Cloud Security Learn more at Carah.io/AWS-FedRAMP
Tailoring cloud security
to agency missions
With Amazon Web Services, agencies can move even high-impact systems to the cloud
THERE WAS A time when most agencies shied away from putting their data in the cloud. Skeptics questioned whether cloud-based systems could meet government requirements
and how they could verify those claims, especially if they couldn’t see or touch physical hardware.
But efforts such as FedRAMP have helped to ease those concerns by providing baseline requirements for securing cloud products and services in a standard way. Using FedRAMP as a guide, agencies still must determine which cloud systems best support their mission.
For agencies, security classification has been one of the biggest barriers in moving to the cloud. Security requirements for data, applications and workloads greatly dictate where those things may reside
and run. In June 2016, AWS became the first cloud service provider to receive authorization to support FedRAMP High workloads.
The “High” designation means that
any loss of confidentiality, integrity or availability of the data in that system could be expected to have a severe or catastrophic effect on organizational operations, assets or individuals.
The creation of FedRAMP requirements to secure high-impact systems was a
major milestone not only for cloud service providers like AWS but also for government agencies.
Federal agencies wanted to take advantage of the benefits of secure commercial cloud — even for mission- critical systems. They wanted the ability to quickly adapt to varying workloads and only pay for the IT services they use.
Offerings like AWS GovCloud (US) provide agencies compliance without compromise by delivering a secure environment to run sensitive government workloads. Currently, agencies are
using AWS GovCloud to power various innovative projects, including analyzing data on social media to collect information on adverse drug effects and collecting images from Mars.
For agencies that aren’t quite ready to put high-impact systems in the cloud, AWS is also authorized to secure moderate- impact systems. Such systems account for nearly 80 percent of cloud applications
that receive FedRAMP authorization, according to FedRAMP.gov. For agencies, this means they can tailor the appropriate level of security to each system based on its classification.
Both agencies and vendors can save time and money by taking advantage of an existing AWS provisional authority to operate from FedRAMP’s Joint Authorization Board.
As agencies move more workloads into the cloud, investing in offerings that further their mission in a secure, cost-effective way is essential.
As agencies move more workloads into the cloud, investing in offerings that further their mission in a secure, cost-effective way is essential.
davooda/Shutterstock/FCW Staff
S-22 SPONSORED CONTENT