AWS and Azure get the highest federal security rating: What happens from here?
Cloud services have been able to store customers’ data for many years now, but the number of prospective clients for several vendors has recently dramatically increased.
Back in late June, the announcement was made that three vendors had received special certifications from the federal government, allowing them to store sensitive data that the government had on hand. Two of those providers are among the most popular within the cloud market, Amazon Web Services (AWS) and Microsoft Azure, while the third is CSRA’s ARC-P IaaS, a vendor that might not be as universally known as the others but still carries enough weight for those in the know. The news was certainly noteworthy for those providers, but it also has tremendous implications for federal agencies as well as the cloud market as a whole.
The federal government is no stranger to storing data using other cloud vendors. The majority of cloud providers knew this early on and even provided special services specifically tailored for government needs. Back in 2011, for example, Amazon launched its AWS GovCloud. Microsoft also started a similar service. The idea was for government agencies to use the cloud to store data of various types. Thousands of government customers quickly hopped on board with the idea, but as helpful as the service was, the most sensitive information the government had still couldn’t be placed on the cloud, at least not until rigorous security standards were met.
A newly created list of requirements was made under the Federal Risk and Authorization Management Program (FedRAMP) called the High Baseline. It contains more than 400 standards set by the National Institute of Standards and Technology that cloud providers would have to meet in order to receive certification allowing it to store sensitive government data. That’s been the goal providers like Amazon and Microsoft have been working toward - being able to qualify for what would be a new influx of government customers. Those providers could already store about half of what the federal government’s IT spends on information, but the other half could be opened to them if their security standards were raised. Based off the announcement, the government says the three named vendors have cleared the bar.
So what types of data will the government be able to store in the cloud? The announcement states that the data in question is considered highly sensitive but unclassified. This includes but is not limited to things like financial data from agencies, patient medical records – likely from healthcare programs run by the government – and even law enforcement data. Most data of this sort is considered of high importance if its leak or theft were to be a great detriment to an agency’s operations, clients, resources, or employees.
The announcement is certainly big news for government agencies as being able to store government data securely will make their jobs much easier. But that’s not the only area that will benefit greatly. The cloud market itself stands to gain quite a bit from the news. For many years, as the cloud has picked up steam and grown in popularity, those organisations that have been reluctant to transition to cloud services have often cited concerns over cloud security.
It’s not easy to hand over potentially sensitive information to a third party, and many executives wanted to know their data would be in good hands. Cloud providers have answered many of those concerns with greater attention being placed on security improvements, but doubts persisted among businesses of all types. With the news that the federal government is willing to trust some cloud providers with highly sensitive data, it shows a great degree of confidence being placed on vendors’ ability to protect information. This can lead to more companies turning to the cloud for flash storage needs.
Security standards from the government have now been met by some of the most popular cloud providers, allowing them to house sensitive government data. With the standards established, we may see other providers work hard to improve their own security so that government agencies can consider them for data storage purposes. Considering how competitive the cloud market is, it would be a wise move for providers to ensure they can work with as many clients as possible.
- » RightScale State of the Cloud 2019: Azure gains again, cost optimisation key, PaaS explodes
- » Continuous compliance, continuous iteration: How to get through IT audits successfully
- » Monitoring cloud app activity for better data security: Five key tips
- » AWS will support NVIDIA’s T4 GPUs focusing on intensive machine learning workloads
- » Why standardisation is good for NetOps: Innovation instead of impediment