Amazon Web Services is a dominant player in government contracts, used by almost 2,000 government agencies and even hosting a dedicated region called GovCloud. However, Microsoft’s movements towards gaining security approvals in the USA could see the market leader challenged on a lucrative upcoming contract.
Amazon’s work with the US government is worth almost $3 billion, and could grow to $4.6 billion next year. AWS is the only cloud provider recognised as secure enough to host sensitive government information, but Microsoft may soon compete in this area, as it expands through its Azure Government Secret unit.
Cloud providers hoping to work with the USA’s federal government must gain certification from the Federal Risk and Authorization Management Program (FedRAMP). These approvals can range from low-level ones for working public websites, to high-level for hosting secret information.
Microsoft has already obtained FedRAMP’s high rating for its Azure Government business. It has also gained IL-5 approval through the Defense Information Systems Agency (DISA), which is necessary for working with the Department of Defense. Certifications range from IL-2 (low-level) to IL-6.
The DoD certification is important, as the Department is seeing to award a decade-long $10 billion contract (the Joint Enterprise Defense Infrastructure (JEDI) project) in September. There have been complaints that the contract, which is structured to go to a single supplier, favours market-leading Amazon.
The winner of the JEDI deal will need to qualify to host unclassified information within 30 days, classified information within six months and top-secret information within nine months – making high-level approvals critical in the tender. A Microsoft spokesperson said that the company will be able to support IL-6 workloads soon.
Security and procurement experts, however, have warned that approvals are not the only element that will make a difference. Major tech firms with the necessary expertise will also be considered, and could then be walked through the approvals process.
“We have seen it done in a couple of months. We have seen it done in a couple years,” Michael Carter, VP of FedRAMP and Assurance Services at independent security assessor Coalfire, told Bloomberg.