Amazon refutes view that federal security accreditation is no big deal

Amazon is shooting back at media reports

In an unusual public relations move by market-leading cloud provider Amazon Web Services, the company is shooting back at media reports that play down the significance of the company receiving government approval for the federal departments to use its cloud.

After a thorough government review, AWS recently received an authority to operate as a provider of services for the Department of Health and Human Services under the Federal Risk and Authorization Management Program (FedRAMP). The FedRAMP certification will basically make it easier for government agencies to host workloads in Amazon's cloud.

[MORE CLOUD:How to build a private cloud]

A report at the website Government Technology quoted Gartner IT risk assessment analyst Jay Heiser who played down the certification however, noting that the federal government is using its buying power to push public cloud providers to increase their services to a point where government agencies would be comfortable using them. "It's nice to know that some 3PAO (Independent Third Party Assessment Organization) has decided that Amazon's federal-specific facility is suitable for federal use, but why should any non-federal entity presume that they would get the same form of service?" Heiser told Government Technology in an e-mail.

Amazon Web Services responded to some of those claims in the company's blog over the weekend in a post titled, "AWS FedRAMP ATO: Difficult to Achieve, Easily Misunderstood, Valuable to All AWS Customers." Amazon does not typically respond to media reports about its services, but in the blog post AWS evangelist Jeff Barr points out that both the AWS GovCloud (which only hosts government workloads) and the US East and US West regions of its cloud all received FedRAMP certification, meaning all customers can benefit from FedRAMP certification. The FedRAMP certification process included:

-A six-month assessment-A human and administrative process review-Physical controls of certain facilities-Third-party penetration testing

So how big of a deal is FedRAMP certification? For government agencies, it is significant; it opens AWS services which are market leading in a variety of ways, including breadth of services and price - to government workloads.

But, the move to get FedRAMP should not come as a surprise; in fact it is almost to be expected from the company. AWS has an entire region of its cloud (GovCloud) dedicated only to government workloads, so of course it would try to get FedRAMP certification for that. By the way, Verizon Terremark, Dell and others have their own government cloud offerings as well.

Amazon says other customers could benefit from this certification too, but not necessarily inherently. At the company's first-ever re: Invent user's conference late last year, AWS Chief Security Officer Stephen Schmidt spoke about the "shared responsibility" between AWS and the customer regarding security. AWS provides a base-level of security around physical data center protections and the virtual and network infrastructure. It's up to customers to decide how their Amazon cloud services are configured to ensure different levels of security. "It's important to differentiate between what we do and what you choose to do," Schmidt said at the time.

The bottom line is that AWS has a robust cloud computing offering that can pack some pretty tight security protocols with it. In that same speech Schmidt noted that Amazon Web Service's original customer, the Amazon.com retail side of the business, is a massive payment card industry (PCI) compliant cloud. But the reality is that it's up to the customer to decide how secure and fault tolerant their cloud will be. A user can give AWS a credit card and have a virtual machine up and running in minutes. That VM isn't going to have the same security and high availability features that VMs used by government agencies for sensitive workloads though. You pay for what you get.

Network World senior writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.

Tags GartnerConfiguration / maintenanceCloudamphardware systemsDepartment of Healthinternetcloud computingData Center

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brandon Butler

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?