is aws govcloud (us) right for your regulated workload? | aws public sector summit 2017
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Keith Brooks – AWS Manager, AWS GovCloud (US)
June 13, 2017
Is AWS GovCloud (US) Right for Your Regulated Workload?
Why Public Sector is adopting Cloud
Pave the way for innovation Make the world a better place
It offers:
• Disruptive innovation
• Agility
• Twenty-first century capability
• New skills
• Cost savings
It enables:
• World-changing projects
• Economic development
• Citizen services and
engagement
• Research and education
AWS GovCloud (US) is an isolated AWS Region
Intended for customers with strict regulatory and compliance
requirements and sensitive data or workloads
US Government laws Security standards Compliance programs
Addresses multiple US regulations, policies, and security requirements
AWS GovCloud (US) differentiated features
Physical and logical isolation Unique credentials Dedicated AWS
Management Console
AWS GovCloud (US) differentiated features
Managed by U.S. Citizens
on U.S. soil
Community Cloud with
vetted account holders
AWS GovCloud (US) is compliance in the Cloud
International Traffic and
Arms Regulation
DOD Security
Requirements Guide IL 2-4
SP 800-53 (rev 4)
SP 800-171
Criminal Justice Information
Service Security Policy
Federal Information
Processing Standard PubDefense Federal
Acquisition Regulation
Supplement
IRS – 1075
(Section 6103 (p))
FedRAMP
Moderate and High
AWS GovCloud (US) is compliance in the Cloud
Family Educational
Rights and Privacy Act
International Organization
for StandardizationAICPA Service Organization
Control Reports
Payment Card Industry
Data Security Standard
Export Administration
RegulationHealth Insurance Portability
& Accountability Act
18 FedRAMP High JAB authorized AWS services
Amazon
EC2
ELBELB Amazon S3 Amazon Glacier IAM
Amazon
RDS
VPC
Amazon VPC
AWS
KMS
Amazon
DynamoDB
SQSAmazon
SQSAWS
CloudTrail
SNSAmazon
SNS
Amazon
Redshift
LOGSAmazon
CloudWatch
Amazon
EMR
SWFAmazon
SWF
Amazon EBS
CFAWS
CloudFormation
FedRAMP BY THE NUMBERS
Theprogramhasbeen
inexistencefor5years,formally
launchinginJune2012
5 YEARS
Wecurrently
have
authorized
CloudServiceProviders
82 33%
33%ofthosethatare
authorizedaresmallbusiness
WehaveDOUBLEDthe
numberofcloudprovidersand
authorizationseachyearsincelaunch
471
Sinceinception,
agencieshavere-usedauthorizations
times
Thatmeanseveryauthorizationhasbeenreused
approximately
5x
155 43108
FedRAMP Accelerated demonstrated the PMO’s ability to reduce JAB authorization timelines by over 75%.
Transformed t he ATO Process t o Take Less Than 6 Mont hs
▪ ReducedTimelinesfrom18-24monthsdowntoapproximately4monthsonaverage▪ Stillmaintainedthesamelevelofrigorinreviewsaspreviousprocess▪ IncreasedsecurityreviewsbyincorporatingContinuousMonitoringintoprocess
Key Element of Success was FedRAMP Ready
▪ ManyCSPsbeginunawareofwhatgapsexistwithintheirsystem▪ ThisresultsinunforeseencostsandtimeforCSPsintheauthorizationprocess▪ TheFedRAMPReadinessAssessmentReporthelpsidentifyaCSP’ssecurityimplementationsupfrontintheprocess-forgov’ttounderstandsuccesslikelihood,andaCSPtouseasaselfassessment
FedRAMP STRAGEIC INITIATIVE: FedRAMP ACCELERATED
High impact systems are systems that contain high impact data according to the Federal Information Processing Standard (FIPS) 199.
FIPS199categorizesdataaccordingtothreeuniqueelements:▪ Confidentiality▪ Integrity▪ Availability
Insimpleterms,ifanyofthoseelementswereimpacted,itwouldposeasevererisktolife,limb,orfinancialruin.▪ Bydefinition,thismeansanyimpactwouldhaveasevereorcatastrophicadverseeffectonorganizationaloperations,organizationalassets,orindividuals.
Typicalhighimpactsystemsinclude:▪ Lawenforcementsystems▪ Healthsystems▪ FinancialsystemsHIGHBASELINEDEMANDACROSSUSG
FedRAMP STRATEGIC INITIATIVE: FedRAMP HIGH BASELINE
FedRAMP Tailored adds “tailored” processes and baselinesto FedRAMP’s current “one-size-fits-all” baselines
▪ FedRAMP was originally built around enterprise-wide solutions that would cover the broadest range of data types for cloud architectures and low, moderate, and high impact
▪ FedRAMP tailored addresses low risk use SaaS —focusing on things like collaboration, project management, and open-source code development
FedRAMP STRATEGIC INITIATIVE: FedRAMP TAILORED
What AWS GovCloud (US) enables for customers
Benefits of the AWS Cloud tailored to Government
and regulated industry
Types of organizations using AWS GovCloud (US)
US Government
Federal, state, and local
Consulting firms and
systems integrators
Technology firms
and ISVs
Education
institutions
Research
organizations
Regulated industries(Aerospace, Defense, Energy,
Manufacturing, Healthcare)
Nonprofit
organizations
Managed service
providers
AWS GovCloud (US) growth since 2011
2011 2012 2013 2014 2015 2016
185% compounded annual growth rate**As of December 31, 2016
Workloads appropriate for AWS GovCloud (US)
Web applications
and websites
Backup, recovery
and archiving
Disaster recovery Development
and test
Big dataHigh-performance
computingEnterprise IT MobileMission critical
applications
Data center migration
and hybrid
Requirements for access to AWS GovCloud (US)
Account holder must be a US Person
(defined as a US citizen or a Green Card holder)
US entity incorporated to do business in the United
States and is based on US soil
Can handle export control data
Learn more: https://aws.amazon.com/govcloud-us/getting-started/
How to get started with AWS GovCloud (US)
Best practice: Create a new AWS account for GovCloud use
1. Sign in to the AWS Management Console as root user
2. Navigate to the Account Settings page
3. Click the Sign Up for AWS GovCloud (US) button and follow the
instructions to request access.
Resellers contact your AWS business representative to get started
Learn more about AWS GovCloud (US)
AWS GovCloud (US) homepagehttps://aws.amazon.com/govcloud-us/
AWS GovCloud (US) User Guidehttp://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html
Keith BrooksAWS GovCloud (US)
Manager – Business Development