The Cloud First policy for U.S. government services mandates the adoption of cloud computing for agility and cost savings across sectors, but implementing it requires meeting stringent security standards — a barrier for many cloud service providers.
The U.S. Government announced its Cloud First policy four years ago, mandating “that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost.” This is an important step in bringing new efficiencies to government processes, as well as strong validation of the growth and direction of cloud computing in its own right.
The cloud initiative ultimately means more nimble government — less government-managed data centers, reduced infrastructure overhead, more predictable costs and increased responsiveness to changing workflow demands. In short, the move to cloud means your tax dollars work harder.
Of course, it’s not as simple as a flip of a switch to move critical government workloads to the cloud. The U.S. government has a laundry list of requirements that need to be met before sensitive workloads can be pushed to a cloud service provider. These stringent regulations have slowed cloud adoption by the government agencies because many vendors and providers cannot meet the minimum requirements.
Current U.S. government regulations include:
- International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR): How defense-regulated information should be properly managed for maximum protection.
- Federal Information Security Management Act (FISMA): A framework designed to protect government information, operations and assets in the event of natural or human threat.
- Federal Risk and Authorization Management Program (FedRAMP): A government-wide standardization of security controls, process and assessment for cloud services and products.
- Federal Information Processing Standards (FIPS): A set of US computer security standards covering the handling (encryption and storage) of US government data.
Cloud service providers must determine which regulations to follow, and to what extent. For example, at the infrastructure level, it’s critical to consider both hardware security and core environment processes and controls for highly sensitive data.
To meet this need, Druva has built its industry-leading endpoint data protection solution on the AWS GovCloud (US) isolated region. The AWS GovCloud (US) allows U.S. government agencies and contractors to move sensitive workloads into the cloud and comply with unique and rigorous government security requirements. Our solution addresses adherence to specific regulatory and compliance requirements with a FISMA moderate rating including FedRAMP, ITAR and FIPS.
With the correct infrastructure in place, it’s much easier to build our solutions for U.S. government agencies and contractors, and we’re pleased to announce that Druva inSync now supports FIPS 140-2 encryption modules. This enables agencies and contractors to provide FIPS encryption via in-transit (SSL/TLS) and at-rest (256AES) during transfer to and from the cloud — something most public sector agencies require in their adoption of software services.
By combining AWS GovCloud (US) with added FIPS support from Druva, organizations can leverage our data protection and governance capabilities in the process.
To further deepen our commitment to the Federal sector, Druva also launched the FedRAMP certification process, a lengthy government review and audit process for handling even more sensitive workloads. Look for more information on this important development early to mid-2016.
Our complete government initiative with FIPS plus GovCloud marks a new milestone, as Druva becomes the first data protection and governance solution to deliver combined capabilities for the public sector. As the U.S. government embraces cloud solutions with increased mobility for data and employees, we play an essential role in helping overcome inefficiencies and improving service delivery. Read the recent news to learn more about Druva’s data protection solutions designed for the public sector.
For a more comprehensive overview of our ITAR-regulated business solutions, view our new white paper Utilizing Druva inSync Within Regulation Environments.
Compare the players
Learn more about our industry-leading data protection and governance solution with a complimentary copy of Gartner’s 2015 Endpoint Backup Critical Capabilities Report.