All federal government agencies, including the DoD, have been required to adhere to certain compliance requirements. These requirements are meant to inject consistency and confidence in the security of a cloud provider solution. And security is top of mind for many government agencies today.
In the last year, high-profile cyberattacks against SolarWinds, Microsoft, and VMware have renewed an aggressive focus on cloud adoption and cybersecurity within the federal government. This was especially the case with the SolarWinds breach, which may have resulted in as many as ten government agencies being impacted.
Throughout the weeks leading up to the recent Colonial Pipeline cyberattack, the Biden administration was in the midst of crafting a sweeping Executive Order (EO) that would focus on enhancing the cybersecurity and protection of federal digital infrastructures. Released on May 12, 2021, the EO contained explicit directives that the “Federal Government must…accelerate movement to secure cloud services” in order to “keep pace with today’s dynamic and increasingly sophisticated cyber threat environment.”
Though the EO has pointed federal government agencies and the DoD in the right direction, it’s important to remember that not all Cloud Service Providers (CSPs) are equal. Just moving government data, systems and workloads to the cloud doesn’t guarantee that they’re more secure, unless the CSP is committed to meeting all government security requirements and prioritizes cybersecurity within the organization.
For example, let’s look at some of the security features and technologies that have been implemented at AWS that can help ensure government cloud resources stay secure.
Security baked in
To enable extremely high security levels for our customers, AWS employs a robust set of security technologies and practices, including encryption and access control features that exceed government security requirements. These controls have resulted in AWS’s alignment and compliance with the U.S. government’s security and control requirements contained within FedRAMP and DoD SRG.
This means that when a customer deploys an application on the AWS infrastructure, they fully inherit the security controls pertaining to the AWS physical, environmental, and media protection controls that serve as the basis for our FedRAMP and DoD SRG compliance. This allows customers to focus on innovation and solution building, and not on the underlying security compliance of the infrastructure.
Simply put – when government agencies migrate to the cloud, they’re effectively improving their level of security assurance and reducing operational risk. Much of that is due to aggressive investments within AWS to constantly improve the security of its solutions and meet stringent government security requirements.
In August 2011, AWS became the first cloud provider to announce a cloud that meets the needs of the U.S. government and other highly regulated industries, AWS GovCloud (US). In May 2013, AWS became the first major cloud provider to achieve the US government’s FedRAMP compliance standard, and in June 2016, AWS became the first to be granted authorization for FedRAMP High workloads. Then, AWS achieved authorization for DoD SRG Impact Level 5 workloads, including National Security Systems in September 2017.
With the recent launch of the AWS Secret Region, AWS became the first commercial cloud provider to launch a region dedicated to run U.S government workloads that require some of the highest protections and safeguards.
By serving the entire spectrum of the U.S. government’s data requirements, AWS enables federal agencies, military organizations, and their contractors to leverage the secure AWS environments.
As the first public sector distributor and premier consulting partner for AWS – DLT Solutions helps make the path to the cloud seamless for federal agencies. DLT and AWS can strengthen your security and compliance with expertise and comprehensive services and solutions.