ATO on AWS Program Helps Public Sector Partners Expedite Customer ATOs

‘The Authority to Operate on AWS program is very enabling for solution providers on AWS, particularly those serving the public sector, helping them fast-track their compliance process and achieve an ATO faster,’ said Adam Kerns, managing principal of cyber risk advisory at Coalfire. ‘Coalfire customers on AWS have seen significant reductions in times to compliance.’

A new Amazon Web Services program will help public sector partners more quickly obtain regulator authorizations for customers to use their commercial cloud computing solutions.

The Authority to Operate on AWS program will provide training, tools and controls for partners to help customers navigate the security and compliance certification and authentication regulatory processes required under the Federal Risk and Authorization Management Program (FedRAMP), Defense Federal Acquisition Regulation Supplement, Payment Card Industry Data Security Standard and Criminal Justice Information Services.

“Solution providers running on AWS may encounter additional difficulties achieving an ATO due to complexity of both the process and technological barriers, uncertain time frames from start to finish and unclear expectations of cost,” Tim Sandage, senior security partner strategist at AWS, said in a blog post. “These challenges can result in an unintended barrier to entry and be a limiting factor in how well public sector customers can execute their mission, as the breadth of solutions available to them is not on par with companies operating in the commercial sector.”

The ATO on AWS program will connect public sector customers to validated AWS Partner Network (APN) consulting partners who are members of the AWS Public Sector Partner Program.

It will include resources to help solution providers build, implement and optimize DevOps, SecOps, continuous integration and continuous delivery, and continuous risk treatment strategies and processes for their organizations. It also will provide access to managed solutions from APN Technology Partners that are designed to minimize the work required to achieve needed authorizations.

Teresa Carlson, vice president of AWS’ worldwide public sector, announced the new program at the 10th annual AWS Public Sector Summit in Washington, D.C.

“Security isn’t just about the cloud provider,” Carlson said. “It’s about our partners and the third parties that work in the space. We have 69 FedRAMP-authorized solutions across GovCloud and our standard regions.”

AWS GovCloud, which launched in 2011, includes two isolated AWS regions in the U.S. created for federal government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

AWS CEO Andy Jassy this week reiterated the public cloud provider’s commitment to working with U.S. federal government customers, including defense and national security customers.

“If our government doesn’t have access to all of the most modern and sophisticated technology that the private sector has, we’re in trouble – both in light of what the government has to get done and the role of this government’s place in the world,” Jassy said. “We intend to continue.”

ATO on AWS launched with 24 APN partners, including Coalfire, a Westminster, Colo.-based cyber-risk management and compliance services company.

“The Authority to Operate on AWS program is very enabling for solution providers on AWS…helping them fast-track their compliance process and achieve an ATO faster,” said Adam Kerns, managing principal of cyber risk advisory at Coalfire. “Coalfire customers on AWS have seen significant reductions in times to compliance.”

Traditional compliance times for a FedRAMP audit-ready state have averaged 18-24 months, according to Kerns, while Coalfire’s first use case of leveraging AWS Security Orchestration and Automation methodologies within its own FedRAMP offering helped a customer achieve audit-ready status in six months.

New AWS ISV Workload Migration Program

The NO. 1 cloud provider also has launched the new AWS ISV Workload Migration Program.

The APN consulting and technology partner programs provide migration guidance, technical enablement, funding and marketing support to help move customers’ independent software vendor (ISV) workloads from on-premises data centers to the AWS cloud.

“The AWS ISV Workload Migration Program leverages the expertise of APN Partners and AWS best practices to create repeatable and scalable migration models,” Guy Farber, AWS’ global manager of the program, said in a blog post. “These models, in turn, enhance partners’ AWS practices and support the success of customers’ cloud journeys.”

Under the funding benefit, the program may invest up to 10 percent to 15 percent of the overall post-migration AWS annualized run rate (ARR). The rate will be based on the projected AWS ARR driven by the ISV workload and complexity of the migration, and funding will be provided in cash or AWS promotional credits.