Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector Summit 2017

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Keith Brooks – AWS Manager, AWS GovCloud (US)

June 13, 2017

Is AWS GovCloud (US) Right for Your Regulated Workload?

Why Public Sector is adopting Cloud

Pave the way for innovation Make the world a better place

It offers:

• Disruptive innovation

• Agility

• Twenty-first century capability

• New skills

• Cost savings

It enables:

• World-changing projects

• Economic development

• Citizen services and

engagement

• Research and education

What requirements influence Public Sector

adoption of Cloud?

AWS GovCloud (US) is an isolated AWS Region

Intended for customers with strict regulatory and compliance

requirements and sensitive data or workloads

US Government laws Security standards Compliance programs

Addresses multiple US regulations, policies, and security requirements

16 Regions

42Availability

Zones

88Edge

Locations

AWS GovCloud (US) differentiated features

Physical and logical isolation Unique credentials Dedicated AWS

Management Console

AWS GovCloud (US) differentiated features

Managed by U.S. Citizens

on U.S. soil

Community Cloud with

vetted account holders

AWS GovCloud (US) is compliance in the Cloud

International Traffic and

Arms Regulation

DOD Security

Requirements Guide IL 2-4

SP 800-53 (rev 4)

SP 800-171

Criminal Justice Information

Service Security Policy

Federal Information

Processing Standard PubDefense Federal

Acquisition Regulation

Supplement

IRS – 1075

(Section 6103 (p))

FedRAMP

Moderate and High

AWS GovCloud (US) is compliance in the Cloud

Family Educational

Rights and Privacy Act

International Organization

for StandardizationAICPA Service Organization

Control Reports

Payment Card Industry

Data Security Standard

Export Administration

RegulationHealth Insurance Portability

& Accountability Act

18 FedRAMP High JAB authorized AWS services

Amazon

EC2

ELBELB Amazon S3 Amazon Glacier IAM

Amazon

RDS

VPC

Amazon VPC

AWS

KMS

Amazon

DynamoDB

SQSAmazon

SQSAWS

CloudTrail

SNSAmazon

SNS

Amazon

Redshift

LOGSAmazon

CloudWatch

Amazon

EMR

SWFAmazon

SWF

Amazon EBS

CFAWS

CloudFormation

Ashley Mahan, FedRAMP Agency Evangelist

FedRAMP BY THE NUMBERS

Theprogramhasbeen

inexistencefor5years,formally

launchinginJune2012

5 YEARS

Wecurrently

have

authorized

CloudServiceProviders

82 33%

33%ofthosethatare

authorizedaresmallbusiness

WehaveDOUBLEDthe

numberofcloudprovidersand

authorizationseachyearsincelaunch

471

Sinceinception,

agencieshavere-usedauthorizations

times

Thatmeanseveryauthorizationhasbeenreused

approximately

5x

155 43108

FedRAMP Accelerated demonstrated the PMO’s ability to reduce JAB authorization timelines by over 75%.

Transformed t he ATO Process t o Take Less Than 6 Mont hs

▪ ReducedTimelinesfrom18-24monthsdowntoapproximately4monthsonaverage▪ Stillmaintainedthesamelevelofrigorinreviewsaspreviousprocess▪ IncreasedsecurityreviewsbyincorporatingContinuousMonitoringintoprocess

Key Element of Success was FedRAMP Ready

▪ ManyCSPsbeginunawareofwhatgapsexistwithintheirsystem▪ ThisresultsinunforeseencostsandtimeforCSPsintheauthorizationprocess▪ TheFedRAMPReadinessAssessmentReporthelpsidentifyaCSP’ssecurityimplementationsupfrontintheprocess-forgov’ttounderstandsuccesslikelihood,andaCSPtouseasaselfassessment

FedRAMP STRAGEIC INITIATIVE: FedRAMP ACCELERATED

High impact systems are systems that contain high impact data according to the Federal Information Processing Standard (FIPS) 199.

FIPS199categorizesdataaccordingtothreeuniqueelements:▪ Confidentiality▪ Integrity▪ Availability

Insimpleterms,ifanyofthoseelementswereimpacted,itwouldposeasevererisktolife,limb,orfinancialruin.▪ Bydefinition,thismeansanyimpactwouldhaveasevereorcatastrophicadverseeffectonorganizationaloperations,organizationalassets,orindividuals.

Typicalhighimpactsystemsinclude:▪ Lawenforcementsystems▪ Healthsystems▪ FinancialsystemsHIGHBASELINEDEMANDACROSSUSG

FedRAMP STRATEGIC INITIATIVE: FedRAMP HIGH BASELINE

FedRAMP Tailored adds “tailored” processes and baselinesto FedRAMP’s current “one-size-fits-all” baselines

▪ FedRAMP was originally built around enterprise-wide solutions that would cover the broadest range of data types for cloud architectures and low, moderate, and high impact

▪ FedRAMP tailored addresses low risk use SaaS —focusing on things like collaboration, project management, and open-source code development

FedRAMP STRATEGIC INITIATIVE: FedRAMP TAILORED

Why AWS GovCloud (US)?

What AWS GovCloud (US) enables for customers

Isolated, secure, and compliant IaaS and services

What AWS GovCloud (US) enables for customers

Built for sensitive and regulated data including CUI

What AWS GovCloud (US) enables for customers

Mission and business critical workload delivery

What AWS GovCloud (US) enables for customers

Benefits of the AWS Cloud tailored to Government

and regulated industry

Types of organizations using AWS GovCloud (US)

US Government

Federal, state, and local

Consulting firms and

systems integrators

Technology firms

and ISVs

Education

institutions

Research

organizations

Regulated industries(Aerospace, Defense, Energy,

Manufacturing, Healthcare)

Nonprofit

organizations

Managed service

providers

AWS GovCloud (US) growth since 2011

2011 2012 2013 2014 2015 2016

185% compounded annual growth rate**As of December 31, 2016

Workloads appropriate for AWS GovCloud (US)

Web applications

and websites

Backup, recovery

and archiving

Disaster recovery Development

and test

Big dataHigh-performance

computingEnterprise IT MobileMission critical

applications

Data center migration

and hybrid

Requirements for access to AWS GovCloud (US)

Account holder must be a US Person

(defined as a US citizen or a Green Card holder)

US entity incorporated to do business in the United

States and is based on US soil

Can handle export control data

Learn more: https://aws.amazon.com/govcloud-us/getting-started/

How to get started with AWS GovCloud (US)

Best practice: Create a new AWS account for GovCloud use

1. Sign in to the AWS Management Console as root user

2. Navigate to the Account Settings page

3. Click the Sign Up for AWS GovCloud (US) button and follow the

instructions to request access.

Resellers contact your AWS business representative to get started

Learn more about AWS GovCloud (US)

AWS GovCloud (US) homepagehttps://aws.amazon.com/govcloud-us/

AWS GovCloud (US) User Guidehttp://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html

Keith BrooksAWS GovCloud (US)

Manager – Business Development

[email protected]

Thank You!