Keith Brooks is director of technical business development at Amazon Web Services (AWS), based in Washington, D.C. He was previously a Big 4 consulting firm senior strategy and technology consultant.
It’s hard to fully appreciate how much government technology has evolved in the 10 years since the launch of AWS GovCloud (US), the first cloud region specifically designed to meet the federal government’s security and compliance needs. The vision then, and now, is to enable government agencies and their commercial partners to innovate — without having to sacrifice the speed, scale, and agility the cloud enables in order to comply with security regulations. Put another way, AWS GovCloud (US) was designed to give these organizations the best of both worlds.
Looking back, the launch of AWS’s first AWS GovCloud (US) Region in August 2011 and a second dedicated region in November 2018 reflect an extraordinary journey by a diverse group of dedicated engineers and public servants. That journey wasn’t only about helping organizations move back-office applications and sensitive data securely to the cloud. AWS GovCloud (US) also represented a deeper and lasting commitment to give agencies and their contractors the tools and solutions to address mission-critical functions — and begin to innovate in ways they couldn’t using traditional on-prem systems.
This journey required a deep understanding of government agencies’ critical mission functions, as well as the many layers of regulatory, security, and compliance policy frameworks by which these organizations are bound. Some of these frameworks include:
- International Traffic in Arms Regulations (ITAR), which controls the export of sensitive defense and military data, information, and technology.
- The Federal Risk and Authorization Management Program (FedRAMP), which promotes and authorizes standardized and secure cloud service offerings for federal agencies to address FISMA requirements in the cloud.
- Department of Defense (DoD) Cloud Computing Security Requirements Guide (DOD SRG), which standardizes the security assessment and authorization process for sensitive Defense Department data and systems operating in the cloud.
- Cybersecurity Maturity Model Certification (CMMC), the Defense Department’s comprehensive cybersecurity program to protect sensitive information across the Defense Industrial Base.
- Criminal Justice Information Services (CJIS), which governs the security of criminal justice information services for federal and state and local law enforcement.
- IRS-1075, which protects federal tax information.
- FIPS 140-2, which specifies cryptographic security requirements to protect sensitive U.S. government information.
- Health Insurance Portability and Accountability Act (HIPPA), which protects the processing and storage of health information.
These frameworks are more than just extra layers of code or protections; they reflect both the near-term ability to help government agencies accomplish more without taking on greater risks, as well as the long-term capability to innovate and tackle big ideas at scale with security in mind.
AWS GovCloud (US) provides a highly secure, state-of-the-art technology environment, with the latest cloud services and features for virtually every executive branch department as well as agencies like the U.S. Census Bureau and federally funded research and development centers like NASA JPL. It also provides those same services to U.S. federal contractors like Lockheed Martin, Raytheon and GDIT and technology solution providers like SAP NS2, Salesforce, and Splunk.
More than that, AWS provides unrivaled experience in guiding agencies and highly regulated entities to think big, innovate, and move forward more rapidly to deliver their missions.
AWS CEO Andy Jassy, who founded Amazon’s cloud service platform in 2006 and who has been chosen to take the helm at Amazon as CEO this fall, has a frequent saying: “There is no compression algorithm for experience.”
AWS’s experience runs wide and deep. One measure of that experience is reflected in the fact that no technology provider comes close to having the number of FedRAMP Authorizations to Operate (ATO) as AWS GovCloud (US) — more than 376 authorizations at last count. More than 115 government agencies make use of those services, and several dozen technology partners have FedRAMP Moderate and High products and services authorized on AWS GovCloud (US), according to FedRAMP’s tally.
Another example of that experience is reflected in how technology providers such as Salesforce have partnered with AWS GovCloud (US) to adapt their customer relationship management (CRM) solutions — originally delivered as a service to government agencies on premises — and make them available in a highly secure, FedRAMP High-authorized cloud environment. That move helped agencies adapt suddenly to the pandemic, and it helped Salesforce accelerate the pace of upgrades and enhancements it offers to federal, state and local government agencies.
What propels all of this innovation is the fact that roughly 90% of our roadmap for AWS GovCloud (US) comes directly from customer input. And what we are seeing and hearing is exciting: Agencies are innovating with high performance computing and machine learning; running advanced analytics at a massive scale; testing innovative mobile solutions; developing new ways to harness the Internet of Things; and enabling new air, space and satellite capabilities with the cloud.
To agencies asking how to deliver their missions with greater innovation and the security they need, my advice is to think big, explore the art of the possible and consider using AWS not just as a short-term solution but as a long-term, experienced partner to help you accomplish those big and bold ideas.
Learn more how AWS GovCloud (US) can help accelerate your organization’s mission initiatives.
Read more insights from AWS leaders on how agencies are using the power of the cloud to innovate.