Security Blog

Your source for information security news and views.

Amazon takes aim at cloud compliance issues with GovCloud

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Thursday, 18 August 2011 in MyBlog

Compliance is never easy and cloud computing only adds to the challenge of keeping up with standards and regulations. Until now U.S. government agencies have found it difficult if not impossible to get their sensitive information onto the cloud despite federal programs aimed at doing just that. The issue has always been with compliance and security. The management of sensitive data has strict regulatory requirements that must be followed in order to protect information.

A few of those important regulatory requirements are location and access control. Sensitive data from U.S. agencies is required to be stored within US boundaries and only be accessible by users residing within the U.S. With most cloud services spanning across a few continents the challenge of keeping that data contained is nearly impossible.

Amazon Web Services hopes to defeat this challenge with their newly announced GovCloud offering.

A description from Amazon Web Services about GovCloud:

AWS GovCloud is an AWS Region designed to allow US government agencies and contractors to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. Previously, government agencies with data subject to compliance regulations such as the International Trade and Arms Regulation (ITAR), which governs how organizations manage and store defense-related data, were unable to process and store data in the cloud that the federal government mandated be accessible only by U.S. persons. Because AWS GovCloud is physically and logically accessible by U.S. persons only, government agencies can now manage more heavily regulated data in AWS while remaining compliant with strict federal requirements.

The new service is also compliant with FISMA, SAS-70, ISO 27001, FIPS 140-2 compliant end points, PCI DSS Level 1, and HIPAA. This will most definitely make compliance auditing far less taunting and increase security of data in the cloud. Hopefully this new service will lead more federal agencies to begin joining in the cloud movement and finally begin to fulfill goals outlined in Vivek Kundr's Federal Cloud Computing Strategy.

Patrick Snyder has not set their biography yet


Please login first in order for you to submit comments