cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

GCC High Costs

M_Titcombe
Copper Contributor

‎Aug 24 2020 02:48 PM

‎Aug 24 2020 02:48 PM

GCC High Costs

Costs for GCC High O365 licenses are roughly double commercial.  What is Microsoft doing to lower these costs?  They are crippling small businesses that need to comply with CMMC & DFARS compliance requirements.

13.6K Views
3 Likes
3 Replies
Reply
3 Replies
best response confirmed by Anupam_K_Gupta (Microsoft)
Paul Meacham

‎Aug 28 2020 04:14 PM - edited ‎Aug 28 2020 06:17 PM

‎Aug 28 2020 04:14 PM - edited ‎Aug 28 2020 06:17 PM

Solution

Re: GCC High Costs

@M_Titcombe Howdy! Thank you for your interest in GCC High. GCC High was purpose built to meet the specific needs of customers who have strict requirements for US export control and desire a contractual commitment from their CSP for the same. Microsoft only offers a contractual commitment to ITAR in O365 GCC High & Azure Government. US Does your customer have such a requirement? If no then they may be able to use GCC or perhaps even Commercial services (depending on requirements). If they do have an ITAR requirement but don't need a contractual commitment from their CSP then there may be multiple ways to satisfy the requirement outside of GCC High. They may be able to use compensating controls and manage their risk Here are a few examples of compensating controls:

- segregate the export controlled data and maintain it on-premises

- create a "data enclave" to house export control data in GCC High or Azure Government

- use client-side end-2-end encryption like AIP HYOK and/or S/MIME

 

This said, there may be significant cost (financial, utility or performance) to using compensating controls so please weigh them accordingly. 

 

I hope this helps! Please feel free to reach out to me privately for any clarifications :)

0 Likes
Reply
Anupam_K_Gupta

‎Sep 02 2020 03:58 AM

‎Sep 02 2020 03:58 AM

Re: GCC High Costs

@Paul Meacham - I would also add that pros and cons to compensating controls should be weighed in addition to cost.  

With compensating controls, administration complexity and security practice complexity also increase.  In addition to complexity in design and management, you may be losing cloud service capabilities.  

0 Likes
Reply
Anupam_K_Gupta

‎Sep 02 2020 05:21 AM

‎Sep 02 2020 05:21 AM

RE: GCC High Costs

Let me also point you to this great article written by @RichardWakeman - The Microsoft 365 Government (GCC High) Conundrum - DIB Data Enclave vs Going All In (This One) https://aka.ms/AA6frar
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Anupam_K_Gupta (Microsoft)
Paul Meacham

‎Aug 28 2020 04:14 PM - edited ‎Aug 28 2020 06:17 PM

‎Aug 28 2020 04:14 PM - edited ‎Aug 28 2020 06:17 PM

Solution

Re: GCC High Costs

@M_Titcombe Howdy! Thank you for your interest in GCC High. GCC High was purpose built to meet the specific needs of customers who have strict requirements for US export control and desire a contractual commitment from their CSP for the same. Microsoft only offers a contractual commitment to ITAR in O365 GCC High & Azure Government. US Does your customer have such a requirement? If no then they may be able to use GCC or perhaps even Commercial services (depending on requirements). If they do have an ITAR requirement but don't need a contractual commitment from their CSP then there may be multiple ways to satisfy the requirement outside of GCC High. They may be able to use compensating controls and manage their risk Here are a few examples of compensating controls:

- segregate the export controlled data and maintain it on-premises

- create a "data enclave" to house export control data in GCC High or Azure Government

- use client-side end-2-end encryption like AIP HYOK and/or S/MIME

 

This said, there may be significant cost (financial, utility or performance) to using compensating controls so please weigh them accordingly. 

 

I hope this helps! Please feel free to reach out to me privately for any clarifications :)

View solution in original post

0 Likes
Reply