Amazon Web Services (AWS) extended its cloud reach deeper into government IT infrastructure with an announcement this week that it has been certified to handle a larger share of federal workloads. As the US government increases its confidence in AWS and the professional manner they deliver a secure, reliable service, to handle sensitive data, what exactly does this mean for AWS and the U.S Government Agencies and their customers?
AWS and the U.S Government Agencies
With the launch of AWS GovCloud in March 2011, this isolated U.S region was designed to allow the U.S government agencies and customers to move sensitive workloads into the cloud, by addressing their specific regulator and compliance requirements. AWS now maintain two environments U.S East/West region and AWS GovCloud region.
AWS GovCloud (US) region adheres to United States International Traffic in Arms Regulations (ITAR) as well as Federal Risk and Authorization Management Program (FedRAMP) requirements. AWS GovCloud (US) is available to US government agencies, government contractors, private and public commercial entities, educational institutions, nonprofits and research organizations that meet GovCloud (US) requirements for access.
The FedRAMP helps provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, and is mandatory for Federal Agencies cloud deployment. The agencies involved can be seen here.
Image Source: www.gsa.gov
This management program is responsible for assigning the levels of security. The level are assigned based on a determination of the data sensitivity of a particular system and the controls required to protect it, starting at level 2 (lowest) through level 6 (highest). FedRAMP “high baseline” authorization would ease the process of shifting sensitive government workloads to the AWS GovCloud platform.The AWS Cloud provides scalable, cost-efficient solutions that help agencies meet mandates, reduce costs, drive efficiencies, and increase innovation across the Intelligence Community and Department of Defense (DoD). As a growing number of military customers have adopting AWS’s cloud services to process, store, and transmit DoD data. AWS enables military organizations and their partners to leverage the secure AWS environment with the specified impact levels, a description of a typical workload, connectivity restrictions, Border Cloud Access Point (BCAP) requirements, and Computer and Network Defence (CND) requirements.
Illustrated here are the Security Requirement Guide (SRG) and the Provisional Authorisation (PA) and what these levels represent. Source: AWS DoD SRD
Image Source: AWS DoD SRD
So what is the Level 4 Requirements for AWS GovCloud (US)?
As impact level 4 or 5 requires that the mission application on AWS be connected to the Nonsecure Internet Protocol Router Network (NIPRNet) by means of AWS Direct Connect, Internet Protocol Security (IPsec) virtual private network (VPN), or both. This NIPRNet connection also requires that the traversal of all ingress and egress traffic to and from the Amazon Virtual Private Cloud (VPC) be routed through a Border Cloud Access Point (BCAP) and its associated Computer and Network Defense suite.
What next for AWS GovCloud(US) ?
With AWS being a recognised authority on security measures AWS GovCloud(US) welcome the confirmation of certification. Reaffirming that they are addressing the security controls of the DoD CSM and their management practices comply with DoD guidance. This can be seen in their recent AWS GovCloud(US) Summit 2016 . As the U.S government reaps the benefits of cloud computing, working towards higher accreditation is an ongoing process for AWS GovCloud(US). As the major security issues that once surrounded the adoption of cloud computing are being eroded, perhaps more sovereigns state bodies may find themselves implementing AWS in the same manner.
For more information on AWS GovCloud (US) visit the product information page here.
CloudRanger can help manage and advise you with all your cloud computing AWS backup requirements.
CloudRanger is a cost-effective SaaS app that reduces cloud computing costs by optimizing AWS resources through automation. CloudRanger enables AWS customers to manage your snapshot process and schedule automatic start/stop times for idle cloud computing services, so you pay only for the AWS resource you actually use.
TRY CLOUDRANGER FOR FREE
We offer a 14-day free trial, so you can try out our range of AWS features and benefits for yourselves.