When a new cybersecurity, database management, or cloud solution debuts on the commercial market, there is almost always a lengthy waiting period before the technology trickles down into the hands of federal government agencies. Due to the government’s significantly heightened data security standards and accreditation requirements that commercial solutions must meet before being implemented across government agencies, this lag is understandable.
Microsoft Federal has successfully bridged that gap through its classified cloud solution – Azure Government. Azure Government is a mission-critical cloud that meets federal government compliance requirements and standards – even for the most sensitive data at the highest levels of security.
To learn more about Azure Government, how it delivers commercial-level cloud capabilities that meet federal standards, as well as how it makes government agencies’ intel lifecycles more efficient and optimized, the GovCyberHub sat down with Kristen Summers, Operating Unit CTO at Microsoft Federal.
Here is what she had to say:
GovCyberHub (GCH): What different cloud use cases exist for intel, defense, and national security agencies? How could these agencies and organizations benefit from the cloud? What capabilities could it enable for them?
Kristen Summers: At a high level, national security organizations can benefit from a broad set of use cases just like commercial entities do. The same general advantages apply, like paying for what you consume. Rather than for all the equipment necessary for your peak workloads. Elasticity, tasks, and data volume vary and the cloud lets your experts focus on what’s specific to your own applications while using a provided, stable base for the underpinnings – whether that be pure infrastructure in Infrastructure-as-a-Service (IaaS), or a platform for your custom applications in Platform-as-a-Service (PaaS), or individual pieces of software to use in combination with your own data and specialized capabilities in Software-as-a-Service (SaaS).
At a more specific level, using the cloud can really help defense and intelligence organizations move forward. All those general advantages of efficiency, elasticity, and letting your experts focus on what’s specific to your applications are things that can enhance the mission, letting you bring more resources to it as needed.
And then, if you go beyond IaaS, where you’re using the cloud in place of dedicated, on-premise hardware, to start using PaaS and SaaS, where you’re making use of tools provided by that cloud, you can also really transform your applications, or take advantage of the capabilities to make new ones.
“The cloud, itself, has to be accredited for data at the level of classification it supports. That’s what we’ve done with Azure Government…” -Kristen Summers
For example, using built-in machine learning for computer vision, in combination with a service for creating synthetic data, you can train models to recognize even rarely occurring but important objects in imagery and assist your imagery analysts. Or you can use a built-in database that is designed to handle a wide variety of disparate data types, like Cosmos DB, to pull together and integrate data from different parts of your mission. And, of course, there are so many more; the available tools can be combined in as many ways as you can think of, based on your needs.
GCH: Why would these organizations be reticent to embrace traditional, commercially-available, multi-tenant cloud solutions for their workloads, applications, and data?
Kristen Summers: Organizations with classified, or even just highly sensitive, data are naturally hesitant to put their data in infrastructure shared with other parties they don’t know. Even excellent security can occasionally be breached; that’s why we now hear so much about a zero trust security architecture that doesn’t assume full protection from any given layer.
So, with classified data, the organizations simply aren’t allowed to use a standard commercial multi-tenant cloud. The cloud, itself, has to be accredited for data at the level of classification it supports. That’s what we’ve done with Azure Government, with a special-purpose classified fabric, in addition to the unclassified Government cloud, and, of course, all of these are limited to U.S. Government customers and contractors. The tenants can be assured that the other tenants have the right reasons and access for using the cloud they are on.
GCH: Does Azure Government – and the increased security that it delivers – lack any of the benefits of a commercially-available, multi-tenant cloud? Are there any trade-offs to accessibility or scalability that come with the increased security?
Kristen Summers: There are always trade-offs, and the primary one is accessibility as a simple result of the time required to make available any given new service or technical advance. As a capability is developed in the commercial context, it takes time to package it up and bring it to the more secure clouds, and then it takes additional time to get the accreditation to use it in those settings.
“The great thing about the Microsoft Classified Cloud is that…it also has a variety of tools available that are really helpful for making an intelligence life cycle more efficient and getting to its outcomes faster.” -Kristen Summers
So, the broadest set of services and capabilities are on the commercial cloud, and when the data isn’t sensitive, it makes sense to do work there. But it’s also true that the capabilities on the classified clouds are expanding all the time.
So, let’s take an example or two. Data Factory, for data integration and data transformation, is available on Azure Government at all levels. If you want that functionality, you can just choose the environment that is the best fit for your application and go. On the other hand, Azure Synapse Analytics, which brings together data warehousing and big data analytics of various kinds, is available in Azure Government at the unclassified level, and it’s currently in preview at the Secret level.
So, if you were planning an application at the Secret level where Synapse was a good fit, if you were planning that months ago, you might have decided it was better to use some alternative tools, like Cosmos DB that I mentioned earlier, and maybe Data Explorer, and/or Data Factory. But now Synapse is already in preview at that level, so if you’re planning now, you might be able to plan to use it once it’s accredited and generally available.
GCH: Why is Microsoft the choice for more streamlined and faster intel for those who need it, wherever they are?
Kristen Summers: The great thing about the Microsoft Classified Cloud is that not only does it have fabrics at different security levels for different needs, as we’ve already talked about, but it also has a variety of tools available that are really helpful for making an intelligence life cycle more efficient and getting to its outcomes faster.
It has tools like Cosmos DB, which is a managed NoSQL database that lets you do analytics over operational data without having to go through a standard ETL process. You can go directly to getting value out of your data in a streamlined way. And it has APIs for a variety of standard NoSQL databases, so you can use it smoothly with data you already have in a variety of formats.
“Microsoft Azure has a range of edge offerings to create an experience with the best continuity from the full cloud through deprived and disconnected environments.” -Kristen Summers
Or, as another example, the Microsoft Classified Cloud has Data Explorer, which is a high-performance, big data analytics platform that makes it easy to analyze high volumes of data in near real-time. It can analyze structured, semi-structured, and unstructured data across time series, making it simple to extract key insights and spot patterns and trends. You can use it for exploratory analytics in general, and you can also use it for things like analyzing logs or Internet of Things (IoT) data or other sequences of events on an ongoing basis, giving you near real-time results so that you get timely insights to act on.
GCH: What are the top reasons why Microsoft is for classified missions in the intel space vs. others?
Kristen Summers: First, there’s the variety of tooling that we’ve been talking about, so that you’re going farther than bringing applications into the cloud; you’re modernizing them, enhancing them, and in some cases reimagining them, to take advantage of capabilities that can streamline your process or give you new insights.
Second, something we haven’t talked about is the level of support that is associated with these offerings. We engage as partners to support mission goals. So, the government, or system integrator working on their behalf, gets not only the tools needed for each solution but also the expertise and collaboration to ensure the tools are used effectively for mission success.
Another reason to consider is that some use cases will require going outside the reach of the full cloud, either temporarily or fully. That is, they’ll need processing at the edge. Microsoft Azure has a range of edge offerings to create an experience with the best continuity from the full cloud through deprived and disconnected environments.
And finally, it’s important to consider that security is in our DNA. Obviously, within the context of a classified cloud, a lot of security has to be there or it wouldn’t be a classified cloud. But beyond that, Microsoft is constantly expanding security offerings, with sophisticated log analysis and capabilities from our commercial focus on this area.
We bring leading protection at all levels in a zero trust architecture, with threat detection that applies to insider threats as much as to external threats. When you’re looking at mission applications, that kind of protection is critical.
