VMware Cloud on AWS Moving Toward FedRAMP High Ready Status

(Illustration: Shutterstock)

During an Aug. 8 webinar on VMware Cloud on AWS hosted by the Digital Government Institute, participants said that VMware and AWS are setting up a dedicated instance of the service called VMware Cloud on AWS GovCloud (U.S.). This instance is intended to meet standards set by FedRAMP, the Defense Information Systems Agency (DISA), and the International Traffic in Arms Regulation (ITAR).

“It’s extremely important for public agencies to pursue digital solutions that offer them more agility and efficiency, while still upholding critical security standards. This effort is supported by the Modernizing Government Technology (MGT) Act, and the Federal Cloud First mandates reinforced in 2017 play a key role here.” said Lynn Martin, vice president and general manager, Government, Education and Healthcare, VMware. “Public agencies are now striving to comply with Federal Cloud First mandates and are looking for solutions, and VMware Cloud on AWS GovCloud (U.S.) can provide them what they really need, which is the ability to augment existing IT infrastructure capacity, enhance continuity of operations and disaster recovery, and facilitate faster application development and testing operations, without re-architecting for new infrastructure or retraining personnel on net-new technologies, tools, and processes.”

“VMware is working very hard, in cooperation with AWS, to accelerate the amount of compliance certifications that are being achieved on this platform,” said Paul Bockelman, senior manager and special solutions architect for AWS. VMware Cloud on AWS GovCloud (U.S.) is looking to meet the FedRAMP High baseline for certification. Bockelman noted that achieving this standard would also allow VMWare Cloud to receive DISA authorization at impact level 4 or 5. Currently, VMware Cloud on AWS has already met compliance requirements for SOC 1 and 2, ISO 27001, 27017/18, HIPAA Business Associate Agreement, Cloud Security Alliance STAR standards, and the European Union’s GDPR standards.

“We’re marching very heavily and very rapidly towards this certification. In fact, much of the impact level 4, impact level 5, and FedRAMP High certifications that the AWS platform has already achieved are being inherited by VMWare Cloud on AWS, and much of the effort right now is being spent around the management and operations aspect,” Bockelman added.

“The goal is later this year to be at a FedRAMP High Ready status, so that we can then submit the package into the accrediting authority. By extension, we can then seek out impact levels 4 and 5 for the Department of Defense.”

VMware is in the process of hiring dedicated service operations and security operations personnel to support the VMware Cloud on AWS GovCloud (U.S.) service, Bockelman said.

During the webinar, Hendra Li, a senior cloud specialist with VMware, noted the benefits of the offering, citing the same operating experience as on-premises VMware environments, the ability to quickly and cost-effectively migrate complex enterprise applications to public cloud, and a rich set of VMware SDDC capabilities available as a public cloud service.

Recent