Hacker News new | ask | show | jobs
by revengeforbees 1002 days ago
I know what I’m going to bring up in my CMMC compliance call tomorrow.

The university I am an information security engineer for has been working for years to become CMMC level 2 compliant.

Penn State using public cloud (assuming Azure) and the commercial Office 365 would place them about 18-24 months away from being able to pivot to GCC or GCC-High. That is assuming they have the staff and capabilities to do this.

That doesn’t include all of the policies and other paper processes that need to happen.

Hopefully there are consequences for this level of deception.
1 comments
Mizoguchi 1002 days ago
Doesn't Azure have a separate cloud exclusively for the US goverment? If so why would they use the commercial one?
link
revengeforbees 1002 days ago
They do, there is GCC, and GCC-High. There are a number of reasons why, but the most common would probably be the additional cost of resources and staffing.

Feature for feature, the core functionality is the same. There’s more overhead in GCC and some features in public are delayed in implementation.

link
Mizoguchi 1002 days ago
We had a sales pitch by a MS partner and they made it sound like provisioning/ migrating services to gov cloud was seamless. It makes sense there is overhead involved from compliance. Two years to pivot seems pretty crazy though.
link
helsinkiandrew 1002 days ago
The gov cloud is atleast 10-30% more expensive
link
rplst8 1002 days ago
Not to mention all the additional access constraints that require folks that use it to be properly credentialed.
link