We are comprehensive cloud management for modern enterprises, services providers, and the public sector.
Everything you need to manage and allocate costs, optimize spending, and save money.
Unified secure configuration, activity monitoring, and IAM tracking for the public cloud.
Give financial operations a complete picture of IT costs across hybrid cloud infrastructure.
The next step in cloud security—ensure your cloud infrastructure is audit-ready for 35 regulatory standards.
Built to optimize the best features of the major cloud providers in a single pane of glass.
With an integrated ecosystem carefully chosen for your success.
Our technology partners amplify the advantages of the cloud.
Comprehensive management and automation of cost, security, compliance, inventory, and utilization for the modern enterprise.
A full suite of modules and tools to support the unique business needs of MSPs, CSPs and resellers, from custom invoicing to analytics and reporting.
Unified cloud management for federal, state, local, and higher education institutions.
Not all organizations share the same security concerns in the cloud. While consumers add pressure to retailers (both brick & mortar and online) and social media platforms to protect sensitive data, government agencies—especially those that are part of the intelligence community—must take a more strategic approach when it comes to implementing cloud security services.
The Chief Information Officer of the CIA readily admits that his department has not historically been able to keep pace with innovations in the tech industry as a whole. One of the challenges is the slow-moving nature of government procurement. More importantly, however, agencies that handle classified government documents were openly concerned about data security and compliance in the public cloud.
One way for security-conscious organizations to take advantage of the cloud—and especially all of the Software as a Service (SaaS) options that operate in the cloud—is to deploy SaaS services on an Amazon Machine Image (AMI). Using an AMI allows institutions to take advantage of all the applications on the Amazon Marketplace while maintaining complete control of the environment.
For many government agencies, using an AMI isn’t enough. To address the concerns government agencies have related to cloud security services, AWS has specific regions that are only available to public sector customers. Let’s take a look at how these regions work, who can access them, and how they are different from the standard AWS regions.
Find AWS regions near you on our interactive map at https://cloudcheckr.com/zonecheckr
Amazon Security Solutions for Public Sector Cloud
There are three special AWS regions designed exclusively for publicly funded establishments. AWS GovCloud Region, which became available in 2011, was the first government-specific cloud region introduced to the market. Followed by AWS Top Secret Region, which launched in 2014, and AWS Secret Region, in 2017.
As the first AWS Region specifically launched for public sector customers, AWS GovCloud offers more security safeguards than those available in a standard AWS region. Here are some of the differences:
Learn more about the high-level differences between AWS GovCloud (US) Regions and standard AWS Regions in the AWS GovCloud User Guide.
In addition to these safeguards, only vetted U.S. citizens have physical and login access to the AWS GovCloud region. Still, GovCloud cannot guarantee total data security. While its servers are physically isolated and kept much more secure than the standard regions, AWS GovCloud is still part of the public internet and is theoretically publicly accessible.
AWS also has an air-gapped region called the AWS Top Secret Region. After Amazon signed a multi-year, $600 million contract with the U.S. Central Intelligence Agency in 2013, it launched AWS Top Secret Region in 2014 to meet the needs of the intelligence community.
AWS Top Secret Region differs from GovCloud and the Secret Region introduced three years later in the following ways:
The AWS Top Secret Region is a private cloud the CIA built on three locations (to provide three availability zones) using AWS technology and expertise. This arrangement gave the intelligence community a way to leverage the power of the cloud without running any security risks. In this case, having a completely air-gapped cloud that is not accessible from the public internet is the only option.
Read more about how the government benefits from public cloud adoption here.
The newest AWS service for government agencies, AWS Secret Region, launched in 2017 and expanded Amazon’s ability to serve the public sector at all federal classification levels. According to Amazon, the AWS Secret Region can operate workloads up to the Secret U.S. security classification level.
Unlike the Top Secret Region, AWS Secret Region is not hosted on-premise at the CIA and therefore is interpreted as slightly more vulnerable than the intelligence community’s Top Secret Region. However, it’s still separate from the public internet. Most importantly, it can be used by any government agency rather than exclusively by the intelligence community.
For more information about who can access the AWS Secret Region, see this Amazon announcement.
AWS Secret Region uses some of the same tools as the Top Secret Region and bridges the gap between the unclassified AWS GovCloud region and the intelligence-only Top Secret Region. According to the CIA’s CIO, Secret Region benefits the intelligence community too, because it makes it easier to collaborate with other agencies outside the intelligence community whose information is classified, but not Top Secret.
Purchasing resources in any of the public sector-only regions isn’t like setting up an AWS account in the standard regions. They all have to go through AWS’s public sector sales and require vetting of the organization and contact individuals to ensure they are eligible to use the AWS region in question.
Want to learn more about purchasing AWS government and education cloud services? See our article, “Buying Government and Education Cloud Services Direct or With a Partner.”
Unlike other cloud management platforms, only CloudCheckr is available as an AMI. Just as importantly, it is the only cloud monitoring platform authorized to run in the in AWS Secret Region. Even in the Secret Region, continuous security monitoring and auto-healing are essential to ensure your environment is as secure as possible at all times.
Follow these links to learn more about how CloudCheckr works with public sector companies in the GovCloud and Secret Region.
Are You Subscribed to the Check List?
Our Best Articles and Insights Direct to Your Inbox
Get What You Need to Succeed—Download our White Papers
Your Role in the Shared Responsibility Model
A Guide to Understanding and Taking Control
Free Webinars Await—See What's Next
Make Your IT Team Your Strongest Security Asset