AWS and Microsoft get FedRAMP approval for sensitive cloud data
Another day, another piece of good news for both Microsoft Azure and Amazon Web Services (AWS); the vendors are two of three companies which have been given authority by the US government for federal agencies to use them for sensitive cloud data.
Azure and AWS, alongside CSRA’s ARC-P IaaS, have been given the green light under the new FedRAMP High Baseline requirements. The full, mammoth spreadsheet documenting each guideline can be found on the FedRAMP website (XLS), but at a general level the requirements enable government bodies to put ‘high impact’ data – including data which involves the protection of life and financial ruin – in the cloud.
Chanelle Sirmons, communications lead for FedRAMP, explained in an official post: “While 80% of federal information is categorised at low and moderate impact levels, this only represents about 50% of federal IT spend. Now that FedRAMP has set the requirements for high impact levels, that breaks open the remaining 50% of the $80 billion a year the US government spends on IT that could potentially move to the cloud securely.”
“We are pleased to have achieved the FedRAMP high baseline, giving agencies a simplified path to moving their highly sensitive workloads to AWS so they can immediately begin taking advantage of the cloud’s agility and cost savings,” said Teresa Carlson, AWS VP worldwide public sector in a statement. A statement from Microsoft read: “Microsoft remains committed to delivering the most complete, trusted cloud platform to customers. This accreditation helps demonstrate our differentiated ability to support the unique needs of government agencies as they transition to the cloud.”
Amazon and Microsoft have had their clouds FedRAMP accredited since June and October 2013 respectively – back when the latter was still known as Windows Azure – while ARC-P was the first vendor to receive the federal stamp of approval in 2012. Three years on, this represents a major step forward for government use of cloud technologies.
- » Check Point exposes yet more shared responsibility misunderstandings for cloud security
- » Alibaba Cloud looks to integrated and intelligent future at Beijing summit
- » Why the future of application deployment is not a binary choice
- » Red Hat: On bridging between the first wave of cloud and next generation platforms
- » Addressing cloud sprawl: Combining security best practices with business foundations