AWS Storage Blog

AWS Backup is now FedRAMP High approved for your compliance and data protection needs

Meeting compliance is an important consideration when moving data to the cloud, and data protection is a key requirement when gaining approval for regulated workloads. On March 29, 2021 AWS Backup was granted the FedRAMP High Authority to Operate (ATO) by the JAB (Joint Authorization Board) in AWS GovCloud (US) Regions. AWS Backup enables you to centralize and automate data protection across AWS services, and helps you support your business continuance and regulatory compliance continuity goals. FedRAMP is the Federal Risk and Authorization Management Program (FedRAMP) which provides a standardized approach to security and authorizations for cloud service offerings in use by government entities. In this blog post I cover compliance, security, how AWS Backup can help you meet the requirements for regulated workloads, and the tools AWS provides to help you meet your compliance requirements.

FedRAMP and compliance standards

With FedRAMP High approval, AWS Backup joins 125+ other AWS FedRAMP High authorized services available in AWS GovCloud (US) to build and protect compliant solutions. Apart from the AWS GovCloud (US) Regions, other AWS Regions support up to FedRAMP Moderate. AWS Backup has also passed third-party audits to meet the most frequently requested compliance standards including FINMA, DOD SRG, SOC, PCI, HIPAA, SEC 17a, and many others.

The following graphic shows a broader list of the compliance programs that AWS services support. The AWS Services in Scope by Compliance page shows a full map of AWS services to the compliance standard they meet. This gives you the building blocks to help build even more compliant technology solutions.

 

shows a broader list of the compliance programs that AWS services support (1)

AWS compliance and services in scope

Compliance

Compliance comes in many forms across industries, verticals, and countries. Making sure you are following the relevant compliance guidelines explicitly can often be a challenge. When you build solutions in your data center, you are responsible for assembling your compliance documentation for each component and vendor to ensure you meet the relevant compliance framework. With AWS, you have the advantage of building on existing compliant components to ensure you start with secure building blocks. Since AWS goes through rigorous engineering and testing to get our services certified, you can have the peace of mind that you are building with trusted and proven solutions. AWS maintains a central list of compliant documentation on the AWS Artifact page that we encourage you to leverage when building out your compliance strategy. AWS also documents our recommended best practices in the AWS Well-Architected Framework guidelines to help with compliance during implementation. AWS offers even more helpful resources to help you build compliant architectures such as this HIPAA compliance white paper along with these additional compliance resources.

Securing your data

Security and compliance are an integral part of IT solutions that are working with your most valuable asset, your data. On-premises solutions often have security offerings that can be described as “eggshell,” with the protection solely on the periphery of the data center network. With AWS, security is designed and integrated with a multi-layered approach that is built into every service. Every AWS service is designed to work together to deliver secure and compliant solutions to meet your most demanding security needs. AWS leverages the AWS shared responsibility model for security and compliance. As a customer you still have to implement a secure solution, but with AWS Managed Services, the tools are already available to meet the compliance standards of your industry.

AWS Shared Responsibility Model (1)

AWS Shared Responsibility Model

Meeting compliance and security needs using AWS Backup

AWS Backup is a critical tool in securing and protecting your data in the cloud with the ability to coordinate and manage your data protection with integration into the AWS services stack and monitoring tools. Frequently in compliance discussions, backup and data protection are an important part of the picture to ensure and prove you can protect and recover your data. Now more than ever, you should have backups of your data that are secure and replicated across accounts as a key part of your security and compliance strategy. As you leverage AWS, you need to be able to automate, manage, and report on your backups across AWS services to ensure you have recoverability and auditability. AWS Backup has your back; check out this re:Invent 2020 session for more information on data protection and compliance for cloud workloads with AWS Backup.

AWS Backup supported services (1)

AWS Backup supported services

Conclusion

With FedRAMP High approval, AWS Backup has earned an important certification for adding data protection and meeting your compliance needs when you compute in the AWS GovCloud (US) Regions or in other AWS Regions. With the AWS services in scope documentation, compliance artifacts, and the AWS Well-Architected Framework, we provide you with the resources to help you build, document, and prepare your environments for audit. AWS Backup with FedRAMP High approval is now another service for you to leverage when using AWS to deliver cloud data services with secure and integrated backups, giving you yet another advantage over on-premises solutions.

Thank you for reading this post on AWS Backup now being FedRAMP High approved. If you have any feedback or questions, please leave them in the comments section.

Andy Grimes

Andy Grimes

Andrew Grimes is a Storage Solutions Architect for AWS. Andrew has over 18 years of experience in information technology. At AWS, Andrew focuses on helping strategic accounts architect, adopt, and deploy cloud storage. Andrew’s area of depth includes AWS Storage, compliance, and backup solutions.