Amazon Cloud Achieves Key Federal Security Standard
AWS infrastructure, storage, and virtual private cloud service get FISMA Moderate certification.
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers
Key pieces of Amazon Web Services' (AWS) cloud-computing infrastructure have achieved certification with the federal standard for IT security solutions, making the services a more viable option for adoption among federal agencies.
The General Services Administration has awarded AWS' Elastic Compute Cloud (EC2), Simple Storage Service (S3), Virtual Private Cloud (VPC), as well as the infrastructure on which they run, Moderate Authorization and Accreditation with the Federal Information Security Management Act (FISMA), the company said Thursday. Created and maintained by the National Institute for Standards and Technology (NIST), FISMA is a key hurdle for companies to pass to ensure their solutions can meet the security needs of the federal government.
The move marks the first time AWS has received a FISMA Moderate authority to operate, and the company was required to implement and operate an extensive set of security configurations and controls to achieve it. They included documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure of cloud services, as well as conducting third-party audits of these activities, according to AWS.
"Security remains our top priority, and we continue to pursue certifications that provide our customers with the resources they need to confidently and securely deploy mission-critical applications in the AWS cloud," Stephen Schmidt, chief information security officer for Amazon Web Services, said in a press statement.
The federal government already is leveraging EC2 for some of its cloud moves. The Department of Treasury, for instance, earlier this year migrated four existing websites and hosted a new, revamped site on AWS' cloud infrastructure. The Federal Register 2.0 at the National Archives, the Supplemental Nutrition Assistance Program at the U.S. Department of Agriculture, and NASA's Jet Propulsion Laboratory also are AWS cloud customers, according to the company.
Indeed, cloud computing infrastructure providers like AWS, Microsoft, and Google have been competing mightily for federal business, and achieving FISMA certification is a key step for them to win the confidence of agencies in terms of security.
However, there has been contention over claims of FISMA compliance among them in the past. Last year, Microsoft accused Google of falsely claiming FISMA compliance for its Google Apps for Government cloud-based application suite, accusations Google denied.
Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.