Amazon Cloud Achieves Key Federal Security Standard
AWS infrastructure, storage, and virtual private cloud service get FISMA Moderate certification.
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers
Key pieces of Amazon Web Services' (AWS) cloud-computing infrastructure have achieved certification with the federal standard for IT security solutions, making the services a more viable option for adoption among federal agencies.
The General Services Administration has awarded AWS' Elastic Compute Cloud (EC2), Simple Storage Service (S3), Virtual Private Cloud (VPC), as well as the infrastructure on which they run, Moderate Authorization and Accreditation with the Federal Information Security Management Act (FISMA), the company said Thursday. Created and maintained by the National Institute for Standards and Technology (NIST), FISMA is a key hurdle for companies to pass to ensure their solutions can meet the security needs of the federal government.
The move marks the first time AWS has received a FISMA Moderate authority to operate, and the company was required to implement and operate an extensive set of security configurations and controls to achieve it. They included documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure of cloud services, as well as conducting third-party audits of these activities, according to AWS.
"Security remains our top priority, and we continue to pursue certifications that provide our customers with the resources they need to confidently and securely deploy mission-critical applications in the AWS cloud," Stephen Schmidt, chief information security officer for Amazon Web Services, said in a press statement.
The federal government already is leveraging EC2 for some of its cloud moves. The Department of Treasury, for instance, earlier this year migrated four existing websites and hosted a new, revamped site on AWS' cloud infrastructure. The Federal Register 2.0 at the National Archives, the Supplemental Nutrition Assistance Program at the U.S. Department of Agriculture, and NASA's Jet Propulsion Laboratory also are AWS cloud customers, according to the company.
Indeed, cloud computing infrastructure providers like AWS, Microsoft, and Google have been competing mightily for federal business, and achieving FISMA certification is a key step for them to win the confidence of agencies in terms of security.
However, there has been contention over claims of FISMA compliance among them in the past. Last year, Microsoft accused Google of falsely claiming FISMA compliance for its Google Apps for Government cloud-based application suite, accusations Google denied.
Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Server Market SplitsvilleJust because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.