Amazon Web Services, Microsoft Azure, and CSRA/Autonomics are the first three public cloud providers to pass stiffer federal security requirements for handling security-sensitive government applications and data.
Specifically, subsets of those huge public clouds—Amazon’s (AMZN) GovCloud, Microsoft (MSFT) Azure GovCloud and CSRA/Autonomics’ cloud called ARC-P IaaS—have the government’s seal of approval.
All three companies, along with several others, already met older, less restrictive requirements under the Federal Risk and Authorization Management Program. More commonly known as FedRAMP, this effort aims to provide a standard way to assess, authorize, and manage the security of various cloud products used by government agencies and contractors.
Public cloud providers, which amass large quantities of computer servers, storage, and networking for use by customers, can point to the tougher federal certification as a sort of clean bill of health to potential government agencies and their contractors.
Get Data Sheet, Coins2Day’s daily newsletter on the business of technology.
To get this new designation, these three companies had to prove to the feds that their services were secure enough to safely meet new federal requirements intended to protect: “high-impact data, including data that involves protection of life and financial ruin.” That could include such data as Defense Department health records, Internal Revenue Service tax records, and any government-held information that, if stolen or accessed, could hurt the organization overall, its assets, or its employees and their dependents.
Given recent security issues faced by U.S. Office of Personnel Management and the IRS, which faced a law suit last summer over a large data breach, you can see the problem.
Product Demo May Have Revealed Biggest-Ever Government Data Breach
The new federal certification efforts grew out of the General Services Administration as part of President Barack Obama’s six-year-old “cloud first” initiative, which seeks to save government money by deploying more data and applications on third-party-operated cloud infrastructure instead of building more government data centers.