Hey y’all, thank you for stopping set for another episode of Dux Quax: The direction to #MSIgnite! With this episode, I’m on Microsoft’s Redmond campus again, this time around with my close friend John Levenson. Watch, read, or both to listen to us talk about everything public sector in front of Microsoft Ignite 2017. I recommend attending Brian’s sessions for individuals individuals who definitely are in the conference!
Dux: Hey everybody this really is Dux and welcome to another episode of Dux Quax. I’m still here on campus. I’m very excited to determine my friend John.
John: Hey, I’m John Levenson, Product Marketing Manager for Office 365 U.S. Government and alter Management.
Dux: John, it’s been type of hot yesteryear couple of days, right?
John: Oh goodness, yeah. We’re unfamiliar with this in San antonio so the majority of us don’t really have ac, we’re resting on beds of ice.
Dux: There you have it. What’s the selection of drink for that warm weather?
John: Oh I’m a mocha guy.
John: So now you ask , just iced or hot.
Dux: I ended by for supper in a really awesome Malaysian restaurant and they’ve bubble tea, I haven’t had these in forever.
John: Oh, sounds scrumptious.
Dux: Have you ever had bubble tea?
John: Not shortly, it’s been a lengthy time.
Dux: Yeah, yeah. So it’s good. So listen, I understand you perform a lot for public sector, why do you not tell everyone that which you provide for Office 365, the shoppers you train with, and also the awesome stuff everyone do.
John: Yeah, absolutely. So my niche inside the Office 365 product marketing division is U.S. Government and that’s condition and native, tribal, federal, civilian along with the Dod. So type of the entire U.S. government where we all do possess some unique choices as well as special clouds where there exists a separate implementation of Office 365 to meet up with a few of the more strict regulatory compliance.
Dux: Sure. And perhaps many people have no idea, but Microsoft, so far as I understand, has got the most certifications for just about any cloud environments worldwide as well as the U.S. right? I am talking about lately, late this past year, everyone got the L5 certification for DOD and that’s huge.
John: That’s right. So we’re really, really happy with the accreditations and also the authorization that we’ve received, you totally nailed it, underneath the DOD, Security Needs Guideline or SRG. We all do have choices that meet us SRG-L5, or level five, controls and needs and we’re also both software like a service with Office 365 Dynamics, after which with Azure we provide IaaS and PaaS too, and all sorts of deeply integrated meeting extremely high compliance levels can be a pretty awesome factor that we’re quite happy with.
Dux: So for the advantage of individuals watching who might not be familiar, like so how exactly does that actually work? Right? Therefore we know Office 365, we understand all the workloads, however in the U . s . States, like basically work with the federal government, a civilian, DOD or SLG or tribal nations, like, which will i pick? Wouldso would I understand? Are you able to break lower the choices which i have?
John: Absolutely. So, you realize, I’d really begin with some a brief history lesson here, you realize, history being 5 years maybe. But returning to the first times of BPOS, the company Productivity Online Suite, that eventually become Office 365. We’d BPOS-D and BPOS-S, S for shared, the multi-tenanted model that we understand and love, and BPOS-D for dedicated, that was an earlier implementation from the cloud. So we required BPOS-D so we ring-fenced these isolated environments with screened personnel. We known as it BPOS-F for federal.
Dux: First got it.
John: So we made commitments round the compliance there, ITAR needs for instance.
John: With time we evolved so we released Office 365. In the last times of Office 365, then we created out capacity inside our CONUS data centers, Continental U . s . States…
Dux: First got it.
John: …for Exchange, for SharePoint, later for Lync, that has become Skype, so we known as that GCC or Government Community Club. So GCC belongs to this global cloud where we invest in U . s . States data residency, also it meets FedRAMP Moderate, it meets Criminal Justice needs and federal tax needs.
Dux: Sure. As well as for individuals different, FedRAMP is really a compliance through the U.S. authorities, basically, you realize, CliffsNotes version, if you choose to visit the cloud, the cloud provider ought to be FedRAMP Compliant, right?
John: Absolutely. And FedRAMP is dependant on some NIST outlines framework, so lots of depth we are able to get into in compliance it’s…I prefer to tease my buddies the intersection of Microsoft and government is simply acronyms virtually.
Dux: There you have it.
John: But, you know…
Dux: I’m still awaiting the acronym Run-DMC.
John: Exactly. Which means this involved 2012, we launched this GCC offering, and that’s been on the market since about then. Now, come 2016, we built what we should describe as a sovereign cloud, ground-up separate data center, separate network, separate directory, which is Azure Government.
Dux: First got it.
John: On the top of Azure Government, we’ve built a brand new implementation of Office 365. It isn’t safer however it does meet a few of the greater compliance levels underneath the DOD’s SRG security needs guidelines, under FedRAMP, so this is where we’ve these choices which are helpful for that Dod, for a few of the military branches. It’s all non-classified data obviously. But, yeah, that’s right.
Dux: So, if I wish to distinguish this, right…? So your house within the U . s . States just for Office 365 for instance, really you will find, I’d say generally three flavors that what we should would call Office 365 public, for everyone else non-government, Office 365 GCC, that’s FedRAMP compliant and so the latest we have to describe Office 365…
John: Oh, yes. This latest the first is, we’ve really just develop newer and more effective names.
Dux: Okay. What’s the brand new name?
John: Therefore we think of it as GCC High…
Dux: GCC High?
John: …and DOD.
Dux: First got it.
John: We’re trying to simplify, we’ve been through a couple of different naming schemes and that’s why I type of dumped inside.
John: Where GCC, FedRamp Moderate, SIGUS [SP], IRS-2075 for Office 365, for Federal data, Criminal Justice Information, tax data. GCC High is aligned using the controls which are outlined within the security needs guidelines of level 5. But it’s a multi-tenant atmosphere where we all do, allow it to be open to federal agencies, to states, whenever they prefer to get there.
John: But additionally towards the defense industry…
John: …so a sizable segment of consumers and firms on the planet which are holding data with respect to the DOD.
Dux: You realize, I acquired to let you know John, after i discovered the interest rate and just how fast government departments are relocating to the cloud, I had been really very, very impressed and encouraged because, you realize, there’s this stereotype, right, “Oh, government is definitely the final to leap on technology,” but dealing with customers and understanding use cases, boy, they really see the need for the cloud beyond only the traditional workload. Many of the advance work now, particularly in Azure with such things as cognitive services — AI, ML — people are planning on might how they may make use of this, in the finish during the day, to higher meet their mission.
John: Yeah, you’re right. And it is really, really awesome to determine, and it is happening whatsoever amounts of government too. You realize, there’s examples for…like the town of L.A. uses some bots to reply to citizens questions. Therefore if you’re asking an issue to L.A. you are able to achieve to their bot and it’ll go help parse with these massive data sets to provide you with information.
Dux: That’s awesome.
John: It’s not necessary to look through all of the websites. After which in the federal level, using the recent executive order from President Trump, the American Innovations Council brought by Jared Kushner, we’re really visiting a significant motion and movement within Authorities, Dod and states and metropolitan areas and counties really truly searching at so what can we profit from the Cloud, exactly how should we make the most of what for several organizations has type of become commoditized…?
John: …and really concentrating on individuals missions, like everyone else stated.
Dux: So for individuals watching, right? Maybe they’ve began their journey or they’re going to start their journey in to the cloud, what advice can you give? Like how’s whenever they think? Because it sometimes maybe too daunting, right? Overall like, “Wow, what must i begin with? Will I start moving my e-mail? Or will i do? You realize, different workloads according to small business or business needs.” So, what’s a great step-by-step process that people consider?
John: That’s a great question. And discuss daunting, you’re right. When you are within an organization which has massive levels of data and perhaps it’s grown organically over a long time, it truly could be a daunting task. And, you realize, I consider it over a couple of steps and honestly it isn’t so diverse from a sizable enterprise organization. Essentially, the initial step is, what have i got? What should i retain? And, what’s outdated and could be become eliminate?
John: For the reason that preparation and planning too also comes, what compliance will i require?
John: Shall We Be Held pleased with FedRAMP Moderate? Which does meet the majority of the requirements of condition and native government organizations. Or will i need FedRAMP High, can i indefinitely need to keep some content on premises? You realize, in most cases recommendations that many organizations can move something to the Cloud. NGCC with FedRAMP Moderate does meet many of their needs. But the initial step is, what have i got? And, what exactly are my needs?
Then your second part is actually searching hard in an identity model, identity being not just the authentication aspect but additionally absolutely essential to security of the data. We consider identity to be, must i get access to these details? So it’s the permissioning, it’s use of infrastructure, it’s absolutely crucial.
Dux: As well as the kind data, right? To the first point, after i use customers clearly there is a mindset, will i move everything? However I accept you. I am talking about, there might be content there that’s past retention already that, fine you are able to archive it somewhere or eliminate it, but it’s a great exercise.
As well as the data that you would like to help keep, another key, I recommend, activity that you simply do, is that you simply perform a content analysis because you might not know, particularly in unstructured data, if there’s controlled workloads inside, information you wanna safeguard. But that individuals are malicious and often they’re just there, people didn’t learn about it, and make certain you review these classified accordingly before you decide to move it.
John: Yeah. That’s precisely the way of thinking that I am inclined to undergo too. And, you realize, when you begin to consider then, what workloads do move? Could it be e-mail? Could it be sites? Could it be storage? I have seen different approaches from various agencies, different organizations. But type of returning to among the comments that you simply made which i heard an estimate by…he was the previous CTO of HUD, the Housing and concrete Development, and just what he stated was they, at that time his agency, really was trying to pay attention to moving from commodity IT to mission IT.
Dux: There you have it.
John: So that they were attempting to move and concentrate on relocating to the cloud something that they regarded as an investment, email for instance. And that’s a real great workflow to begin with. To begin with, from the user perspective I do not know where my email operates and that i don’t care. I understand that to gain access to email I am going into Outlook, maybe I am going and into Outlook with the browser or around the desktop or my phone. However I don’t care like a user where that’s running. You are able to work more than one night, three indicate my mailbox after which I have no idea the main difference.
Dux: As lengthy because it works, I’m happy.
John: Exactly. Others individuals type of similar is storage. If you consider getting massive network shares or a lot of data stored around the local computer, moving that up into one drive for business, moving it in to the cloud into various solutions that’ll then integrate, really enables you to get away from managing all that capacity inside your data centers, and in addition it implies that that data winds up increasingly discoverable, simpler to handle with retention policies, loss of data prevention, and thus which is how lots of organizations start.
You’ve seen some begin with one drive then moving these network shares, you’ve seen most honestly most likely begin with email right. After which once you have email and storage within the cloud you start getting really awesome integration scenarios, such things as modern attachments in which you fasten a document for your email that appears and functions as an attachment but it’s really only a backlink and that’s awesome for business. And you start getting adoption of those mix workloads which true encounters and types of conditions that become really effective and begin using the cloud to levels in which you couldn’t get before.
Dux: I am talking about simple things, right? Like presence.
Dux: So just in email I can tell if Brian’s available or otherwise. Or coauthoring. I am talking about, it’s funny, we become complacent, however when Sometimes with customers and that i discuss coauthoring they’re like, “What? Multiple people can hop on a document and work simultaneously? Not be worried about emailing files backwards and forwards?” I am going, “Yep.”
John: Yeah. It’s incredible. We’ve, In my opinion, addressed Document fragmentation. After I send an e-mail to 10 individuals with a document attached…
John: …normally I’d say, “Hey, produce some feedback.” I’ve sent it to 10 people, we’ve 15 versions, they’re are numbered 1 through 20 in some way, we’re attempting to merge them, we’re overwriting one another. However with the current attachments with coauthoring we actually all 10 people could be literally writing the document at a single time.
Dux: It’s a 1 supply of truth. Right.
John: It’s amazing.
Dux: Now, and also the awesome factor is, once customers proceed to the cloud, to officials 365 atmosphere, continuing to move forward everyone have invested a great deal in insuring protecting data and governing data. The innovations around compliance center that gives loss of data prevention, and increasing abilities in Azure, for instance, EMS, Azure information protection to complete auto classification, auto tagging, individuals are huge. And also you know, for me personally in the finish during the day the mantra I’ve is, how can you allow users to complete the best factor?
John: That’s right.
Dux: Since you can throw all kinds of policy in governance and document, and that i won’t remember, right?
Dux: When we give a method for automate governance, enforce policies, I believe that moving towards that model can make it simpler and offers less risk frankly to any kind of exposure.
John: I believe you’re right. And, you realize, it always stays with me with this sort of this principle that Jobs accustomed to espouse, that is that if you need to go browse the manual, you’ve made too hard of the product. And That I consider that’s the same manner as similar using the compliance documentation and knowledge governance policy.
John: Basically like a user need to go from my way to try and remember these policies, not just is the fact that some an inconvenience when individuals try to look for shortcuts, not malicious just attempting to be productive, as well as get some things wrong. I ought to be unable to accidentally send an e-mail with a summary of Social Security figures towards the wrong person or accidentally forward a private email from my organization.
John: Then when are applying legal rights management or loss of data prevention rules that instantly lock it lower to simply inside the org, that kind of factor allow it to be very hard to create a mistake, along with a malicious act is extremely different.
Dux: But here’s another benefit, right? Because Office 365 as being a whole platform, I’m able to define the insurance policy once in Compliance Center for instance and say, “Okay, put it on on email, or on OneDrive, or on SharePoint.” Previously on Prim, I might need to have a bespoke solution for email, another dlp solution for file storage and also the effort, sources and some time and maintenance, that’s just all gone.
John: Right. Exactly. And you have consistent policies, you aren’t getting policy drift one way or any other. You’re absolutely right and it is really, a real effective technology which makes it simple as a person not to get some things wrong.
Dux: Therefore if customers, particularly in a government agency have considered trying it and find out, what’s the easiest way to allow them to take a look?
John: So when you are on Bing or in the event you prefer Google, I understand additionally they create a internet search engine.
John: You search “Office 365 U.S. Government,” you’ll find…there’s a products page out on the internet.
Dux: First got it.
John: You are able to join a totally free trial. The stuff that we really do invest in with this government choices would be that the community is fixed to simply U.S. government entities or contractors who’ve formally backed to carry data. Therefore we really we all do turn to your ITAR registration form, redacted figures and all sorts of nutrients. But we ask to demonstrate that you’re backed through the government to carry government data.
Dux: So, I Dux, can’t just register and trial.
John: Regrettably not.
Dux: There you have it. No, it’s great.
John: Great for great for the city. Unfortunate for Dux.
Dux: Yeah but this is an excellent point, right? Your house somebody outdoors the U.S. really wants to give it a try, they are able to, right, due to the rules of information sovereignty and all sorts of that is included with that.
John: Exactly. Right. And thus for government departments it’s really a simple process. You are writing in from the us dot-gov current email address, that’s about what is needed. Make certain through our validation tactic to really just make certain it’s ready. However we’ll hands off an effort tenant, you and also reach experiment, kick the tires, have a great time by using it, and that’s really the easiest method to get began.
Dux: Right. Man, it has been so useful. I know many people happen to be curious about this, they wanna check it out however they have no idea what to do. But truly, hopefully I you can get in and talk much more about this later on.
John: Yeah, it’d be considered a pleasure. And we have a government cloud forum approaching in October 17th in Washington Electricity.
John: Aspire to help you folks there, would like to continue the conversation.
Dux: Absolutely. And That I know regularly too in D.C. they’ve Azure gov meet-up for government customers and I’m grateful that I’ll be speaking within the approaching occasions too.
Dux: I’ll talk on how to fare better citizen engagement using the cloud. So, no, it has been great John. Many thanks.
John: My pleasure. Thanks man.
Dux: And That I, you realize, I usually enjoy being released here.
Dux: So when you’re in D.C. we’ll do that drive again.
John: Sounds good.
John: Rather less smoke around.
Dux: There you have it. Well, thanks everyone, before the next episode. Bye.