AWS Public Sector Blog
Tag: classification
Supporting security assessors in the Canadian public sector with AWS and Deloitte
In this blog post, learn how Amazon Web Services (AWS) helps Government of Canada (GC) customers move workloads into production in the AWS Canadian Regions. This requires putting their workloads through the Security Assessment & Authorization (SA&A) process and can pose headwinds for GC customers developing applications to support digital modernization efforts.
Canadian Centre for Cyber Security adds additional AWS services to its assessment of the AWS Canada (Central) Region
The Canadian Centre for Cyber Security (CCCS) added more AWS services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.
How updating Cold War era data classification unblocked government digital transformation
Looking at information security as an enabler for change, not a blocker, was the mind shift that contributed to digital transformation in UK government. The UK modernization of data classification concepts and processes enabled more responsive public services, as well as massive savings (£1.7bn in 2014 alone). From 2012 through 2015, the authors of this blog worked together in the Cabinet Office in the UK to reform a decades-old information security policy. This effort helped unlock widespread cloud adoption in the UK public sector and the advantages that come with it.
Securing your data by knowing your data
In many organisations, IT security and data governance processes can be complex since data is stored across multiple environments and applications. Data privacy, including data classification, is now a core component of security requirements. Organisations need an easier and more pragmatic approach in administering their data assets to mitigate operational risk.