After 35 years in the IT business, I have seen an incredible amount of change. From mainframes to minicomputers to personal computers, and now to dynamic cloud-based infrastructure, each technology generation promises increased power, greater flexibility, lower costs, and broader applicability.
I recently returned from a trip to Washington DC where I was able to see first-hand how the public sector is embracing the cloud. Government organizations must meet mandates for increased access to data (often on a wider variety of devices and in more formats than ever before) while dealing with stringent security requirements, legacy IT systems, and budgets that become tighter and more uncertain by the day. I learned that many of the same attributes that make AWS attractive to enterprises make it an ideal fit for the public sector. While we don’t historically associate agility and efficiency with government agencies, the reality is that they have no choice but to embrace these attributes if they are to carry out their missions.
AWS started to pay attention to the unique needs of the public sector (federal, state, and local) quite some time ago. We put a strong team in place, we built a number of strong partnerships, we customized and enhanced AWS to meet the unique needs of the government, we documented our security practices, and we set out to earn the Certifications and Accreditations that would give potential customers the ability to run sensitive applications in the cloud. Here’s where we stand:
We built the AWS GovCloud (US) , an isolated AWS Region designed to allow US government agencies to move their sensitive workloads to the cloud by addressing specific regulatory and compliance requirements such as International Traffic in Arms Regulation (ITAR), the FIPS 140-2 cryptographic standards, and FedRAMPsm.
Government agencies are now running numerous mission-critical enterprise applications, high performance computing (HPC), storage, and disaster recovery, along with a wide variety of web sites and web applications on AWS. I’ll have more to say about this in just a bit.
Security, Certifications, and Accreditations
When people begin to learn about cloud computing, they often ask about trust, safety, and security. While we do love to innovate, security is always at the top of the priority list for the AWS team. Security is engineered into each service from the start. In fact, every development schedule includes multiple reviews with senior members of our security team. We published the first AWS Security White paper over five years ago, and have updated it many times since then. This paper addresses the vast majority of concerns that potential customers have about AWS and gives them an assurance that we take security very seriously.
The Security White Paper is backed up by a very broad array of Certifications and Accreditations. We track a multitude of regulations, standards, and best practices with the goal of making AWS the place to store sensitive data such as protected health information (PHI), personally identifiable information (PII), personal finance and credit card information, and data that is restricted by ITAR. We manage over 650 unique security controls in order to obtain (and maintain) compliance with HIPAA, FedRAMP, SOC 1, SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, DIACAP, ITAR, FIPS 140-2, CSA, and MPAA. We track emerging compliance requirements and strive to meet them on a timely basis. For example, we were the first general-purpose cloud provider to receive ATO (Authority to Operate) under FedRAMP. When potential customers examine our security capabilities and processes in detail, they often tell me that we are really doing the kinds of security work that they can only dream of doing on their own. The scale of AWS makes it possible for us to invest in this work at a level that would be prohibitively expensive for individual organizations or for vendors with a lukewarm commitment to cloud computing. Security and compliance, like many of the things that we do, are far more efficient at scale.
I discussed security and compliance issues with our public sector team during my recent trip. They told me something that I found interesting and impressive. Public sector customers are often initially skeptical when first told that AWS can meet their security needs. However, after they engage with our solutions architecture, security, and compliance teams and dig into our securities capabilities in detail, their position changes. The team told me that they have yet to meet a government agency with security or compliance requirements that go beyond our capabilities.
In addition to providing deep cloud expertise through our professional services team, we have created partnerships with a wide variety of System Integrators to make sure that agencies have access to the architectural and operational skills needed to make a successful move to the cloud. We also worked with a considerable number of Independent Software Vendors to make sure that the most relevant commercial applications would be available. I’m really happy to see that AWS Consulting Partners like Booz Allen Hamilton, Aquilent, JHC Technology, Smartronix, SAIC, URS, DLT Solutions, BlueRiver IT, and Cloudnexa and AWS Technology Partners like ESRI, Oracle, Xceedium, Adobe, Appian, Acquia, Pegasystems, and Sonian have recognized the value of AWS in government and education and are building businesses around it.
The Cloud in Action
Over 600 government agencies and 2,400 educational institutions are already using AWS to address a diverse set of use cases, from simple website hosting all the way up to mission-critical intelligence projects dealing with large volumes of sensitive data. Here are just a few examples of what’s happening in the US and elsewhere (we have plenty of other case studies if you would like to learn more):
The US Securities and Exchange Commission runs its new mission-critical MIDAS (Market Information Data Analytics System) on AWS using software developed by AWS partner Tradeworx. This major system went from contract award to production in less than six months, an incredibly fast delivery in the somewhat sluggish (by cloud standards) world of government contracting. The story behind this system makes for fascinating reading. Prior to the development of MIDAS, a “full depth-of-book” analysis of every stock (all quotes and orders) for a single day of trading took nearly four months. They can now run this analysis significantly faster, and can also run it across varying periods of time.
The US Department of Health and Human Services (case study) migrated its first three services: grants solutions, audit resolution tracking management system and MedWatch Plus to the AWS cloud as part of the federal Cloud-First initiative.
NASA JPL (case study) runs a number of mission-critical applications on AWS. To streamline the processing of images taken by the Mars Exploration Rover, JPL engineers developed an AWS application that harnesses the power of multiple Amazon EC2 instances running in parallel.
The US Department of the Treasury (case study) runs Treasury.gov and four other web sites on AWS. Our partner Smartronix assembled a team that included industry experts in SharePoint, cloud computing, Web design, transparency, Open Government data, and social collaboration.
The US Department of State (case study) contracted with MetroStar Systems to design an online video contest to encourage discussion and participation around cultural topics, and to promote membership in the network.
The US Navy (case study) created the SECNAV Public Portal to establish a unified web presence where multiple Secretariat organizations share public content on the World Wide Web. The initiative standardizes technology used for public website development while reducing costs to the government.
Again, these are just a few data points; there are dozens more that we can’t talk about in public just yet. The overall trend is clear – agencies of the United States government are embracing cloud computing at a rapid pace, and they are using AWS to do it! AWS has proven that it can handle workloads of many shapes, sizes, and sensitivity levels.
Don't Just Take Our Word For It
I encourage you to read the recently released Gartner Magic Quadrant for Cloud Infrastructure as a Service*, which named AWS as a leader, positioned highest in the Leaders Quadrant for ability to execute and completeness of vision. You can compare the 2013 Magic Quadrant with those from 2011 and 2012 to see our progression in this space. We believe these reports are a validation of our commitment to deliver the highest quality technologies and services to our customers.
We created the What is Cloud Computing page to help you to learn about the cloud and its benefits. Start there, and then check out the AWS Security Center and the AWS Compliance Center for more information about our security and our certifications and accreditations. You may also enjoy browsing the collection of commercial software and services in the AWS Marketplace. You can find, buy, and immediately start using any of the 1000+ items in catalog.
You can sign up and start using AWS at no charge using the AWS Free Usage Tier. However, if you need technical, architectural, security, or business guidance in order to get going, the AWS public sector team is ready to help. Based in Herndon, Virginia, the AWS public sector team includes salespeople, solution architects, partner managers, security specialists, and more. Also, as I mentioned earlier, our Consulting Partners are trained, experienced, and fully qualified to help you plan and execute your move to the cloud. If you would like to get started, request more information from our public sector team.
* Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Lydia Leong et al., 19 August 2013. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.