Cloud
News
5/21/2013
10:20 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Amazon Cloud Gets Federal Stamp Of Approval

FedRAMP compliance means federal agencies can now access Amazon Web Services almost immediately, without spending months on their own cloud-security assessments.

Amazon Web Services has passed the federal government's FedRAMP cloud security assessment, making it one of the first commercial cloud providers to be certified for no-fuss adoption across government.

Amazon announced Tuesday that it has received "authority to operate," essentially a green light to offer its services, under the Federal Risk and Authorization Management Program, or FedRAMP. Uncle Sam launched FedRAMP in 2010 to streamline the process of determining whether cloud services meet federal security requirements. In December 2012, Autonomic Resources LLC became the first cloud vendor to be approved under the program.

FedRAMP was created through a joint effort by the General Services Administration, National Institute of Standards and Technology, Department of Homeland Security, Department of Defense, National Security Agency, Office of Management and Budget and the federal CIO Council. Cloud service providers must be sponsored by a federal agency to considered for FedRAMP.

The U.S. Department of Health and Human Services served as the sponsoring agency for AWS. Kevin Charest, HHS's chief information security officer, said in a statement that that all HHS operating divisions can now use AWS with minimal duplication in vetting Amazon's cloud security.

[ Here's what you can learn from the feds about cloud security. Read Follow Feds To The Cloud. ]

Amazon VP Teresa Carlson said in an interview that cloud security authorization for federal agencies, which had been a months-long process, is now a check-box exercise for them. "Now they don't have to go through all of those evaluations on their own," she said.

Amazon launched a version of its cloud services for government agencies, called GovCloud, in 2011. It's one of nine AWS regions, or "availability zones." GovCloud meets the requirements of the International Traffic in Arms Regulations (ITAR), which govern the export and import of defense-related information and services. In keeping with those rules, GovCloud servers are housed in the U.S. and can only be accessed by U.S. citizens or permanent residents.

Cloud service adoption is growing rapidly in government, fueled by a policy from the White House's Office of Management and Budget that encourages agencies to steer toward IT services in lieu of on-premises hardware and software where possible. More than 500 government agencies around the world, including about 300 in the U.S., now use AWS. They include NASA's Jet Propulsion Laboratory and the departments of Agriculture, State and Treasury.

Carlson said that U.S. intelligence agencies are among Amazon's federal customers, but she declined to confirm reports earlier this year that Amazon had reached a deal to provide a private cloud to the CIA.

Amazon's FedRAMP approval applies to "moderate impact" data, as defined by the Federal Information Security Management Act (FISMA). Carlson said about 80% of government workloads fall into the low or moderate FISMA categories.

Federal, state and local government agencies can access most of the same cloud services on GovCloud -- Elastic Compute Cloud, Simple Storage Service, Virtual Private Cloud and others -- as businesses do in Amazon's other cloud zones. That includes using Amazon's spot instances capability, which lets agencies bid on unused virtual resources that are put up for auction by other customers.

Mark Ryland, chief solutions architect for Amazon's public sector team, said that agencies save, on average, 86% using spot instances, compared to Amazon's standard pricing. A typical usage scenario for spot instances is large-scale parallel processing.

Uncle Sam's taken the lead on secure use of cloud services. Here's how FedRAMP can change your experience, too. Also in the new, all-digital Follow The Feds issue of InformationWeek: Candid career advice for women in IT includes calling work-life balance a myth. (Free registration required.)

Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.