FedRAMP seal of approval clears Amazon for more government work

Amazon Web Services can now claim a rare blessing among cloud providers: it has earned the FedRAMP accreditation that certifies that it has met a variety of security standards. That certification, which covers AWS GovCloud as well as Amazon’s other U.S. regions, should make it easier for state, local and government agencies to put workloads on Amazon’s public cloud infrastructure without having to jump through so many hoops.

Amazon Web Services VP Adam Selipsky.

Amazon Web Services VP Adam Selipsky.

FedRAMP, which stands for the Federal Risk and Authorization Management Program, “is a U.S. government-wide standardized approach to security assessment, authorization and monitoring,” said Adam Selipsky, VP of AWS. If a service gets certified by FedRAMP for use by one agency, it will be easier for other government organizations to adopt it as well, he said.

In government parlance, Amazon now has a three-year “Authority to Operate,” or ATO. That certifies that a range of government data can be stored or processed on Amazon infrastructure. Companies seeking FedRAMP certification typically work with a sponsor agency, which in Amazon’s case was the Department of Health and Human Services.

HHS has used AWS to run for the Centers of Disease Control’s BioSense program for tracking health problems in the U.S. and for the National Database for Autism Research. 

FedRAMP blessing greases the skids for more government use

AWS now has both a FISMA (Federal Information Security Management Act) Moderate and a FedRAMP Moderate ranking.The latter designation means that ”sensitive data” can be stored and managed on AWS infrastructure.

“This is a journey, a sliding scale. Sensitive data is a term of art used in government. Even more top secret categories of data require additional certifications,” Selipsky said.

To date, exactly one cloud provider — Autonomic Resources, a small North Carolina company — had earned the FedRAMP seal of approval from the General Services Administration. Now AWS is in the mix, but the two companies won’t have the arena to themselves for very long. Up to 15 providers are expected to clear FedRAMP hurdles this year with double that number expected to do so in 2014 when FedRAMP certification becomes mandatory, according to Federal Computer Week,

AWS is the kingpin in public cloud infrastructure where it’s had a 6 year head start. But now enterprise-focused rivals — VMware will announce its AWS response on Tuesday, HP and Rackspace have rolled out their own public clouds. An early FedRAMP certification which should make government IT types feel better about deploying work on AWS, may well be another early-mover advantage.

Amazon CTO Werner Vogels may well talk about the importance of public sector workloads when he speaks at GigaOM Structure next month in San Francisco.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Cloud computing infrastructure: 2012 and beyond
  • Quality of the cloud: best practices for ISVs
  • The fourth quarter of 2012 in cloud

    


GigaOM