Global giant Microsoft has walked away from negotiations with the Office of National Intelligence for the provision of a Top Secret private cloud service after more than a year of talks, causing major disruptions to Defence and intelligence agency technology projects.
The decision has surprised, angered and alarmed top officials at Defence and within the intelligence establishment, and raises questions about a potentially seismic shift in Microsoft’s service delivery options that could impact government customers around the world.
Microsoft had responded to a late 2020 approach to market by the Office of National Intelligence (ONI) to deliver and sustain secure, scalable and private community cloud systems.
The system was to be rated for ‘Top Secret’ data, the highest level of security classification in Australia, and for use by national intelligence agencies, with the possibility of other agencies also joining.
Discussions had been underway with Microsoft through 2021 as a potential service provider, but the company told ONI sometime in April that it could not meet the expected requirement and timeframes and pulled out of the negotiation.
It is understood Microsoft told the ONI and Defence department ICT operations officials that it would struggle to fulfil obligations for the proposal because of shortages of skilled, security-cleared personnel in Australia.
But a rumoured new global direction by the US company to limit the sensitive data services and responsibility it offers foreign governments may also have impacted what Microsoft was willing to provide.
After loud rumblings in Canberra across recent weeks about the breakdown of the Microsoft-ONI project infuriating senior government ICT officials, InnovationAus.com has sought to verify the claims.
Microsoft declined to answer queries about walking away from talks with ONI, or whether a new strategic service limit was being applied in Australia.
“Microsoft continues to deliver innovative, proven and secure cloud services to the Australian Government and other critical infrastructure providers through our dedicated Azure cloud regions in Australia,” a Microsoft spokesperson told InnovationAus.com in response to detailed questions.
“We value our long-term partnership with the Australian Government and are committed to exploring new capabilities and technologies that address their future needs.”
The Office of National Intelligence declined to comment about its approach to market or Microsoft entirely.
The Department of Defence also declined to answer specific questions, saying it could not comment on secure information-technology services that are provided to government for “security reasons”.
Microsoft has already signalled to the European market that it is changing its cloud licencing model and will potentially limit the cloud services it would provide directly to foreign governments – effectively removing itself from the highly-secure government private cloud market everywhere except the United States.
The tech giant says it will instead partner with trusted local providers to satisfy growing sovereignty requirements of governments across the world.
Microsoft global president Brad Smith wrote in a blog post in May that it would change licencing arrangements to allow Microsoft software to be more easily provided to governments through a secure third-party local company in order to meet sovereign requirements.
“We recognise that some governments may want to provide access to some sensitive workloads and data categories only to local providers, secured even from cloud infrastructure providers,” Mr Smith said in the blog post.
“Or alternatively, they may want to rely solely upon such a local partner for a subset of data processes or ensure that such a partner can provide oversight of the data flows of the infrastructure provider,” he wrote.
“Especially because national needs and choices differ, local options and expertise are critical.”
Last year Microsoft was certified to the highest “strategic” level under Australia’s data sovereignty framework, allowing it and its supply chains to provide sensitive data services to the Australian government through its local region.
But under the framework, specific agreements and undertakings on which the certification is based are not published, an opaqueness which has annoyed parts of the local industry.
Do you know more? Contact James Riley via Email.
Why on earth aren’t we (Australia) builidng our own top-secret cloud system for Government?
this data should not b e in the hands of a foreign power, friend or foe..
I’m pleased that Microsoft have finally realised they could not possibly meet all the sovereignty requirements. It has been obvious all along. The only providers who can possibly meet all the sovereignty requirements – physical, jurisdiction and operational – are the Australian owned providers.
I wonder when AWS will join in this new found respect for sovereignty and exit the market also? With the IBM withdrawal from the Victorian market last year it is getting hard to know which of our loved global clouds we can trust.