After 35 years in the IT business, I have seen an incredible
amount of change. From mainframes to minicomputers to personal computers, and
now to dynamic cloud-based infrastructure, each technology generation promises increased
power, greater flexibility, lower costs, and broader applicability.
I recently returned from a trip to Washington DC where I was
able to see first-hand how the public sector is embracing the cloud. Government
organizations must meet mandates for increased access to data (often on a wider
variety of devices and in more formats than ever before) while dealing with stringent
security requirements, legacy IT systems, and budgets that become tighter and
more uncertain by the day. I learned that many of the same attributes that make
AWS attractive to enterprises make it an ideal fit for the public sector. While
we don’t historically associate agility and efficiency with government
agencies, the reality is that they have no choice but to embrace these attributes
if they are to carry out their missions.
AWS started to pay attention to the unique needs of the
public sector (federal, state, and local) quite some time ago. We put a strong team in place, we built a
number of strong partnerships, we customized and enhanced AWS to meet the unique
needs of the government, we documented our security practices, and we set out
to earn the Certifications and Accreditations that would give potential
customers the ability to run sensitive applications in the cloud. Here’s where
we stand:
AWS Enhancements
We built the AWS
GovCloud (US) , an isolated AWS Region designed to allow US government
agencies to move their sensitive workloads to the cloud by addressing specific regulatory
and compliance requirements such as International Traffic in Arms Regulation (ITAR),
the FIPS 140-2 cryptographic standards, and FedRAMPsm.
Government agencies are now running numerous
mission-critical enterprise applications, high performance computing (HPC),
storage, and disaster recovery, along with a wide variety of web sites and web
applications on AWS. I’ll have more to say about this in just a bit.
Security, Certifications, and Accreditations
When people begin to learn about cloud computing, they often
ask about trust, safety, and security. While we do love to innovate, security
is always at the top of the priority list for the AWS team. Security is engineered into each service from
the start. In fact, every development schedule includes multiple reviews with
senior members of our security team. We published the first AWS Security White
paper over five years ago, and have updated it many times since then. This paper addresses the vast majority of
concerns that potential customers have about AWS and gives them an assurance
that we take security very seriously.
The Security White Paper is backed up by a very broad array
of Certifications and Accreditations. We track a multitude of regulations,
standards, and best practices with the goal of making AWS the place to store
sensitive data such as protected health information (PHI), personally
identifiable information (PII), personal finance and credit card information,
and data that is restricted by ITAR. We manage over 650 unique security
controls in order to obtain (and
maintain) compliance with HIPAA, FedRAMP, SOC 1, SOC 2, SOC 3, PCI DSS Level 1,
ISO 27001, DIACAP, ITAR, FIPS 140-2, CSA, and MPAA. We track emerging
compliance requirements and strive to meet them on a timely basis. For example,
we were the first
general-purpose cloud provider to receive ATO (Authority to Operate) under
FedRAMP. When potential customers examine our security capabilities and
processes in detail, they often tell me that we are really doing the kinds of
security work that they can only dream of doing on their own. The scale of AWS makes it possible for us to
invest in this work at a level that would be prohibitively expensive for
individual organizations or for vendors with a lukewarm commitment to cloud
computing. Security and compliance, like many of the things that we do, are far
more efficient at scale.
I discussed security and compliance issues with our public
sector team during my recent trip. They told me something that I found
interesting and impressive. Public sector customers are often initially
skeptical when first told that AWS can meet their security needs. However,
after they engage with our solutions architecture, security, and compliance
teams and dig into our securities capabilities in detail, their position
changes. The team told me that they have yet to meet a government agency with
security or compliance requirements that go beyond our capabilities.
Partnerships
In addition to providing deep cloud expertise through our
professional services team, we have created partnerships with a wide variety
of System Integrators to make sure that agencies have access to the
architectural and operational skills needed to make a successful move to the
cloud. We also worked with a considerable number of Independent Software
Vendors to make sure that the most relevant commercial applications would be
available. I’m really happy to see that AWS Consulting Partners like Booz
Allen Hamilton, Aquilent, JHC Technology, Smartronix, SAIC, URS, DLT Solutions, BlueRiver IT,
and Cloudnexa and AWS Technology Partners like ESRI, Oracle, Xceedium, Adobe,
Appian, Acquia, Pegasystems, and Sonian have recognized the value of AWS in
government and education and are building businesses around it.
The Cloud in Action
Over 600 government agencies and 2,400 educational
institutions are already using AWS to address a diverse set of use cases, from simple
website hosting all the way up to mission-critical intelligence projects
dealing with large volumes of sensitive data. Here are just a few examples of
what’s happening in the US and elsewhere (we have plenty of other case
studies if you would like to learn more):
The US Securities and Exchange Commission runs its new mission-critical
MIDAS (Market Information Data Analytics System) on AWS using software
developed by AWS partner Tradeworx.
This major system went from contract award to production in less than six
months, an incredibly fast delivery in the somewhat sluggish (by cloud
standards) world of government contracting. The story behind
this system makes for fascinating reading. Prior to the development of MIDAS,
a “full depth-of-book” analysis of every stock (all quotes and orders) for a
single day of trading took nearly four months. They can now run this analysis
significantly faster, and can also run it across varying periods of time.
The US Department of Health and Human
Services (case
study) migrated its first three services: grants solutions, audit
resolution tracking management system and MedWatch Plus to the AWS cloud as part
of the federal Cloud-First initiative.
NASA JPL (case study) runs a
number of mission-critical applications on AWS. To streamline the processing of
images taken by the Mars Exploration Rover, JPL engineers developed an AWS
application that harnesses the power of multiple Amazon EC2 instances running
in parallel.
The US Department of
the Treasury (case
study) runs Treasury.gov and four other web sites on AWS. Our partner
Smartronix assembled a team that included industry experts in SharePoint, cloud
computing, Web design, transparency, Open Government data, and social
collaboration.
The US Department of
State (case
study) contracted with MetroStar Systems to design an online video contest
to encourage discussion and participation around cultural topics, and to
promote membership in the network.
The
US Navy (case
study) created the SECNAV Public Portal to establish a unified web presence
where multiple Secretariat organizations share public content on the World Wide
Web. The initiative standardizes technology used for public website development
while reducing costs to the government.
Again, these are just a few data points; there are dozens
more that we can’t talk about in public just yet. The overall trend is clear –
agencies of the United States government are embracing cloud computing at a
rapid pace, and they are using AWS to do it!
AWS has proven that it can handle workloads of many shapes, sizes, and sensitivity
levels.
Don't Just Take Our Word For It
I encourage you to read the recently released Gartner
Magic Quadrant for Cloud Infrastructure as a Service*, which named AWS as a
leader, positioned highest in the Leaders Quadrant for ability to execute and
completeness of vision. You can compare
the 2013 Magic Quadrant with those from 2011 and 2012 to see our progression in
this space. We believe these reports are a validation of our commitment to
deliver the highest quality technologies and services to our customers.
Your Turn
We created the What is Cloud Computing
page to help you to learn about the cloud and its benefits. Start there, and
then check out the AWS Security Center
and the AWS Compliance Center
for more information about our security and our certifications and
accreditations. You may also enjoy browsing the collection of commercial
software and services in the AWS
Marketplace. You can find, buy, and immediately start using any of the 1000+
items in catalog.
You can sign up and start using AWS at no charge using the
AWS Free Usage Tier. However, if you need technical, architectural, security,
or business guidance in order to get going, the AWS public sector team is ready
to help. Based in Herndon, Virginia, the AWS public sector team includes
salespeople, solution architects, partner managers, security specialists, and
more. Also, as I mentioned earlier, our Consulting
Partners are trained, experienced, and fully qualified to help you plan and
execute your move to the cloud. If you would like to get started, request more
information from our public sector team.
-- Jeff;
* Gartner, Magic Quadrant for Cloud Infrastructure as a Service,
Lydia Leong et al., 19 August 2013. Gartner does not
endorse any vendor, product or service depicted in its research publications,
and does not advise technology users to select only those vendors with the
highest ratings. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to
this research, including any warranties of merchantability or fitness for a
particular purpose.
Recent Comments