The wait for a simple, secure and easy to use PKI Solution for Azure GCC and Azure GCC High is over! The team at Keytos is absolutely thrilled to announce that EZCA, our Azure-native certificate authority is now available to Azure GCC customers! The overwhelming demand to accommodate clients’ need to adhere to CMCC requirements was the catalyst for the expedited commercial release. The Cybersecurity Maturity Model Certification (CMMC) framework is a set of cybersecurity standards that defense contractors and other vendors working with the Department of Defense (DoD) must adhere to in order to secure and protect Controlled Unclassified Information (CUI) across the DoD supply chain. We’re exceptionally excited to announce that the release has already been met with tremendous enthusiasm and continues to gain traction among our Azure GCC High clientele.
For the longest time, Security Engineers have dreaded the task of setting up secure and compliant PKI that was simultaneously capable of accommodating the unique security, privacy, or technical nuances associated with government-grade data exchange and authentication. Now, with EZCA for Azure GCC, the task has never been easier!
The vast majority of people, even those familiar with cloud computing, aren’t aware that there’s an additional, high-grade security version of Microsoft Azure called Government Cloud Computing (GCC) High. As I’m sure you can image, it’s designed specifically for U.S. federal, state, local, and tribal governments…in addition to their partners and contractors. It’s a part of Microsoft’s commitment to providing secure and compliant cloud services to government agencies and their partners. Long story short, it provides a higher level of compliance and security features compared to standard Azure services, making it suitable for handling exceptionally sensitive government data. Here’s the high-level characteristics that differentiate it from your standard Azure environment.
Compliance and Certifications: It meets a range of U.S. government compliance requirements, including FedRAMP High, ITAR, IRS 1075, and DoD Impact Levels 4 and 5, which are essential for handling controlled unclassified information (CUI) and for Department of Defense (DoD) missions.
Data Residency and Sovereignty: Ensures that data is stored within the United States and is managed by screened U.S. persons. This is crucial for government agencies and contractors who are required to follow strict data residency laws.
Enhanced Security: It provides advanced security features and capabilities to protect against threats and to help government agencies maintain their cybersecurity posture.
Exclusive Network: Isolated from the standard Azure network, providing a more secure and private environment.
Integration with Other Government Services: It allows for integration with other government-specific Azure services, making it easier for agencies to manage their IT ecosystems.
When selecting a PKI solution for Azure Government Cloud Computing (GCC) High environments, security engineers must navigate a complex landscape of features to ensure the optimal balance of security, efficiency, and compliance. The unique challenges posed by GCC High, such as stringent regulatory requirements and the need to handle sensitive government data, necessitate a solution that not only adheres to the highest standards of security but also streamlines processes through automation. Some of the many key considerations should include advanced security measures, seamless integration with Intune for device management, robust support for Internet of Things (IoT) infrastructures, HSM backed CAs, and the ability to automate certificate lifecycle management. In modern authentication, the right PKI solution is crucial for maintaining the integrity and confidentiality of government data, while also enabling efficient and secure communication within and across various governmental departments. Here are some of the most important features provided by EZCA:
Intune enables you to manage your organization’s devices without the need to have an on-premises domain. Easily create an Azure Intune SCEP certificate authority to issue certificates without the overhead of managing an ADCS (Active Directory Certificate Services) and/or an Intune SCEP connector instance.
One of the most used features is our one-click Azure Key Vault certificate creation and management integration. This integration enables users to securely create, manage and automate certificates following Azure best practices with an HSM (Hardware Security Module) backed Azure Key Vault. This integration fully automates certificate issuance in Azure.
To make it easier for organizations to get up and running with Azure IoT Hub certificate authentication, we have created a guide on IoT identity security best practices and created a one-click integration with Azure IoT that allows you to easily create your CA. We have also created Azure IoT Authentication code samples connected to our Azure IoT certificate authority that enable you to have a working prototype in a matter of minutes.
Modern infrastructure tools such as Kubernetes use the ACME protocol to validate domain ownership and automate the certificate lifecycle process. EZCA enables you to modernize your private PKI to issue certificates through ACME enabling your engineers to use the same automation tools for internal and external certificates.
Simply put, EZCA is the best PKI for Azure GCC High. Why? It was built by ex-Microsoft PKI engineers with specific experience in securing government, nation-state, and other highly secure environments for the most sensitive data in the world. We get asked all the time. Because Governments have such strict standards on privacy and regulation, knowing they trust a company such as Keytos should be more than enough reinforcement for the average Azure GCC Organization to choose EZCA as their PKI of choice. Public schools, Universities, Local Municipalities, Counties, States, and even entire Countries are comfortable relying on Keytos to provide them to top-notch, government-grade PKIaaS!
Want to learn more? here’s the link to speak with our PKI Experts to assess your needs or discuss more about how EZCA can help meet your unique regulations and compliance requirements! In the meantime, please check out or suggested reading or feel free to explore our YouTube channel for more on how EZCA can help you set up Government-grade PKI for your organization!
