Amazon Web Services (AWS) is hopping on the federal cloud computing bandwagon with a new service that adds an extra layer of protection to meet the regulatory requirements necessary for the U.S. government.
The AWS GovCloud Region targets federal, state and local governments to offer secured AWS services that comply with U.S. government regulations for data handling.
"The U.S. federal government, state and local governments, and the contractors who support their mission now have access to secure, flexible, and cost-effective AWS services running in an environment that complies with U.S. Government regulations for processing of sensitive workloads and storing sensitive data …," Amazon cloud evangelist Jeff Barr wrote in a blog post unveiling AWS GovCloud.
According to Barr, the AWS GovCloud Region supports the processing and storage of International Traffic in Arms (ITAR) controlled data and the hosting of ITAR controlled applications. ITAR stipulates that all controlled data must be stored in an environment where logical and physical access is limited to persons in the U.S. – citizens or permanent residents.
The GovCloud Region also provides FISMA Moderate controls, meaning that it has completed the implementation of a series of controls and have passed an independent security test and evaluation. AWS GovCloud also supports existing security controls necessary for cloud computing, including PCI DSS Level 1, ISO 27001 and SAS 70, Amazon said.
Amazon's push into the federal cloud space comes on the heels of former Federal CIO Vivek Kundra's departure from office. Kundra, a massive proponent of the cloud, launched a major government initiative under which he established a cloud first policy that states the government will evaluate cloud computing options where applicable for IT purchases. Kundra's position has since been filled by former Microsoft executive Steven VanRoekel
Despite Kundra's departure, federal cloud computing projects continue to gather momentum. A recent survey conducted at the FOSE conference by cloud management vendor ScienceLogic found that about two-thirds of federal agencies have identified applications to move to the cloud and half of those have started the migration process.
The AWS GovCloud Region is located on the west coast, Amazon said, and all Elastic Compute Cloud (EC2) instances launched in the region must reside within a Virtual Private Cloud (VPC). Along with EC2, Amazon Simple Storage Service (S3), Amazon Elastic Block Store (EBS), Amazon CloudWatch and Amazon Identity and Access Management (IAM) will be available in the GovCloud Region.
Barr wrote that aside from being restricted to U.S. citizens and residents and the requirement of a VPC, AWS GovCloud mirrors Amazon's other cloud services.
"Other than the restriction to US persons and the requirement that EC2 instances are launched within a VPC, we didn't make any other changes to our usual operational systems or practices. In other words, the security profile of the existing Regions was already up to the task of protecting important processing and data," Barr wrote. "In effect, we simply put a gateway at the door – 'Please show your passport or green card before entering.'"
Agencies that need to access AWS GovCloud must sign an AWS GovCloud Enterprise Agreement. It will also be accessible to government contractors, software integrators and service providers with a demonstrated need for accesses, as long as they meet the requirements set for under ITAR.