cloud-based security (Omelchenko/

AWS expands DOD IL4, authentication services

Agencies, military units and commands within the Department of Defense now have more tools in their arsenal when it comes to integrating cloud services into everyday operations.

The Defense Information Systems Agency gave provisional authority to Amazon Web Services GovCloud to offer more than a dozen new cloud service applications under Impact Level 4. AWS announced the new offerings in an April 26 blog post.

In 2016, AWS got provisional authority from DISA to offer to two services -- Amazon Elastic Compute Cloud and Amazon Simple Storage Service.  The new IL4 authorizations expand the number of offerings to include AWS CloudFormation, Amazon Key Management Service and Amazon Redshift.

“CloudFormation is really important because it is an orchestration technology that enables you to automate, in a very rich way, how you stand up a cloud environment and automate that whole flow,” said Mark Ryland, director of solutions architecture and chief architect of the AWS worldwide public sector team. “[I]t makes it less of a manual process to use a cloud platform.”

While the DISA IL4 authorization does make it easier for AWS DOD customers to use the new services, it does not mean that they are automatically now available for agency use.

“This announcement is from a central group in the DOD that has created provisional authorizations, meaning it is something that other groups within DOD can use,” Ryland said.  DOD GovCloud users “can take the document and analysis and grant the final authority to operate.”

In a separate blog post, AWS also announced hardware-based multifactor authentication capabilities for GovCloud.

AWS has partnered with SurePassID, a third-party digital security company, to implement the initiative, which will require users who sign into GovCloud to provide their user name and password as well as an authentication code generated by the SurePassID token.

The MFA tokens are stored in a separate Identity and Access Management environment within the GovCloud during the authentication process.

Ryland said the tokens are not meant to supersede the current access to GovCloud through common access cards and personal identity verification cards. Rather, the token-based authentication “fills in the gap” for agencies that want to use the GovCloud, Ryland said.  “This allows them to use a hardware-based token, but still get the MFA support, which could be applicable in certain use cases.”

Ryland characterized the new MFA capabilities as more an “edge case than a new critical ability” for GovCloud customers. 

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.