AWS GovCloud (US) Celebrates 10th Anniversary and a Decade of Digital Transformation in the Federal Government
The past decade has seen the federal government and highly regulated industries reevaluate the role of cloud technology in enabling their digital transformation initiatives.
Next-generation cloud offerings, led by Amazon Web Services (AWS) GovCloud (US), have matured to support the mission-critical objectives of national security, defense, and civilian agencies in a secure and compliant manner.
AWS GovCloud (US) celebrates its 10th Anniversary with a continued commitment to bringing cutting-edge services and features needed for agency digital transformation journeys.
The past decade has seen the federal government and highly regulated industries reevaluate the role of cloud technology in enabling their digital transformation initiatives. Next-generation cloud offerings, led by Amazon AWS GovCloud (US), have matured to support the mission-critical objectives of national security, defense, and civilian agencies in a secure and compliant manner.
AWS GovCloud (US) was built based on the feedback and unique needs of government customers who require extremely high security and highly compliant infrastructure and services to innovate while doing more with less, more quickly, and more impactfully. When released in 2011, AWS GovCloud (US) was the first cloud provider to build and operate cloud infrastructure specifically designed to meet U.S. government requirements.
AWS focused on giving its customers—US government agencies and private sector enterprises in regulated industries—the ability to meet government security and compliance requirements such as International Traffic in Arms Regulation (ITAR), which governs how organizations manage and store sensitive, US-restricted defense and military-related data.
“We built AWS GovCloud (US) to be a continually evolving set of infrastructure and services that provides our customers with scale, flexibility, and agility to meet a broad range of requirements in a secure, compliant, and cost-effective manner,” says Keith Brooks, director of government regions at AWS.
“The evolution of AWS GovCloud (US) over the last ten years reflects AWS’s deep and lasting commitment to our federal agency customers and their contractors. Our goal is to provide our government customers with solutions that address their mission-critical workloads and needs.”
Early Adopter Agencies Paved the Way for the Evolution of AWS GovCloud (US)
Early adopters of AWS GovCloud (US) included the Department of Health and Human Services, Department of Veterans Affairs, Department of Defense, and Department of Justice. In fact, AWS GovCloud (US) kicked off with two lighthouse customers that embraced the potential of the cloud and explored how the cloud could support their operations and missions.
NASA Jet Propulsion Laboratory (NASA JPL). NASA JPL effectively used AWS GovCloud(US) Region’s on-demand resources to save money by only paying for the resources they used. NASA JPL quickly expanded their adoptionof AWS GovCloud (US), from support operations to actually executing mission-critical activities.
The platform was used, for instance, during the Curiosity Rover landing on Mars in 2012 to stream over 150 terabytes of data in just a few hours so that information and images could be shared with all relevant and authorized stakeholders. AWS GovCloud (US) continues to support NASA JPL’s Mars missions today, including processing and hosting science and engineering data from the Mars 2020 Perseverance rover.
NASA JPL has spearheaded federal innovations in harnessing big data analytics in the cloud.
Centers for Disease Control (CDC). The CDC used AWS GovCloud (US) to support the BioSense 2.0 program. The BioSense mission was to provide awareness of health-related threats and support effective responses on the national, state, and local levels.
As the very first Health and Human Services program wholly hosted in the cloud, the CDC recognized the need, early on, to avoid purchasing expensive dedicated hardware, networking, and software infrastructure to support constantly evolving requirements. The CDC demonstrated how highly sensitive and regulated health workloads can be securely run in the cloud.
The CDC leverages AWS GovCloud (US) to ensure high availability, meet security and compliance requirements, and innovate to support critical health workloads. Today, the CDC delivers essential health monitoring services to thousands of health professionals and facilities. Their ability to help officials respond quickly to diseases and identify trends saves lives every day.
The Evolving Landscape of Compliance and Cloud Computing
“Compliance requirements are constantly evolving,” explains Brooks. “That is why, initially, the biggest hurdle was getting agencies and organizations to accept and adapt to the cloud. However, after AWS proved that federal, state, and local governments could meet security and compliance regulations in AWS GovCloud (US), the next hurdle was building familiarity with the new offerings so that customers could build the skills and competencies necessary to architect and operate their workloads in a secure and compliant manner.”
Today, the government has fully embraced the cloud.
“A broad consensus has emerged around the fact that AWS GovCloud (US) has the regulatory and compliance capabilities to be a key enabler for executing citizen services, back-office operations, and other mission-critical functions of government. In many cases, customers improve their security posture compared to infrastructures that were previously in place,” says Brooks.
AWS GovCloud (US) is fully compliant with the Federal Risk and Authorization Management Program (FedRAMP)—which standardizes security assessment and authorization for cloud products and services used by U.S. federal agencies subject to Federal Information Security Management Act (FISMA) controls.
The federal government has thus far authorized over 230 different cloud services and continues to add more solutions to the FedRAMP baseline every month. This has reduced cloud operating barriers, allowing federal agencies and contractors to deploy and support innovative cloud solutions. The continued evolution of FedRAMP—and continuous improvements to the program—are excellent examples of how quickly cloud operations are maturing to address the federal compliance landscape.
Key milestones that illustrate the increasing adoption of AWS GovCloud (US) in the federal environment include:
The Launch of AWS GovCloud (US-East) in 2018: This second geographically distant AWS GovCloud (US) Region provides customers with three additional Availability Zones. This infrastructure and service expansion provides customers with additional flexibility to architect scalable, fault-tolerant, and highly available applications while taking full advantage of innovative AWS services and features. This multi-regional context is crucial for geographically distributed government operations.
Continued commitment to building the pipeline for FedRAMP authorizations. AWS is working closely with the FedRAMP program management office and the Joint Authorization Board (JAB)—the primary governing body of FedRAMP—to provide customers with new services and functionality that enhance agency operations. As a result, AWS has more FedRAMP Authorizations to Operate (ATOs) than any other cloud service provider. AWS also maintains a similar commitment to building a pipeline of authorized services and functionality for the Department of Defense (DOD) Cloud Computing Security Requirement Guide (SRG).
In 2020, AWS released a Cybersecurity Maturity Model Certification (CMMC) compliance framework specifically for DOD and federal workloads. This framework helps customers quickly deploy a foundational level of AWS infrastructure that provides automated, secure, scalable multi-account environments based on AWS best practices. The framework explicitly addresses the requirements for CMMC and SRG. It gives customers the ability to deploy, operate and manage environments that address DOD regulatory requirements so that they can securely safeguard sensitive defense workloads.
Also, in 2020, AWS launched AWS Outposts in AWS GovCloud (US). AWS Outposts allows customers to extend AWS infrastructure, services, application programming interfaces (APIs), and tools to any on-premises infrastructures—such as customer data centers and customer colocation facilities. This allows the government, and other highly regulated industries, to manage and process data on-premises while still tapping into the innovation and the capabilities of AWS GovCloud (US).
“Moving forward, AWS remains committed to innovation in AWS GovCloud (US). We are focusing on emerging technologies in analytics, enabling serverless and container capabilities, and continuing to raise the bar in terms of security, compliance, and governance,” says Brooks. “These capabilities enable our customers to develop applications better, faster and incorporate cloud innovation into their workloads in a highly compliant manner.”
Developing Cloud Computing Skills with AWS GovCloud (US)
AWS GovCloud (US) will continue to bring customers the innovative services and features needed to support transformation and modernization journeys. For instance, AWS is helping customers build an IT workforce that genuinely understands cloud technologies and the new opportunities they create to support more resilient and capable operations. In fact, at re:Invent 2020, AWS announced its commitment to helping 29 million people grow their technical skills with free cloud computing skills training.
“AWS was the first cloud service provider accredited to support government and workloads across the full range of government data classification—from unclassified to top secret. We are proud to be the leading provider of cloud services for the federal community and are excited to see the innovations our national government customers create on AWS,” concludes Brooks.
For more information, click here.