By Tom Keane and Azure Security News
As we continue to deliver on our commitment to providing the broadest range of commercial innovation for government, we’re rapidly advancing new capabilities for the National Security mission. Azure helps mission teams gain insight from data—at any security level—anywhere. For example, our customers are taking full advantage of Windows Virtual Desktop (WVD), enabling our National Security customers to operate remotely during the COVID-19 pandemic. Through WVD, customers can access critical applications and data in their unique, secured environment. Our team is committed to continually delivering new capabilities as demonstrated by the release of 66 new services to Azure Government and 28 new services on Azure Government Secret since January 2021.
Whether your workforce is stateside or deployed to remote and or disadvantaged locations, Azure gives you access to the most advanced technology platform—providing compute, storage, and advanced analytics capabilities to the warfighter and providing actionable intelligence in near real-time. This leads to greater intelligence at the edge, unified security to protect the nation’s most critical and sensitive data, and elastic capacity to support secure remote collaboration for analysts and forward-deployed teams working around the world.
Delivering mission intelligence at the edge
To help our customers maintain strategic advantage, our technology provides the ability to securely access mission-critical data anytime, anywhere. Microsoft Azure uniquely enables a continuum of compute from on-premises to cloud to wherever your mission takes you across unclassified or classified domains. From collecting data from sensors, advanced peripherals, forward-deployed tactical units, vehicles, tents, theatres, to delivering them to a command post or headquarters unit—Azure gives you a secure, uniform way to gather data, train analytics, and deploy those as close to events as needed.
Additionally, telecommunications infrastructure in austere locations can be unreliable, often requiring customers to leverage extremely expensive, high latency, and low bandwidth communications technologies. Using Azure Stack Edge, customers have the flexibility of setting up an operator-controlled edge storage and processing capability to support mission operations. For example, operators can utilize 5G connectivity in-theatre and satellite communications to connect edge devices in the field. These devices are all securely connected, relaying data bi-directionally from the edge to the cloud, at any classification level—providing mission status to leadership, near real-time.
Delivering specialized capabilities for mission needs
The requirements for data systems supporting mission use cases is incredibly complex, requiring specialized tools that deliver reliable performance over some of the largest workloads on the planet. As we work with our customers to ensure mission success on Azure, we also think deeply about those core requirements and the best ways to make these solutions reusable at scale.
We’re building tools to help mission customers build their own secure data estates on Azure. Our engineering teams have made significant contributions to open-source projects, including Apache Accumulo and Apache NiFi, which make up the core of many customers’ data infrastructures today. These technologies offer game-changing security features (such as attribute-based access control) in Apache Accumulo, controlling data access, and moving data seamlessly across multiple platforms using Apache NiFi.
Today, Apache Accumulo and Apache NiFi can also be seamlessly deployed, managed, monitored, and operated on Azure, with the security, accessibility, privacy, and scale that only a petascale cloud can provide. Data can then be incorporated into Azure Synapse Analytics for advanced analytics and incorporation with the enterprise data stores, bringing mission and enterprise data together consistently and coherently. Visit Apache Accumulo and Apache NiFi on the web to get started with your own deployments on Azure.
We’re also announcing a multi-year collaboration with Intel and the Defense Advanced Research Projects Agency (DARPA) to lead the commercialization of fully homomorphic encryption (FHE), helping our customers close the last-mile gap in data confidentiality by keeping data fully secure and private, whether in storage, transit, or use. FHE enables users to compute on always-encrypted data or cryptograms. With FHE, the data never needs to be decrypted, reducing the potential for cyberthreats.
Harnessing data anywhere for learning everywhere
Harnessing data anywhere is a critical part of building a unified data strategy for the mission. This includes data from space, and our recently announced Azure Space solutions enable mission teams to analyze data and make informed decisions even in austere and disconnected environments. For example, Azure Orbital provides the ability to communicate reliably and securely with satellites in multiple orbits, at multiple frequency bands, and with multiple satellite communication (SATCOM) vendors. Government customers can select the service best suited for their theater, coalition, and operational needs.
We’ve shown that data originating from space can be tightly integrated with terrestrial networks through a global array of resources using our Azure Orbital Ground Station and Edge Connectivity products. Across these solutions, Azure Space provides the unique ability to train satellites virtually, to use those models to automate the recognition of events either locally or in the cloud, and to ingest that data anywhere in the world.
Once data is brought to the ground, Azure provides tools to harness that data for better decision-making. This tooling includes artificial intelligence (AI) and machine learning for all skill levels, welcoming a new era of learning from data to improve operational efficiency, governance, and scale. Additionally, the Power Platform (Power BI, PowerApps, and Power Automate) enables users to uncover and securely share insights, develop AI applications, and automate workflows through low-code, point-and-click experiences.
AI has been cited as a critical area of growth for sustained American leadership. Last year, the Department of Defense (DoD) adopted ethical principles to govern the use of AI, representing a pivotal step forward in addressing the importance of reliability, safety, transparency, and bias. Azure AI and machine learning solutions are built around a principled approach for responsible AI, and our teams offer skilling through classes and custom learning paths, covering a wide range of topics from knowledge mining to autonomous systems to how to think, design, and develop AI solutions in a responsible way.
Modernizing application development for speed to mission
Today we’re announcing several new capabilities to help you modernize your mission systems and achieve greater agility through secure software development. These are part of a larger unified development, security, and operations (DevSecOps) initiative designed to massively accelerate the application Authority to Operate (ATO) process, so customers can rapidly get new capabilities into the hands of their operators and analysts.
The three main components of Enterprise DevSecOps we’re delivering are:
- A secured environment.
- Secured pipelines.
- Automated generation of evidence for authorization.
All of this with automated control, validation, and continuous monitoring built-in. With these capabilities, customers can significantly reduce ATO timelines and accelerate the delivery of new mission systems.
As an example of solutions for creating a secured environment for compliant app development, today, we’re announcing a Collaborative Research and Development Agreement (CRADA) assisting the DISA Cloud Computing Program Office (CCPO) in its development of the DoD Cloud IaC Environment for Azure: a set of Infrastructure as Code templates that build standard environments in Azure to accelerate DoD cloud adoption. This solution delivers preconfigured, preauthorized Platform as a Service (PaaS) environments that come with authorization from the DISA Risk Management Executive (RME) and common control inheritance in eMASS to expedite application assessment and authorization with your Authorization Official (AO).
The DoD Cloud IaC Environment for Azure is expected to decrease deployment timelines from 30 weeks down to potentially as little as 2 hours while providing real-time continuous monitoring and compliance and supporting architecture standardization across all Impact Levels and data classifications.
“Rather than worrying about networks, identity, and operating systems, the Department of Defense Cloud Infrastructure as Code Environment for Azure allows the Sustainment Management System team to focus on the application and delivering our capabilities into our partners’ hands.” – Eric R. Mixon, Computer Scientist, U.S. Army Engineer Research and Development Center (ERDC), Construction Engineering Research Laboratory (CERL)
This will further the government’s ability to secure the supply chain and help defense industrial base (DIB) companies harden environments to comply with recent DFARs updates and Cybersecurity Maturity Model (CMMC) certification requirements. For more information, join our Azure Government DC user community virtual meetup on March 31.
We’re also building on the capabilities of Azure Blueprints to help you secure your Azure services in accord with high-impact security recommendations. We recently released a new sample blueprint, Azure Security Benchmark Foundation, which provides a set of baseline infrastructure patterns to assist in building a secure and compliant Azure environment. This blueprint deploys several Azure services, providing a secure, monitored, enterprise-ready foundation, including Azure Security Center, Network Watcher, Azure Firewall, Azure Bastion, and Azure DDoS Protection.
For organizations that must maintain DISA Security Technical Implementation Guides (STIGs) compliance, Azure provides automation and compliance dashboarding capabilities at cloud speed and scale—allowing customers to reduce some of the heaviest costs associated with maintaining compliance. We have created sample solutions using first-party Azure tooling to deliver STIG automation and compliance reporting, available in the STIG Automation GitHub Repository.
Serving the mission of National Security
For more than 40 years, Microsoft has been a committed technology partner for the federal government. Today, the Army, Navy, Marine Corps, and Air Force are all using Azure Government for mission-critical workloads. We continue to invest in the rapid delivery of new Azure capabilities to support mission requirements across all data classifications and address our nation’s most complex challenges.