Cloud is a wonderfully open, accessible, and flexible computing solution. Cloud compute also brings the additional challenge of ensuring Network, Data, and Security – particularly when working with highly targeted entities like government, government sector, and supporting industry. Working with our Defense contractor client on software optimization, inevitably led to a MS Teams integration assignment. This is a relatively straightforward process until government is involved. Government sector entities at all levels – federal, state, municipal, portfolio (DoD, Military, Healthcare) – are worried about the very real threat of having their networks, systems, and data vulnerable to outside/foreign interests who may wish to access, corrupt, or disrupt. Enter the Sovereign Cloud (GCC High Standard), where services remain secure within the sovereign country that uses it, with additional controls including allowing only fully cleared citizens to have access to and support it. Microsoft’s Sovereign Cloud o erings like GCC (Microsoft 365 Government Community Cloud) is a Platform as a Service (PaaS) built on Azure Government Infrastructure, separated from Commercial users for security (as required by government entities like the DoD and military). Assuming a Provider meets the GCC High standard, in our experience, often requires a review of their practices ensuring all operations remain on national soil. GCC High in this case didn’t require FedRAMP (Federal Risk and Authorization Management Program) standards, which would have required more procedural steps and time.
Microsoft 365 Platform Standards
Customer Profile:
- Defense Contractor
- US Operations
- 5,500 Seats
- 1,800 Initial Minutes
- Direct routing and operator connect
- 4 months to close
Objective:
Find Provider options that offer, and can follow through, with the exacting standards required to contract/work with the Department of National Defense, military, and other high-level departments. Voice Integrations and enablement for MS Teams can have extra layers of complexity depending on who the clients are, and the level of support a given Provider may possess.
Discovery:
American Sovereign Cloud, where all Cloud infrastructure is housed/maintained in the US and only by fully vetted US Citizens, is a requirement when working with certain government departments. The customer requested three options, we looked to various Providers including those who promoted within their capabilities as being GCC High-compliant. Performing due diligence, we found most did not meet the standard, including large recognizable brands. Ensuring that all prospective solutions could maintain the security, and were not based o shore, required looking past marketing positioning, and asking the right probing questions. The client had suggested a few alternatives, which looked good at first, but failed to meet the mark under closer scrutiny.
Solution/Deployment:
The whole process took approximately four months. GCC High is a Microsoft standard government sector entities are able to adopt, which requires less process than the FedRAMP standard. MS Teams is universally adopted across business, non-profits, public, and private sectors – with government being a small but important percentage. Many Providers dedicate a proportionate percentage of their workforce to serving it, or none at all. The current engagement, now completely deployed, is expected to grow as they add seats and minutes.
Customer Gain:
- Migration to compliant Cloud services for Voice and Collaboration
- Qualified as a prime or subcontractor for Federal contracts
- Confidence in the Security of both the solution and underlying Provider