Microsoft Corp. is on track to catch up with Amazon.com Inc. by obtaining top federal security authorizations early next year, bolstering the company’s position in the Pentagon’s winner-take-all competition for a multibillion-dollar cloud computing deal.
The software company said Oct. 9 that it will earn the certification required to host the government’s most sensitive and classified information—a distinction previously held only by Amazon Web Services—by the end of the first quarter of 2019.
Microsoft’s announcement comes just four days before tech companies submit bids for the Defense Department’s cloud contract, which is widely seen to favor Amazon. The project, known as the Joint Enterprise Defense Infrastructure cloud, or JEDI, involves transitioning massive amounts of Defense Department data to a commercially operated cloud system. Bids for the project, which could last as long as 10 years and be valued at as much as $10 billion, are due on Oct. 12.
Alphabet Inc.’s Google, which is far behind its peers in obtaining government cloud-security authorizations, said Oct. 8 it has decided not to compete for the JEDI project, in part because of a potential conflict with its corporate values on uses of artificial intelligence.
Microsoft had said in June that it was making progress toward winning top-level security clearance for the cloud.
“I don’t think anyone was doubting that Microsoft would be able to get its security up to snuff before the JEDI contract,” said Bloomberg Intelligence analyst James Bach. “I don’t think this rises beyond the level of a PR win.”
Amazon Web Services is widely seen as the front-runner for the JEDI project because it already won a $600 million cloud contract from the Central Intelligence Agency in 2013. In recent months, Microsoft has been seen as a competitive alternative as it expands its work with the intelligence community.
The long and costly process to gain authorization to sell cloud services to federal agencies can give technology companies a boost when they compete for government contracts. Commercial cloud providers for the federal government must seek certification from the Federal Risk and Authorization Management Program (FedRAMP), which awards approval based on the sensitivity of data the service is hosting.
A low-level certification might be sufficient for cloud-based services used to support public websites, while a high level would be needed to host secret government information.
Additionally, those working for the Defense Department typically need clearance from the Defense Information Systems Agency (DISA.) It issues security authorizations from IL-2, for hosting unclassified material, to IL-6, for highly classified data such as national security information.
The JEDI contract requires cloud companies to be authorized to host data of all classification levels, though it gives vendors some time to obtain the necessary certifications.
Amazon Web Services is currently the only company to have achieved an IL-6 security authorization, besting other competitors including Microsoft, Oracle Corp., and International Business Machines Corp.
Microsoft has already obtained FedRAMP’s highest rating for its Microsoft Azure Government business and an IL-5 through DISA. In October, the company announced it was developing Microsoft Azure Government Secret, which would help it obtain the IL-6 authorization.
Even if Redmond, Washington-based Microsoft doesn’t win the JEDI contract, earning the IL-6 authorization next year will give the company an advantage as it competes for other government business.
“It’s a demonstration of our continued investment around cloud security,” said Julia White, corporate vice president of Microsoft Azure.
By Naomi Nix