Amazon refutes view that federal security accreditation is no big deal

Amazon is shooting back at media reports

In an unusual public relations move by market-leading cloud provider Amazon Web Services, the company is shooting back at media reports that play down the significance of the company receiving government approval for the federal departments to use its cloud.

After a thorough government review, AWS recently received an authority to operate as a provider of services for the Department of Health and Human Services under the Federal Risk and Authorization Management Program (FedRAMP). The FedRAMP certification will basically make it easier for government agencies to host workloads in Amazon's cloud.

[MORE CLOUD:How to build a private cloud]

A report at the website Government Technology quoted Gartner IT risk assessment analyst Jay Heiser who played down the certification however, noting that the federal government is using its buying power to push public cloud providers to increase their services to a point where government agencies would be comfortable using them. "It's nice to know that some 3PAO (Independent Third Party Assessment Organization) has decided that Amazon's federal-specific facility is suitable for federal use, but why should any non-federal entity presume that they would get the same form of service?" Heiser told Government Technology in an e-mail.

Amazon Web Services responded to some of those claims in the company's blog over the weekend in a post titled, "AWS FedRAMP ATO: Difficult to Achieve, Easily Misunderstood, Valuable to All AWS Customers." Amazon does not typically respond to media reports about its services, but in the blog post AWS evangelist Jeff Barr points out that both the AWS GovCloud (which only hosts government workloads) and the US East and US West regions of its cloud all received FedRAMP certification, meaning all customers can benefit from FedRAMP certification. The FedRAMP certification process included:

-A six-month assessment-A human and administrative process review-Physical controls of certain facilities-Third-party penetration testing

So how big of a deal is FedRAMP certification? For government agencies, it is significant; it opens AWS services which are market leading in a variety of ways, including breadth of services and price - to government workloads.

But, the move to get FedRAMP should not come as a surprise; in fact it is almost to be expected from the company. AWS has an entire region of its cloud (GovCloud) dedicated only to government workloads, so of course it would try to get FedRAMP certification for that. By the way, Verizon Terremark, Dell and others have their own government cloud offerings as well.

Amazon says other customers could benefit from this certification too, but not necessarily inherently. At the company's first-ever re: Invent user's conference late last year, AWS Chief Security Officer Stephen Schmidt spoke about the "shared responsibility" between AWS and the customer regarding security. AWS provides a base-level of security around physical data center protections and the virtual and network infrastructure. It's up to customers to decide how their Amazon cloud services are configured to ensure different levels of security. "It's important to differentiate between what we do and what you choose to do," Schmidt said at the time.

The bottom line is that AWS has a robust cloud computing offering that can pack some pretty tight security protocols with it. In that same speech Schmidt noted that Amazon Web Service's original customer, the retail side of the business, is a massive payment card industry (PCI) compliant cloud. But the reality is that it's up to the customer to decide how secure and fault tolerant their cloud will be. A user can give AWS a credit card and have a virtual machine up and running in minutes. That VM isn't going to have the same security and high availability features that VMs used by government agencies for sensitive workloads though. You pay for what you get.

Network World senior writer Brandon Butler covers cloud computing and social collaboration. He can be reached at and found on Twitter at @BButlerNWW.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceGartnerCloudhardware systemsampDepartment of HealthData Centercloud computinginternet

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brandon Butler

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?