recommended reading

Big Win for Amazon: First Provider Authorized to Handle Sensitive DOD Workloads in Cloud

agsandrew/Shutterstock.com

Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data.

Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data.

In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles.

In layman's terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud.

“In a nutshell, we’re very excited to announce we’ve received the DOD provisional ATO through impact levels 3-5 – we’re the first commercial cloud provider to achieve this,” Teresa Carlson, vice president for AWS’ worldwide public sector, told Nextgov. “I think it highlights our continued commitment to being a leader in cloud computing. This opens up a whole new world of opportunities for DOD to do what other groups have been doing.”

Indeed, AWS recently launched a private cloud for the Central Intelligence Agency to service the intelligence community, and other cloud providers have been busy picking up new business in the civilian government where billions of dollars are up for grabs.

AWS was one of the first cloud providers to meet the Federal Risk and Authorization Management Program, the government’s baseline security standards for cloud computing. The company was also one of three firms to meet DISA’s cloud security requirements at impact levels 1-2, which govern the agency’s least sensitive data. DISA’s cloud security model includes many additional requirements on top of what is required by FedRAMP.  

Yet, civilian agencies that do not grapple with as many data sensitivity issues as DOD, have been pulling off sometimes large-scale cloud efforts while DOD lagged behind in its efforts.

Its cloud security model could still change, but in a recent speech, DOD Acting Chief Information Officer Terry Halvorsen said the department plans by September to announce five cloud pilots for its sensitive data. The focus, he said, would be on government-only clouds developed by the private sector. Regardless of how DISA proceeds, it appears AWS is primed to address its needs.

“There were many additional controls we had to meet, and it’s tough, but DISA needs it to be tough,” said Carlson, hinting that AWS’ next step is meeting requirements at impact level 6, which govern classified DOD data.

“Our goal is to meet every standard the federal government has for their data,” she added. “Obviously, that means the ability to work at all levels.” 

(Image via agsandrew/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.