Co-authors: Massimiliano Gori , Product Manager, Canonical & Mark Thomas, Solutions Architect, AWS
Federal government organisations that either collect, store, share, transfer, or process sensitive data, as well as all federal agencies, their contractors, and service providers, are required to operate in high-security environments to ensure the safety of sensitive data such as Personally Identifiable Information or confidential information.
Developing applications for regulated federal and high-security environments can be a challenging task due to the overwhelming number of compliance requirements developers need to conform to, like FIPS, FedRAMP, ITAR, DFARS, and many more.
Making sure your physical and virtual infrastructure meets all these requirements is a difficult, time-consuming endeavor. Therefore, AWS GovCloud and Ubuntu Pro have been engineered to help take that complexity away so that you can increase developer productivity, concentrate on delivering great applications and take them to market more quickly.
Organizations with workloads that store and process Controlled Unclassified Information (CUI), Personally Identifiable Information (PII), sensitive medical records, financial data, laws enforcement data, or other export-controlled data need to ensure that they meet appropriate compliance requirements at all levels of the stack. A secure, compliant workload starts with a physical and network infrastructure. For FIPS compliance, for example, this means that all VPN endpoints and other endpoints need to be encrypted by FIPS-certified cryptographic algorithms, and physical access to the infrastructure is restricted to vetted personnel.
AWS GovCloud is specifically designed for US Government agencies and contractors that are staffed exclusively by vetted U.S. citizens. AWS GovCloud builds on the security controls and services offered by AWS, and is only accessible to U.S. Citizens using FIPS 140-2 compliant service endpoints.
AWS GovCloud data centers are physically and logically distinct from the rest of AWS, staffed only by vetted U.S. citizens, and only accessible by U.S. citizens.
AWS regularly achieves third-party validation for thousands of global compliance requirements to help customers meet the compliance requirements of their workloads. AWS offers FIPS endpoints for accessing many of its services, using a minimum of TLS 1.2 encryption.
Having a resilient, secure and compliant infrastructure is not sufficient to meet all necessary requirements. Ubuntu Pro complements the solid foundation of AWS GovCloud to make sure organizations can focus on building applications, knowing that even at the operating system level patching and compliance are handled automatically in the background.
AWS GovCloud relieves the burden of “undifferentiated heavy lifting” of securing physical access to customers’ compute environments, so they can focus on the security of their compute instances and applications. AWS GovCloud, like standard AWS regions, provides customers with a scalable infrastructure, allowing customers access to the capacity they need while paying only for what they use.
Customers choose AWS GovCloud for the following reasons:
Ubuntu is the most popular Linux distribution in the public cloud, running over 50% of Linux workloads globally due to its reliability, stability and ease of use. In order to address the enterprise and public sector compliance requirements, we developed a premium Ubuntu Pro image in partnership with public cloud providers.
Ubuntu Pro is a full-featured open-source platform for cloud innovators. Ubuntu Pro is available for AWS GovCloud, where it combines comprehensive open-source security with the aforementioned AWS compliance features.
Ubuntu Pro offers the following key features:
Ubuntu Pro builds on the AWS GovCloud features to deliver high security and flexibility for your Linux workloads. The cryptographic compliance, coupled with easy to consume security and kernel updates, make sure that your applications not only get compliant, but also stay compliant for the entire duration of your mission, and can be easily audited by third parties.
In this article, we will see how to install nvidia-smi on Ubuntu or Debian Linux.…
In this article, we will see how to install clang tool on Ubuntu or Debian…
When working with Docker containers on Raspberry Pi devices, you might encounter frustrating signature verification…
You’ve recently upgraded to Ubuntu 18.04 and found that your OpenVPN connection no longer resolves…
Have you ever tried to open System Monitor on your Ubuntu 18.04 system only to…
System hardening means locking down a system and reducing its attack surface: removing unnecessary software…