Category: Security, Identity, & Compliance

As governments around the world digitize services, individuals are required not only to prove their identities, but to do so on digital channels. This is a challenge not only for people without legal ID, but also for individuals with ID documents that are hard to use digitally. Cloud-based digital ID systems can be a solution to this challenge. Plus, digital ID creates a robust scope of benefits — and cloud-based approaches to implementing these systems provide the speed, scale, and security needed for digital ID to succeed.

In this blog post series on getting started building a data lake for healthcare with AWS, I focus on improving the security posture of our example build by incorporating the relatively new Attribute Based Access Control (ABAC) feature of Amazon Cognito. This helps to both streamline and improve the granularity of access control for various user profiles connected to our data lake scenario.

A growing number of healthcare providers, payers, and IT professionals are using AWS’s secure, flexible, and scalable utility-based cloud services to process and store data including personal data. AWS provides a number of industry-leading tools to support customers address local regulatory and legislative requirements, including the German Digital Supply Act (DVG) and associated Digital Health Applications Ordinance (DiGAV), as they move healthcare workloads to the cloud.

Earlier this year, the Australian Bureau of Statistics (ABS) ran the Australian Census, the agency’s most significant workload, on Amazon Web Services (AWS). The Census is the most comprehensive snapshot of the country, and includes around 10 million households and over 25 million people. With the COVID-19 pandemic causing lockdowns across the country, ABS needed a digital option for the Census that was accessible and reliable for millions of people. They turned to the cloud.

Ten years ago, the federal government was only just beginning to adopt cloud computing services. In the early days, there were concerns about how much cloud services would cost and whether they’d be secure enough for sensitive government data. In listening to our government customers, we heard their concerns about cost and security. They also needed to innovate ahead of demand, and required a highly secure and compliant infrastructure to do it. That’s why we launched AWS GovCloud (US) in 2011.

To offer security conscious enterprises and government agencies the ability to implement important governance and security controls, AWS acquired Wickr in June of 2021. Wickr helps organizations protect their collaboration with a secure and compliant solution. Built with a security-first mindset, Wickr delivers advanced security features not available with traditional communications services.

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

President Biden’s executive order emphasizes the need to elevate information security as a core tenet of national security, and calls on federal agencies and public sector organizations to work with the private sector to prioritize the data security and privacy of the American people and government. AWS and AWS Partners can help government agencies align with the initiatives in this executive order.

After Rockdale County, Georgia was the victim of two cyber attacks, the jurisdiction turned to the cloud to strengthen the county’s security position. They worked with AWS Partner Tyler Technologies, Inc. to help with their migration, which not only enhanced data security and continuity of operations, but also reduced network downtime by 99 percent, while streamlining budgeting and reducing the IT staff’s burden.

Accreditation programs and the organizational models that support them are priority considerations for public sector managers who are modernizing their IT. But managers often consider risk and compliance issues too late in the planning stage. Here are some key principles that can prevent accreditation-related issues from becoming a roadblock to cloud adoption.