AWS Public Sector Blog

New IDC whitepaper: How cloud drives government outcomes at scale and supports compliance with security requirements

This is a guest post by Adelaide O’Brien, research vice president at International Data Corporation (IDC) Government Insights.

A new IDC whitepaper, Government Agencies: How to Meet Security and Compliance Requirements with the Cloud, explores how, with cloud, US federal agencies can achieve meaningful digital innovation while addressing their mission needs. As more agencies migrate applications and workloads to the cloud, including their most sensitive and heavily regulated data, a key consideration is meeting federal compliance and security mandates.

Meeting security and compliance requirements when deploying cloud-based solutions is paramount. Agencies are entrusted with many kinds of sensitive information that, if inappropriately accessed, could compromise national security, financial systems, energy production, and other essential infrastructures. The responsibility to secure this information introduces unique data protection challenges.

Among the compliance and security mandates agencies must adhere to is the Federal Risk and Authorization Management Program Act (FedRAMP), which provides standardized security requirements, system compliance assessment, and adherence to cloud security standards. In addition, the Executive Order on Improving the Nation’s Cybersecurity requires proactive management and monitoring for defending the federal government from cyberthreats. Prevention, detection, assessment, and remediation of cyber incidents is a top priority for agencies and essential for national security. Agencies are required to improve the federal government’s visibility into threats, adopt widely accepted security best practices that align with established standards such as NIST 800-53, and deploy a zero trust architecture.

Agencies must strengthen fundamental areas of cybersecurity such as identity management, asset management, network security, data protection, application security, and visibility. Efforts should be integrated across on-premises and cloud environments. Managing security and compliance requirements, especially as laws and reporting mandates evolve, can be complex, tedious, and expensive.

Yet as the experience of specific agencies illustrate, the benefits of cloud are significant and far outweigh required compliance and security efforts.

Cloud enables a remote or distributed workforce and seamless employee experience anywhere

Deploying telework applications on cloud helped the U.S. Department of Justice (DOJ) Tax Division employees securely choose where they work. As part of its work, the Tax Division processes and stores a high volume of sensitive information, including taxpayer information and records. The Tax Division streamlined how employees request telework and allows managers the ability to quickly review and approve requested arrangements—all while keeping sensitive information compliant and secure. In addition to addressing stringent US government security and compliance requirements, this serverless, cloud-native architecture scales to meet spikes in annual activity when employees apply for recertification of work requests.

Cloud improves user experience through digitalization, automation, and personalization

The U.S. Census Bureau made the vision of a digital census a reality by deploying to cloud. The Census Bureau’s mission is to serve as the nation’s leading provider of quality data about its people and economy. The data collected by the Census Bureau helps determine the amount of federal funding that goes to essential services such as hospitals, schools, and local infrastructure projects. By enabling a simple cloud-based capability to filling out Census forms and making sure that the Census Bureau addresses stringent U.S. government security and compliance requirements, the federal government provides an accurate and secure nationwide count.

Cloud enables combat readiness for warfighters

The U.S. Navy’s back office on-premises systems related to technology, services, and human resources have historically been disconnected and dispersed. This approach made collecting, processing, and quickly analyzing mission-critical information a challenge. To better enable warfighters, the U.S. Navy migrated its enterprise resource planning (ERP) system serving 72,000 users and spread across six U.S. Navy commands to the cloud. Bringing this ERP system into the cloud increases visibility and availability of data so that the U.S. Navy can make timely and informed decisions regarding financial reporting and budgets as well as maintenance and repair logs. For example, the U.S. Navy now has the movement and documentation of approximately $70 billion worth of parts and goods in one accessible space, enabling this information to be uniformly protected and appropriately shared.

In addition to agency-specific benefits, the cloud also enables improved cybersecurity. A fully deployed cloud solution with network segmentation, monitoring capabilities, advanced identity management features, and encryption delivers many capabilities. Compared to legacy systems, cloud offers cybersecurity advantages such as prevention, rapid detection, and response to threats as they emerge. Cloud can also provide standardization and simpler deployment of critical security patches. Cloud enhances security on the most sensitive workloads while enabling faster innovation. Cloud-based technologies can also help agencies in their sustainability-related objectives. Cloud can help agencies to reduce both energy consumption and their carbon footprint by using fewer servers, and less power. Cloud can even help reduce carbon emissions compared to running workloads in an agency data center. These improvements are attributable to the technological advancements and economies of scale that cloud data centers bring.

Increase security, compliance, and resiliency for the most sensitive workloads

By using cloud, agencies can help support their security, compliance, and resiliency needs for their most sensitive workloads. To realize these benefits, technology leaders must implement and manage cloud strategies using best practices, the right technologies, and a development environment that takes current and future compliance needs into consideration.

To learn more, check out the IDC whitepaper Government Agencies: How to Meet Security and Compliance Requirements with the Cloud.

Read related blog posts:

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.