Microsoft has recently made significant improvements to the Government and Department of Defense (DoD) compliance of its cloud offerings for Microsoft 365 (M365), Microsoft Office 365 (O365), and Microsoft Azure.
However, these changes have also resulted in significant misinformation and confusion in the marketplace. This article will explain the very important compliance details that are often omitted when discussing which cloud offerings are right for your current and future business needs.
Deciding which cloud offering is right for migration of your services and data is a significant commitment of time, effort, and expense. Choosing the wrong cloud offering may result in non-compliance, disqualifying you from future contracts and partnerships. Making the right decision the first time is critical to keeping business flowing and avoiding the delays and costs of another cloud migration.
The cloud and compliance experts at Peerless are available to help you make the best decision possible for your current and future business needs, whether it is your first move to the cloud or you are considering a more compliant cloud offering.
NOTE: Microsoft “DoD Cloud” and other Government cloud offerings are only available to Government agencies, not directly to contractors.
Compliance requirements (as specified by contracts, laws, regulations, and industry) are complex, interconnected, and ever-changing.
In the following summary table, we demystify the most significant caveats and details associated with common Government and DoD contractor compliance requirements.
Multiple cloud offerings (e.g., separate cloud enclaves) can be used as a mitigation to meet specific requirements. For example, using the Commercial cloud for general employees while using the GCC High cloud for employees that handle sensitive information. This increases operational complexity and the risk of sensitive data spillage (i.e. cross-contamination) to a non-compliant environment, but may reduce costs. Other mitigations that may satisfy compliance in a lesser cloud environment include Virtual Desktop Infrastructure (VDI) / Remote Access technologies and third-party compliant encryption.
GCC High is the most secure and compliant offering currently available anywhere for Government and DoD contractors.
The following table released by Microsoft combines different compliance requirements that should be distinct and does not indicate certain caveats that are very significant to determining compliance. We have seen industry marketing based on this table that communicates incorrect or incomplete information about compliance. This could lead Government and DoD contractors to choose the wrong cloud environment for their needs.
We have clarified Microsoft’s table by providing our opinion of compliance, after consulting with the authors of the Microsoft table and evaluating the important caveats that were not represented. We recommend using the much more detailed Peerless Summary of Microsoft Cloud Compliance above for the most thorough and complete representation of this information.
Peerless Tech Solutions has cloud and compliance experts ready to help your business choose the right cloud offering, migrate to your new cloud, and achieve / maintain compliance with current and future requirements.