Expanding the Cloud - The AWS GovCloud (US) Region
Today AWS announced the launch of the AWS GovCloud (US) Region. This new region, which is located on the West Coast of the US, helps US government agencies and contractors move more of their workloads to the cloud by implementing a number of US government-specific regulatory requirements.
The concept of regions gives AWS customers control over the placement of their resources and services. Next to GovCloud (US) there are five general purpose regions; two in the US (one on the west coast and one on the east coast), one in the EU (in Ireland) and two in APAC (in Singapore and Tokyo). There are different considerations when deciding where to allocate resources with latency and cost being the two obvious ones, but compliance sometimes plays an important role as well. For example a number of our European customers are subject to data residency requirements when it comes to PII data and they use the EU Region to meet to those requirements.
Our government customers sometimes have an additional layer of regulatory requirements given that they at times deal with highly sensitive information, such as defense-related data. These customers are satisfied with the general security controls and procedures in AWS but in these more sensitive cases they often need assurances that only personnel that meet certain requirements, e.g. citizenship or permanent residency, can access their data. AWS GovCloud (US) implements specific requirements of the US government such that agencies at the federal, state and local levels can use the AWS cloud for their more sensitive workloads.
The US Federal Cloud Computing Strategy lays out a “Cloud First” strategy which compels US federal agencies to consider Cloud Computing first as the target for their IT operations:
To harness the benefits of cloud computing, we have instituted a Cloud First policy. This policy is intended to accelerate the pace at which the government will realize the value of cloud computing by requiring agencies to evaluate safe, secure cloud computing options before making any new investments
By leveraging shared infrastructure and economies of scale, cloud computing presents a compelling business model for Federal leadership Organizations will be able to measure and pay for only the IT resources they consume, increase or decrease their usage to match requirements and budget constraints, and leverage the shared underlying capacity of IT resources via a network Resources needed to support mission critical capabilities can be provisioned more rapidly and with minimal overhead and routine provider interaction.
Given the current economic climate, reducing cost within the US federal government is essential – and an aggressive move to cloud will have a substantial positive impact on the governments IT budget. The move to the cloud is projected by 2015 see a reduction of 30% in IT infrastructure costs, which amounts to $7.2 billion. The application of the Cloud First strategy across all agencies will see many cost savings similar to what the GSA saw when they moved their main portal to the cloud: a savings of $1.7M on a yearly basis while greatly improving uptime and maintainability.
With AWS’s strategy of continuous price reduction as additional economies of scale are achieved, many of these cost saving may become even more substantial without the agencies have to do anything.
Many US federal agencies are already migrating existing IT infrastructure onto the cloud using Amazon Web Services. The Cloud First strategy is most visible with new Federal IT programs, which are all designed to be “Cloud Ready”; many of these applications are launching on AWS from the start, and a number can be found on the AWS Federal use case list.
There were however a number of programs that really could benefit from the Cloud but which had unique regulatory requirements, such as ITAR, that blocked migration to AWS. ITAR is the International Traffic in Arms Regulatory framework which stipulates for example that data must be stored in an environment where physical and logical access is restricted to US Persons. There is no formal ITAR certification process, but a review of the ITAR compliance program for AWS GovCloud (US) has been conducted and resulted in a favorable letter of attestation with respect to the stated ITAR objects. This clears the path for agencies that have IT programs that need to be ITAR-compliant to start using AWS GovCloud (US) for these applications.
This new region, like all other AWS regions, provides FISMA Moderate controls and supports existing AWS security controls and certifications such as SAS-70, ISO 27001 and PCI DSS Level 1.
Government and Big Data
One particular early use case for AWS GovCloud (US) will be massive data processing and analytics. Several agencies of very different parts of the government have needs for data analytics that really put the Big in Big-Data, sometimes several orders of magnitude larger than commonly found in industry. Examples here are certain agencies that work on national security and those that work on economic recovery; their incoming data streams are exploding in size and their needs for collecting, storing, organizing, analyzing and sharing are changing rapidly. It is very difficult for an on-premise IT infrastructure to effectively address the needs of these agencies and the time scales at which they need to operate. The scalability, flexibility and the elasticity of AWS makes it an ideal environment for the agencies to run their analytics.
Often the data streams that they operate on are not classified in nature, but the combination and aggregation of these streams using complex new algorithms may fall for example under the controls of ITAR. AWS GovCloud (US) will be used by several of these agencies to help them with their Bigger-than-Big-Data needs.
As with all AWS services and regions, information on GovCloud is publicly available on the AWS website, However, given the restrictive nature of this new AWS Region, customers will need to sign an AWS GovCloud Enterprise agreement that requires a manual step beyond the usual self-service signup process. To make use of the services in this region, customers will use the Amazon Virtual Private Cloud (VPC) to organize their AWS resources.
As the name of the region already suggests, we do not envision that over time GovCloud will address only the needs of the US Government and contractors. We are certainly interested in understanding whether there are opportunities in other governments with respect to their specific regulatory requirements that could be solved by a specialized region.
For more details on the AWS GovCloud (US) visit the Federal Government section of the AWS website and the posting on the AWS developer blog.