Amazon is in the process of building an AWS GovCloud data center in the east of the United States, hoping for the service to become available early next year.
Although identical in most ways to the company’s public cloud, GovCloud is exclusive to North America, isolated from other AWS regions and specifically designed to host sensitive data, meeting the US government’s stringent compliance requirements.
The first GovCloud data center, US-West, was built in 2011, with the location kept secret for security reasons.
Up to scratch
Regulations met by the upcoming data center include:
- The International Traffic in Arms Regulations (ITAR), the stipulations set out by the National Institute of Standards and Technology (NIST) regarding competitiveness and cybersecurity;
- The Federal Risk and Authorization Management Program (FedRAMP), the regulation written specifically to legislate the use of cloud by federal agencies;
- The DoD cloud security impact levels 2-4, Defense Federal Acquisition Regulation supplement (DFARs), which regulates how federal agencies acquire goods and services using public money;
- The Internal Revenue Service Publication 1075 (IRS-1075) , which ensures the protection of federal tax information;
- The criminal justice information services (CJIS) requirements. These are the result of a joint program between the FBI, state identification bureaus and the CJIS, and stipulate the security precautions one must take to protect information gathered by local, state and federal criminal justice and law enforcement agencies;
- The Health Insurance Portability and Accountability Act (HIPAA), designed to protect patient data through physical, network and process security measures;
- And finally, FIPS 140-2, which defines requirements and standards for cryptographic protection applied to hardware and software, to protect confidential information.
The service is available to vetted US citizens that are either members of government agencies or contractors required to comply with government regulations, such as NASA, the CIA and the CSRA, an IT services provider to the US federal agencies. Amazon previously denied claims that the CIA used its services when reports emerged in 2013 that the agency would be spending up to $600m with the cloud provider over 10 years.
In accordance with the federal data center consolidation framework laid out during president Obama’s first term, reaffirmed and updated over the course of his presidency and supported by new head of state Donald Trump (although this was not always a given), using cloud services rather than in-house facilities is a desirable option for federal agencies, bringing advantages in terms of cost, latency and scalability. This is especially true considering how only a handful of agencies are set to deliver on their consolidation pledges by the proposed deadline.