Amazon Expands Its Cloud Services to the U.S. Military

Computer tech support experts with the Army Reserve answer calls during an Enterprise Email Migration at U.S. Army Forces Command.

U.S. Army Reserve Command by Timothy Hale

AA Font size + Print

Computer tech support experts with the Army Reserve answer calls during an Enterprise Email Migration at U.S. Army Forces Command.

The Defense Department's unclassified data will now be stored in an Amazon-built cloud, marking a big step forward eliminating old, redundant systems. By Frank Konkel

Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data.

Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data.

In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles.

In layman’s terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud.

“In a nutshell, we’re very excited to announce we’ve received the DOD provisional ATO through impact levels 3-5 – we’re the first commercial cloud provider to achieve this,” Teresa Carlson, vice president for AWS’ worldwide public sector, told Nextgov. “I think it highlights our continued commitment to being a leader in cloud computing. This opens up a whole new world of opportunities for DOD to do what other groups have been doing.”

Indeed, AWS recently launched a private cloud for the Central Intelligence Agency to service the intelligence community, and other cloud providers have been busy picking up new business in the civilian government where billions of dollars are up for grabs.

AWS was one of the first cloud providers to meet the Federal Risk and Authorization Management Program, the government’s baseline security standards for cloud computing. The company was also one of three firms to meet DISA’s cloud security requirements at impact levels 1-2, which govern the agency’s least sensitive data. DISA’s cloud security model includes many additional requirements on top of what is required by FedRAMP.  

Yet, civilian agencies that do not grapple with as many data sensitivity issues as DOD, have been pulling off sometimes large-scale cloud efforts while DOD lagged behind in its efforts.

Its cloud security model could still change, but in a recent speech, DOD Acting Chief Information Officer Terry Halvorsen said the department plans by September to announce five cloud pilots for its sensitive data. The focus, he said, would be on government-only clouds developed by the private sector. Regardless of how DISA proceeds, it appears AWS is primed to address its needs.

“There were many additional controls we had to meet, and it’s tough, but DISA needs it to be tough,” said Carlson, hinting that AWS’ next step is meeting requirements at impact level 6, which govern classified DOD data.

“Our goal is to meet every standard the federal government has for their data,” she added. “Obviously, that means the ability to work at all levels.” 

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.