Learn More about What makes Amazon Web Services (AWS) GovCloud Different.
July 6, 2021
When researching cloud solutions you may have encountered the term GovCloud. It seems obvious that Amazon’s GovCloud is designed for government agencies, but the specifics on how it’s distinct from other AWS regions may not be so clear.
Amazon GovCloud is an isolated Amazon Web Services environment that meets US federal agencies’ specific regulatory and compliance needs. Added layers of security allow government agencies to move sensitive workloads to the cloud within the scope of their more stringent data and information handling policies. Additionally, the AWS GovCloud is exclusively operated on U.S. soil by employees who are U.S. citizens.
- Federal Risk and Management Program (FedRAMP) Certified at the High Impact Level
- International Traffic in Arms Regulations (ITAR) Compliance
- GovCloud specific Multi-Factor Authentication
- FIPS 140-2 approved cryptographic modules for all AWS service API endpoints
- GovCloud can only be administered by vetted U.S. citizens
- Physically & Digitally separate from all non GovCloud environments
- Restricted Access for U.S. Persons only
- GovCloud customers are verified at sign up
Is GovCloud more secure than the AWS Public Cloud?
Yes and No. Both the AWS GovCloud and the Public Cloud are highly secure platforms. They are continuously monitored, tested, and fortified to deal with the latest cyber threats. Additionally, GovCloud offers the same security controls and certifications that other AWS environments use.
However, the AWS GovCloud does have additional security measures in place that are specifically designed to protect controlled, classified information. These include things like FIPS 140-2 approved cryptographic modules, isolated authentication, and the fact that the AWS GovCloud is physically and digitally isolated from the public cloud. However, in the grand scheme of things, cloud security is a shared responsibility between the cloud provider and the end-users. If your team does not follow your security policies regarding accessing and working within your cloud environment, they pose a security risk. Most breaches are a result of human error or negligence, meaning that a cloud environment is only as secure as you make it.
Who Uses the GovCloud?
GovCloud is designed to meet the needs of US government agencies at the federal, state, and local level, government contractors, educational institutions, and other U.S. customers who deal with sensitive information. One of the primary features of the GovCloud is that it is restricted to U.S. citizens. This is designed to further protected classified or sensitive government information. To use the GovCloud, your organization will be reviewed to ensure it is a U.S. entity and that your site will be administrated by a U.S. person (citizen or green card holder).
If I’m a Government Entity do I Need to Use the GovCloud?
No. AWS GovCloud is architected for entities that choose to, or are required, to utilize a U.S. person’s only cloud environment. If your agency or organization does need the additional compliance offerings of the AWS GovCloud, you can use a different AWS environment. GovCloud environments can be more expensive to use due to the higher cost of operation. If you only need FedRamp authorization at the moderate or low impact level, you might consider a different AWS environment.
How do I Know what Cloud Environment is Right for my Organization?
Every organization’s cloud journey will look different. Assessing your unique needs and translating that into a bespoke cloud strategy isn’t easy. However, consulting experts with experience deploying a wide range of cloud environments is a good place to start. With the breadth of tools and capabilities offered by AWS, it’s important to find the best fit for your goals. The right cloud partner can help your migration project run smoothly and ensure you only pay for the services you actually need. Determining the type of migration (eg. simple lift and shift or full re-architecture) is the first step, but you also need to ensure the cloud environment is right. Public, private, or hybrid? GovCloud or Standard? These are all questions that an experienced cloud partner can help you answer.
How can DOMA help?
If you’d like to learn more and determine if the AWS GovCloud is right for your organization, reach out to our team at DOMA. We provide a variety of secure government services that can help you meet and maintain your compliance goals. From scanning to the Cloud, we have over 20 years of expertise building targeted solutions for federal, state, and local government, and education customers.
About DOMA- Powered by Tech, Driven by People
DOMA Technologies (DOMA) is a software development and digital transformation company whose mission is to change customer lives by lightening their workload through faster and more targeted access to their data. Since 2000, our team of 200+ experts has helped businesses navigate all aspects of the digital world. We are a dedicated strategic partner for the federal government and private sector clients at every stage of their unique digital transformation journey.
Author:
Danielle Wethington
Director of Communications
Government Solutions
Learn more about out federal solutions and how we address NARA compliance challenges.