Amazon Web Services can now claim a rare blessing among cloud providers: it has earned the FedRAMP accreditation that certifies that it has met a variety of security standards. That certification, which covers AWS GovCloud as well as Amazon’s other U.S. regions, should make it easier for state, local and government agencies to put workloads on Amazon’s public cloud infrastructure without having to jump through so many hoops.
FedRAMP, which stands for the Federal Risk and Authorization Management Program, “is a U.S. government-wide standardized approach to security assessment, authorization and monitoring,” said Adam Selipsky, VP of AWS. If a service gets certified by FedRAMP for use by one agency, it will be easier for other government organizations to adopt it as well, he said.
In government parlance, Amazon now has a three-year “Authority to Operate,” or ATO. That certifies that a range of government data can be stored or processed on Amazon infrastructure. Companies seeking FedRAMP certification typically work with a sponsor agency, which in Amazon’s case was the Department of Health and Human Services.
FedRAMP blessing greases the skids for more government use
AWS now has both a FISMA (Federal Information Security Management Act) Moderate and a FedRAMP Moderate ranking.The latter designation means that “sensitive data” can be stored and managed on AWS infrastructure.
“This is a journey, a sliding scale. Sensitive data is a term of art used in government. Even more top secret categories of data require additional certifications,” Selipsky said.
To date, exactly two cloud providers — Autonomic Resources and CGI Federal -- had earned the FedRAMP seal of approval from the General Services Administration. Now AWS is in the mix, but the three companies won’t have the arena to themselves for very long. Up to 15 providers are expected to clear FedRAMP hurdles this year with double that number expected to do so in 2014 when FedRAMP certification becomes mandatory, according to Federal Computer Week,
AWS is the kingpin in public cloud infrastructure where it’s had a 6 year head start. But now enterprise-focused rivals — VMware will announce its AWS response on Tuesday, HP and Rackspace have rolled out their own public clouds. An early FedRAMP certification which should make government IT types feel better about deploying work on AWS, may well be another early-mover advantage.
Amazon CTO Werner Vogels may well talk about the importance of public sector workloads when he speaks at GigaOM Structure next month in San Francisco.