U.S. Defense Information Systems Agency has granted Provisional Authorization to 23 government cloud services for hosting mission data up to Impact Level 2, which is non-controlled, unclassified information, including publicly released information as well as some private unclassified Department of Defense information with some minimal access control.
DoD, a DISA parent department, has been warming to commercial cloud services. One vocal proponent of using cloud intelligently has been DoD CIO Terry Halvorsen. Cloud promises savings, however not all data is suited for cloud. The first step was defining the types of data, with Provisional Authorization defining which providers are suitable for Impact Level 2 data.
There are four Impact Levels, each describing the sensitivity and risk associated with the data. Counterintuitively, they are levels 2,4,5, and 6, 2 being the lowest and 6 reserved for classified double-secret probation information.
Each provider is first granted either a FedRAMP Joint Authorization Board Provisional Authorization or a FedRAMP Agency Authority to Operate. A primer on FedRAMP is located here.
Some of the more well-known names that were granted Provisional Authorization Level 2 include:
- CDN provider Akamai
- Microsoft Windows Azure public cloud
- Amazon Web Services Redshift, a data warehouse service
- AT&T’s Storage-as-a-Service
- IBM SmartCloud for Government
- Microsoft Office 365 and supporting services, such as Active Directory
- Oracle Federal Managed Cloud Services, and its SaaS Service Cloud
- Salesforce Government Cloud, PaaS and SaaS
- Verizon Enterprise Cloud Federal Edition
Many data center providers have either gone after the larger federal space or acquired positions in this growing market. QTS, which received its FedRAMP certification in 2014, acquired Carpathi Hosting this week to boost its government cloud offerings.
What workloads are suitable for which cloud is still being established. New cloud security requirements were launched early this year.
The other clouds granted PA are:
IaaS: Autonomic Resources Cloud Platform (ARC-P), Clear Government Solutions FedGRID Government Community Cloud, Lockheed Martin SolaS-I Government Community Cloud, OMB MAX General Support Services, USDA National Information Technology Center
PaaS and/or SaaS: MicroPact Product Suite, AIMS eCase, OMB MAX.gov Shared Services, U.S. Treasury Workplace.gov Community Cloud, Economic Systems Federal Human Resources Navigator (FHR Navigator), SecureKey Briidge.net ExchangeT for Connect.Gov, Edge Hosting CloudPlus, which provides managed, secure Windows and Linux application hosting (technically an ASP).
Remote hosted desktops: Concurrent Technologies Corporation.