Amazon Expands Its Cloud Services to the U.S. Military

Computer tech support experts with the Army Reserve answer calls during an Enterprise Email Migration at U.S. Army Forces Command.

U.S. Army Reserve Command by Timothy Hale

AA Font size + Print

Computer tech support experts with the Army Reserve answer calls during an Enterprise Email Migration at U.S. Army Forces Command.

The Defense Department's unclassified data will now be stored in an Amazon-built cloud, marking a big step forward eliminating old, redundant systems. By Frank Konkel

Amazon Web Services has become the first commercial cloud provider authorized to handle the Defense Department’s most sensitive unclassified data.

Today’s announcement that AWS has achieved a provisional authority to operate under DOD’s cloud security model at impact levels 3-5 is a major win for the company, as it allows DOD customers to provision commercial cloud services for the largest chunks of their data.

In technical speak, the provisional ATO granted by the Defense Information Systems Agency means DOD customers can use AWS’ GovCloud – an isolated region entirely for U.S. government customers – through a private connection routed to DOD’s network. DOD customers can now secure AWS cloud services through a variety of contract vehicles.

In layman’s terms, AWS is the first company with the ability to take any and all of DOD’s unclassified data to the cloud.

“In a nutshell, we’re very excited to announce we’ve received the DOD provisional ATO through impact levels 3-5 – we’re the first commercial cloud provider to achieve this,” Teresa Carlson, vice president for AWS’ worldwide public sector, told Nextgov. “I think it highlights our continued commitment to being a leader in cloud computing. This opens up a whole new world of opportunities for DOD to do what other groups have been doing.”

Indeed, AWS recently launched a private cloud for the Central Intelligence Agency to service the intelligence community, and other cloud providers have been busy picking up new business in the civilian government where billions of dollars are up for grabs.

AWS was one of the first cloud providers to meet the Federal Risk and Authorization Management Program, the government’s baseline security standards for cloud computing. The company was also one of three firms to meet DISA’s cloud security requirements at impact levels 1-2, which govern the agency’s least sensitive data. DISA’s cloud security model includes many additional requirements on top of what is required by FedRAMP.  

Yet, civilian agencies that do not grapple with as many data sensitivity issues as DOD, have been pulling off sometimes large-scale cloud efforts while DOD lagged behind in its efforts.

Its cloud security model could still change, but in a recent speech, DOD Acting Chief Information Officer Terry Halvorsen said the department plans by September to announce five cloud pilots for its sensitive data. The focus, he said, would be on government-only clouds developed by the private sector. Regardless of how DISA proceeds, it appears AWS is primed to address its needs.

“There were many additional controls we had to meet, and it’s tough, but DISA needs it to be tough,” said Carlson, hinting that AWS’ next step is meeting requirements at impact level 6, which govern classified DOD data.

“Our goal is to meet every standard the federal government has for their data,” she added. “Obviously, that means the ability to work at all levels.” 

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download
  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

    Download
  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download

When you download a report, your information may be shared with the underwriters of that document.