Category: Management & Governance

Moving digital assets to the cloud is one of the first steps governments can take to secure their public services against large-scale disruptions. But according to our customers, this journey often brings challenges and roadblocks that are organizational rather than technical. Learn key takeaways from our engagements with public sector customers that can help you better prepare for this transformation.

Many organizations may not fully recognize or calculate the true costs of workload resiliency decisions. These true costs include the full spectrum of costing considerations that make up a decision, from readily-determinable accounting costs to less-recognizable intangible costs. As public sector organizations often have limited resources and complex missions, it’s important to understand the true costs and economic impact involved in a resiliency decision; this can help these organizations to both prepare and plan with their available resources.

Many public sector organizations that are moving to the cloud often misunderstand that the architecture of AWS Regions and Availability Zones fundamentally changes how they should think about disaster recovery and resiliency. In this blog post, I share some best practices to answer common questions about building highly available workloads, and share some ways to consider high availability, disaster recovery, and application resiliency within AWS.

Managing donors, members, and constituents is essential to the success of most nonprofits. Customer relationship management (CRM) systems, like the no-cost, nonprofit-focused CiviCRM, are an important part of this process. In this post, learn how to deploy CiviCRM using AWS, and explore an architecture for deploying CiviCRM in a way that is highly available and resilient to service disruptions or events.

AWS announced the launch of the Cloud Audit Academy (CAA) for Federal and DoD Workloads (FDW) in AWS. This is a two-day accelerated training course to educate customers on how to leverage AWS services to assist with US Federal and Department of Defense (DoD) security and compliance requirements. This training course also qualifies for 12 hours of continuing professional education (CPE). Register at no cost today.

Today, AWS announced Continuity of Government IT on AWS (CGIT), a comprehensive cloud-based solution guide that enables governments to protect their digital assets and services during disruptions of any kind. Governments can use CGIT to retain the integrity of critical datasets, back up applications, and transfer services to run in the cloud, reducing the risk of compromise and enabling continuity of government.

Virtually all federal, state, and local government agencies are subject to various data retention and records management policies, regulations, and laws. AWS Wickr provides federal agencies with an innovative solution that can help them build public trust by protecting sensitive communications, while supporting the capture and management of records.  

The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.

To help our Australian customers, AWS provides pre-built conformance packs for the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model and the ACSC Information Security Manual (ISM). The ACSC’s Essential Eight was first published in 2017 and is a set of prioritised security mitigation strategies designed to help protect organisations against various security threats. In this blog post, I walk you through how to set up a conformance pack in AWS Config that is designed to help you implement and track the ASCS Essential Eight model.

AWS Training and Certification is now offering a new foundational training course on AWS GovCloud (US) as part of their no-cost training webinar series. Introduction to Governance and Compliance in AWS GovCloud (US) Regions is a training workshop for those looking for a solution to host sensitive data and regulated workloads, or IT professionals just looking to learn more about AWS GovCloud (US). This new live training webinar dives into the basics of how AWS and AWS GovCloud (US) Regions address these stringent security, compliance, and governance requirements.