recommended reading

Microsoft plugs cloud to feds

Microsoft officials are touting the company's new cloud-based Office 365 as a good choice for federal customers because of its tiered subscription structure and secure management.

Office 365, unveiled at an event Tuesday in New York, is an updated version of the software giant's Business Productivity Online Standard Suite and includes improved, Web-based versions of its word processing, collaboration, PowerPoint, email, calendar and instant messaging products.

BPOS received the coveted Federal Information Security Management Act certification from the Agriculture Department in April, after which the agency agreed to migrate about 120,000 employees to the cloud-based suite.

The Office 365 package Microsoft is offering to federal users includes isolated cloud storage space managed only by U.S. citizens with government security clearances, Susie Adams, chief technology officer of Microsoft's federal division, said Thursday.

The new suite also should appeal to federal customers because of its tiered pricing model, which runs from $2 to$27 per user per month, Adams said. That will allow agencies to pay a reduced fee for interns and other employees who need access only to a handful of services.

One benefit of being located in the cloud is that providers can upgrade services on a regular basis without having to sell customers new hardware, Adams said. Microsoft plans to roll out upgrades to the cloud-based service every three to six months, she said, but will allow customers to control when the upgrades takes effect so they don't disrupt operations.

Computer clouds essentially are large banks of off-site computer servers that can operate much closer to full capacity than standard servers by rapidly repacking data as one customer surges in usage and another one dips. Cloud customers pay for data storage based on use, as with electricity or another utility, rather than with a set fee.

Federal agencies have historically been hesitant to move their services to the cloud because of security concerns over housing their data off-site.

Adams said she's seen that discomfort ebb in recent years, especially since federal Chief Information Officer Vivek Kundra announced a plan to move roughly one-quarter of the government's information technology budget to the cloud in the next five years.

"People just need to stop and look and make sure you're comfortable that your data and its sensitivity level matches your cloud provider," Adams said. "There are always going to be security concerns. That's not going to go away. The cloud isn't necessarily more secure or less secure, it's just who has the responsibility [for ensuring its security,] changes [from the agency to the cloud provider]."

Adams speculated agencies will become more comfortable with cloud storage once the government stands up its FedRAMP process, a planned governmentwide certification of private sector IT that will allow it to be adopted by any agency.

The program ran into criticism when it was unveiled in November 2010, because technology companies complained the one-size-fits-all model didn't jibe with the diversity of programs in the federal government. The Obama administration has said it will consider relaxing the requirements and expects to get the program up and running this summer or fall.

Right now, Adams said, many security protocols and security-related operation tweaks have to be worked out on a case-by-case basis between a vendor and a federal agency.

"That's one of the most difficult things for us," she said. "It's time-consuming and very expensive on our end. If you look at the cloud, it's all about economies of scale and when you work with customers on that level of detail on a one-off basis, the whole economies of scale break down. You can't offer each customer a different cloud. That's not really cloud, it's just outsourcing."

This story has been corrected to reflect the fact that the Agriculture Department, not GSA, granted BPOS Federal Information Security Management Act certification.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.