Government // Cloud computing
News
3/27/2014
01:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Amazon Cloud Services Wins DoD Authorization

Amazon gets provisional operating authorization to sell cloud services to the Defense Department for work involving low-risk unclassified data.

Domestic Drones: 5 Non-Military Uses
Domestic Drones: 5 Non-Military Uses
(Click image for larger view and slideshow.)

Amazon Web Services won provisional authority to operate cloud computing services for the Department of Defense, permitting AWS to handle unclassified data under the DOD's Cloud Security Model (CSM).

The authorization reopens the DOD market for the company's cloud-based computing services, which had been shut out of new deals since 2012 because the DOD required service providers to have a security certification. The authorization covers five service offerings: Elastic Compute Cloud, Simple Storage Services, Virtual Private Cloud, Elastic Block Store, and Identity and Access Management.

"There is a huge demand for the services in DOD," said Teresa Carlson, AWS vice president of worldwide public sector. US Navy CIO Terry Halvorsen, for instance, recently said the Navy intends to move the department's unclassified, publicly available data to a commercially provided cloud.

AWS is the second cloud service provider to receive the authority to operate at the initial low-impact levels. Autonomic Resources received it in 2013 for its Autonomic Resources Cloud Platform.

[FedRAMP provides a minimum cloud security standard for the DoD. Read why Defense CIO Takai Believes Why FedRAMP Helps Everyone.]

The Defense Information Systems Agency (DISA) was named the department's cloud service broker in 2012 and tasked with developing a cloud security model for DOD unclassified and classified missions through the Secret level. Missions classified above Secret are not included in the model.

(Source: Defense Dept. photo by US Air Force Master Sgt. Ken Hammon)
(Source: Defense Dept. photo by US Air Force Master Sgt. Ken Hammon)

Acquisition of cloud services by DOD agencies now must go through the DISA brokerage, and only authorized providers can be used. Those agencies already using cloud services before the edict were allowed to continue using them. AWS was permitted to work with existing DOD customers but could not sign up additional customers until the authorization to operate was granted.

The DOD has designated different tiers or impact levels, depending on the type of information being stored or hosted in the cloud and the potential impact of that information being compromised. DOD agencies work with the DISA to determine the impact level of the workload being moved to the cloud. Levels 1 and 2 cover low-risk unclassified data that is publicly releasable or controlled. Those were the first levels for which DISA requirements were issued. Requirements for levels 3-5 were released this month. Carlson said AWS is pursuing authorization for the higher-impact levels.

The DISA cloud security model recognizes the equivalency of some government cloud security standards and programs in order to minimize the time and effort required for certification. These other programs include:

  • FedRAMP
  • Committee on National Security Systems Instruction (CNSSI) 1253 Controls
  • Ongoing Assessment
  • DOD Command and Control and Network Operations Integration
  • Architectural Integration
  • Policy, Guidance, and Operational Constraints

FedRAMP, the Federal Risk and Authorization Management Program, is a government program to certify cloud service providers at a baseline level of security under the Federal Information Security Management Act. FedRAMP allows agencies to use or build on cloud services that have been FedRAMP certified, so that each agency does not have to start from scratch in certifying each computing platform being used. Both Autonomic and AWS leveraged their FedRAMP certifications and documented the additional 20 controls needed for DOD authorization to perform work at impact levels 1 and 2.

Amazon's authorization covers all of the company's infrastructure regions in the continental United States, including its US East and US West regions, as well as its GovCloud. Though GovCloud is a dedicated government cloud, some federal customers use the other clouds for noncritical workloads.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

William Jackson is a technology writer based in Washington, D.C. He has been a journalist for more than 35 years, most recently covering the $80 billion federal government IT sector for Government Computer News. His coverage has ranged from architecture to international ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
3/28/2014 | 4:18:01 PM
Re: Amazon cloud secure LOL
Before folks get to far wondering how secure Amazon is - or isn't -- it's worth remembering the CIA recently awarded AWS a $600 million contract to handle CIA data, beating out IBM.  I've met a some of the IT folks at CIA, and I have a hard time believing they didn't do some very serious due dilliegence on AWS.  I've also met some of the folks at DOD and on the FedRAMP Joint Advisory Board, who have billions of dollars of IT investment responsibility -- and decided to grant AWS's govt.-focused cloud servicers operating authority.  Amazon didn't get through that gauntlet without meeting some of the toughest security standards in the world.   
Ariella
50%
50%
Ariella,
User Rank: Ninja
3/28/2014 | 9:12:16 AM
Re: What happened to Amazon's biggest competitor?
@asksqn Is it relly a matter of old-fashioned cronyism? Could something else have come into play here?
Ariella
50%
50%
Ariella,
User Rank: Ninja
3/28/2014 | 9:11:14 AM
Re: Amazon cloud secure LOL
@JakeB679 I wouldn't have thought it's the most secure option myself. I wonder what made me the powers that be select it.
WKash
50%
50%
WKash,
User Rank: Author
3/27/2014 | 5:46:41 PM
Re: What happened to Amazon's biggest competitor?
Amazon got in early and not just at DOD, but the Dept. of Health and Human Services, and elsewhere, and gave CIOs a way out of, or at least around, archaic acquisition processes.  Google's federal team has been selling Google Apps for Govt., but has been less agressive about building dedicated cloud facilities that meet the government's strict security certification rules.
JakeB679
50%
50%
JakeB679,
User Rank: Apprentice
3/27/2014 | 4:30:11 PM
Amazon cloud secure LOL
Ok first off Amazon cloud has so many holes in it and leaks so badly. 

all you have to do is exploit the system tools to access the host server then grab the ssh keys.

Now yes I left out the secret sauce on how do it, but research it and test it. 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
3/27/2014 | 3:43:28 PM
Amazon.gov
Amazon's cloud...

"Customers who bought the Lockheed Martin F-35 also bought..."
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/27/2014 | 2:44:08 PM
What happened to Amazon's biggest competitor?
Apparently, Google isn't on the crony list of cloud providers.
Gov Cloud: Executive Initiatives, Enterprise Experience
Gov Cloud: Executive Initiatives, Enterprise Experience
In this report, we'll examine the use of cloud services by government IT, including the requirements, executive initiatives and service qualifications, and auditing and procurement programs that make government cloud adoption unlike that in the private sector.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.