Coalfire recently returned from the Amazon Web Services (AWS) Public Sector Summit, held in Washington, D.C., which addresses some of the most pressing issues today’s leaders face around security, governance and compliance, and more. While Coalfire has attended the show in the past, we were especially amazed at how strong of a conference this year was. The crowd totaled more than 10,000 attendees – up from 50 at the first Public Sector Summit only eight years ago. This year’s theme was “Super Heroes” and centered on how AWS provides its customers with “Superpowers” such as Speed, Power, Scalability, Durability, Strength and Truth.
We were excited to meet with both current and prospective customers visiting our booth on the Expo floor where we showcased:
- Continuous diagnostics of controls related to security and compliance
- How technology vendors can meet CJIS requirements
- Guidance on the FedRAMP process and how to get started
- Technical testing of the cloud
- How technology providers can differentiate security from their peers through gaining additional certifications (ISO 27001, etc.) or through a compliance validation whitepaper of their solution
We also hosted a well-attended boot camp session, “Automating Security in the Cloud: DFARS / NIST SP 800-171 Requirements.” This session spoke to DoD and government contractors looking for ways to meet the December 2017 deadline to comply with NIST SP 800-171 per the DFARS requirement.
Coalfire team members, along with other AWS security ecosystem partners, touted the Security by Design philosophy and addressed the upcoming DFARS requirement deadline. The boot camp showcased collaborative efforts among security partners, highlighting solutions that contractors and higher educational institutions can employ to meet their requirements.
Let’s now take a closer look at highlights and commentary from the AWS Public Sector Summit.
AWS Customers are Superheroes, and Security Took Center Stage
The summit showcased the benefits of deploying and managing a business on AWS, which the event positioned as “Superpowers” that AWS Super Hero customers have. Speed, Scalability, Durability and Truth are some of the powers that AWS continues to provide and refine so its customers can address challenges such as smart cities, oceanic changes from climate change, training in east Africa, tax services to national security interests to better serve the world’s communities.
Security in the cloud was a huge topic from AWS’ CTO Werner Vogels. Werner said: “It is clear there is no red line for security…there is no ‘good enough’ when it comes to security” and also displayed the investments that AWS has made in tools to enable its customers to build better security practices. Additionally the AWS Security by Design, further described below, showcased many security leaders that the AWS ecosystem can leverage to better enable and maintain security.
News from the Show Included:
- AWS GovCloud (U.S.-East) availability zone coming in early 2018
- Marketplace for GovCloud
- Rekognition now available in GovCloud (U.S.)
- Additional announcements are on the AWS Public Sector Summit Press Room
Organizations will soon be able to move services and applications into GovCloud (U.S.-East), which is FedRAMP authorized, for “added redundancy, data durability and resiliency and increased options for disaster recovery.” The Marketplace has been added to GovCloud (U.S.) and now ecosystem partners on the East and West now can make their services available to the GovCloud community. Rekognition, the AWS image analysis tool for visual identification of objects, can now recognize faces and integrate this capability into applications.
The CIA’s Journey to the Cloud
CIA CIO John Edwards described the Agency’s cloud journey from months to minutes to provision servers to support missions. He conveyed that AWS provides “infrastructure at the speed of mission” through the C2S environment which is the Intelligence Community cloud. The goal was to deploy Agency systems with the same agility and robustness as commercial companies could. Through working with AWS, the CIA can now realize the benefits that commercial companies have enjoyed.
Enabling Security by Design – AWS Security Partner Eco-System
Finally, many great conversations occurred after our presentation and on the Expo floor at the Coalfire booth.
Visitors from government agencies had concerns about how to manage the metrics for their systems compliance, ensure their cloud services meet government requirements such as CJIS and the DoD RMF process, manage vulnerabilities that an agency specific system may have and not yet be aware of, and deal with the threat of ransomware.
Industry organizations expressed interest in differentiation through security validation. That’s accomplished through gaining additional security and compliance authorizations/certifications or having their solution/technology validated and results documented in a whitepaper format by an independent party to confirm it meets certain compliance requirements. Additional discussion centered around the FedRAMP process and how best to start it. We had copies of our recently published FedRAMP report to better inform those discussions and provide guidance for leaders looking to understand the available options.
Whether you’re a commercial organization or government entity, Coalfire’s teams for compliance assessment, technical services such as penetration testing or threat hunt operations, and cyber engineering can provide tailored solutions for existing systems or aid in the planning and development of a new cloud environment to support mission goals.
Thanks to everyone we spoke with at the show. It was a great time and was promising to see the conference continue to grow and help drive relevant, timely discussions.