Amazon Cloud Gets Federal Stamp Of Approval - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
5/21/2013
10:20 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Amazon Cloud Gets Federal Stamp Of Approval

FedRAMP compliance means federal agencies can now access Amazon Web Services almost immediately, without spending months on their own cloud-security assessments.

Amazon Web Services has passed the federal government's FedRAMP cloud security assessment, making it one of the first commercial cloud providers to be certified for no-fuss adoption across government.

Amazon announced Tuesday that it has received "authority to operate," essentially a green light to offer its services, under the Federal Risk and Authorization Management Program, or FedRAMP. Uncle Sam launched FedRAMP in 2010 to streamline the process of determining whether cloud services meet federal security requirements. In December 2012, Autonomic Resources LLC became the first cloud vendor to be approved under the program.

FedRAMP was created through a joint effort by the General Services Administration, National Institute of Standards and Technology, Department of Homeland Security, Department of Defense, National Security Agency, Office of Management and Budget and the federal CIO Council. Cloud service providers must be sponsored by a federal agency to considered for FedRAMP.

The U.S. Department of Health and Human Services served as the sponsoring agency for AWS. Kevin Charest, HHS's chief information security officer, said in a statement that that all HHS operating divisions can now use AWS with minimal duplication in vetting Amazon's cloud security.

[ Here's what you can learn from the feds about cloud security. Read Follow Feds To The Cloud. ]

Amazon VP Teresa Carlson said in an interview that cloud security authorization for federal agencies, which had been a months-long process, is now a check-box exercise for them. "Now they don't have to go through all of those evaluations on their own," she said.

Amazon launched a version of its cloud services for government agencies, called GovCloud, in 2011. It's one of nine AWS regions, or "availability zones." GovCloud meets the requirements of the International Traffic in Arms Regulations (ITAR), which govern the export and import of defense-related information and services. In keeping with those rules, GovCloud servers are housed in the U.S. and can only be accessed by U.S. citizens or permanent residents.

Cloud service adoption is growing rapidly in government, fueled by a policy from the White House's Office of Management and Budget that encourages agencies to steer toward IT services in lieu of on-premises hardware and software where possible. More than 500 government agencies around the world, including about 300 in the U.S., now use AWS. They include NASA's Jet Propulsion Laboratory and the departments of Agriculture, State and Treasury.

Carlson said that U.S. intelligence agencies are among Amazon's federal customers, but she declined to confirm reports earlier this year that Amazon had reached a deal to provide a private cloud to the CIA.

Amazon's FedRAMP approval applies to "moderate impact" data, as defined by the Federal Information Security Management Act (FISMA). Carlson said about 80% of government workloads fall into the low or moderate FISMA categories.

Federal, state and local government agencies can access most of the same cloud services on GovCloud -- Elastic Compute Cloud, Simple Storage Service, Virtual Private Cloud and others -- as businesses do in Amazon's other cloud zones. That includes using Amazon's spot instances capability, which lets agencies bid on unused virtual resources that are put up for auction by other customers.

Mark Ryland, chief solutions architect for Amazon's public sector team, said that agencies save, on average, 86% using spot instances, compared to Amazon's standard pricing. A typical usage scenario for spot instances is large-scale parallel processing.

Uncle Sam's taken the lead on secure use of cloud services. Here's how FedRAMP can change your experience, too. Also in the new, all-digital Follow The Feds issue of InformationWeek: Candid career advice for women in IT includes calling work-life balance a myth. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Commentary
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Commentary
Conversational AI Comes of Age
Guest Commentary, Guest Commentary,  8/7/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
Slideshows
Flash Poll