopted for government service, but Microsoft is well prepared as it developed government-specific Office 365 plans over the past 2 and a half years since its launch.
The result is that even before the FedRAMP certification, Microsoft was in a position to offer government-specific instances of Office 365 services like Exchange Online, SharePoint Online and Lync Online designed for US, tribal, state and local government customers.
Without going into the details behind achieving this kind of certification, suffice it to say that Office 365 has undergone rigorous standards testing under FedRAMP risk management standards.
The government market has historically been cautious about moving to cloud computing, in spite of the perceived potential savings such a move could offer. The FedRAMP stamp of approval is an important step for Microsoft to succeed in this extremely lucrative market.
Add to that Microsoft's claim that it offers the same security standards and functionality to its products for the commercial markets, and you have a powerful marketing tool for the promotion of Office 365 in both the public and private sector.