Accelerate business and mission outcomes with AWS Government Regions

"Hey, raise your hand. We've had a wonderful reading experience so far. All right. That's good. That's good. All right. So we're gonna raise the bar on that. This is gonna be a lot of fun.

Um Sean and I worked together for a bunch of years here with AWS and our government regions team. And so we always love the opportunity to give these quick lightning talks to give you the absolute essentials on our government regions, how they work, how to use them and uh how to and you know, basically build mission outcomes that help our citizens and our customers.

So, my name is David Schatzman. Been with AWS about three years now. Ah, before that, when I had hair, I've been in the hardware OEM business pretty much as an intern in the nineties. Uh Sean. Tell, tell us about yourself.

Hello, my name is Sean ASF. I am a solutions architect. I've also been here about three years so Dave and I have been doing this song and dance for about three years now. We're pandemic children. So we both work for our GovCloud and government regions team. Uh we work together, we work with our customers. We work with our sales teams across the public sector and the nonpublic sector regions. So, um but yeah, but this is a lightning talk. So you have to talk really fast, light, light light without further ado, we have three things that we'd like to talk to you about today.

Now, frankly, all of this feedback for the first two sections is based upon our encounters with customers just like you. And we've summarized that in just a few quick slides and we're going to go through it real quick. And then we're going to end by showing you a a an overview of our portfolio of government solutions. So that's what we're going to try to accomplish now before we even start out, this is my absolute favorite quote from one of our senior executives and it goes back to the days in 2006 when AWS was founded, we led, always led with security and we continue to do that. We make investments on a daily, weekly and monthly basis to improve the security of all of our regions globally.

Now, we recognize Sean that security is a shared responsibility, right? We can do everything, right? But we also need our customers to do everything right. So for me, on our side of the shared responsibility model, we are responsible for security of the cloud and then you the customers are responsible for security in the cloud, right?

So if we think through that and dive a little deeper which you can by going back to watch some of our zero trust sessions that we've offered and some of our security sessions that we've offered, you can learn a tremendous amount about that. But everything we're going to talk to you about in this brief amount of time will be based on security.

Now, a few reasons why public sector customers choose AWS, we're not going to go all through through all these in the s in the amount of time that we have here. But one thing that's really important is that we have been doing this for 17 years. That's a lot of time. That's a lot of experience. That's a lot of opportunities to mitigate and manage risk and we pass all of that off to our customers. I'll stand to the side so you can take pictures.

Um it's also important to realize that while public sector customers often just operate in one country, well, gosh, many of our agencies span the entire globe think about just hypothetically the department of state, right, with your passport, or if you think even deeper into some of the things that crime enforcement does, law enforcement. So the fact that we have a global portfolio of regions is very important to enable our public sector customers, not just the regions that we have in the United States now, because customer obsession is our number one focus at AWS, we always work back from our customers needs and try to satisfy them. We we do that relentlessly every day.

We realized when AWS was founded, as I said before, in 2006, we realized in about 2007 that p sector customers by and large were not adopting cloud at the same pace as commercial entities. And we started to explore that. Well, why is that, why are public sector customers not able to realize the benefits of cloud? And I'll tell you the answer uh mainly compliance, right? Because remember at the time, it was Fhima Low, Fhima Moderate Fhima High. While all those things still exist, compliance was the reason customers by and large could not move from an on premise environment no matter where that environment was, whether it's here or on the other side of the world to cloud. And so that led us to invest in our portfolio of government regions, which we're going to talk about in just a second what those are.

But before we do that, why do public sector customers use cloud? Well, Sean, I'll ask you, i i want to uh grab the second one, but could you make some comments around the first one for me?

Sure. So to achieve your business and mission outcomes, right. So we have our government regions, uh we have govCloud which helps you meet FedRAMP High DOD Impact Level four and five. And so you get the inheritance of the controls that we have taken our services through. You get to inherit those controls, ah for your security plan and then that's us securing of the cloud and you in the cloud will be the things that you bring on top of that. So, so there's the control of inherence. It's about roughly about 80%. You have about 20% left other than the non technical controls that you have to do as a part of your security package. So, absolutely.

And that's exactly right. And that goes back to the reason we founded and invested in the regions and why we've done so since roughly 2011.

Now, the other one i wanted to talk about and this is another key one is that, i mean, let's face it. Th think about some of the GAO GAO reports that have gone around in the in the states about the cost and the scoring of some of the very, very old systems that exist in federal state, local government, both both in the United States and broader and the costs that customers incur to keep those legacy environments operating. Believe me, his systems get older as an old hardware OEM guy. The only thing good about him from the vendor, from my perspective is the costs go up, right. And so as agencies and accrue and accrue and accrue more and more and more technical debt cloud is a huge and a able to help citizens like us save money and and really realize a better customer experiences as a result of modernizing in the cloud.

So we hear countless stories. In fact, if you went to uh mister wey David Weave's uh innovation talk, i believe it was yesterday. You heard a number of really interesting stories that customers told that went right to that fact of eliminating debt.

But the other one and this is the one that that's most impactful for me is the fact that agencies and whether agencies are even part of the defense industrial base can take advantage of the elasticity of cloud. Think about it, if you had to go out and invest a million dollars, just hypothetically in a server farm and your workload only needed to operate, say one quarter, one month, one day of every business cycle, just think what all that hardware is doing, it's consuming money, it's polluting the environment.

So by realizing the elasticity and the scalability of the government region's portfolio, which by the way, we're going to talk about next, customers can save a lot of money, they can realize a lot of things, they can serve their customers.

So one more thing to think about too about, you know, reducing costs would be as our new generation of processors come out, you actually generally save money by upgrading to a newer processor. So there's also those economies of scale as well.

This is the moment you've all been waiting for half way through the wen talking and on the slide that we want to talk about here.

So these are the offerings that AWS offers our public sector customers. Um what's interesting about these offerings is that we support multiple enclaves, right? If we start here on the left, are uh US East and West regions, these are just start commercial regions, right? We have them in uh San Francisco, Oregon, Northern Virginia and Ohio, right? And uh they operate a as Sean alluded to at the uh federal moderate level and the DOD SRG security crime misguided impact two level.

Um these are very popular regions for public sector customers make no mistake about it. Customers use the commercial regions extensively to achieve their business outcomes.

Now, we have a lot of customers that need isolated infrastructure, they need isolated infrastructure to host controlled and classified information, right? And we realized this in about 2010 when we started making the investments in the commercial regions as far as compliance control. So that led us to launch AWS GovCloud US West in 2011 again, uh isolated infrastructure. But what was interesting and they were first launched, they were actually launched a moderate, we later uplifted them uh to FedRAMP High, but we we didn't stop there, right? The isolated infrastructure, the FedRAMP High infrastructure, one of the phenomenon that we found was that more and more customers were bringing mission critical applications, applications that if they failed to work would have in, in many cases, catastrophic impact on the economy, catastrophic impact on operations if you think about the military.

Um and so that led us to launch a second GovCloud region so that customers had the choice to be able to do dual regent deployments. I, and it's interesting five years ago, we didn't have a lot of dual region deployments. It was, it was quite interesting. But the trend over the last couple of years, we have seen more and more and more customers, i cannot believe more and more customers that are o obviously looking for multi region ah whether that's uh active, active or active passive.

So we have two regions within our GovCloud and obviously you can build highly available within each region, right? But for disaster recovery, for ah for requirements for data to be meaningful distance away, we have two regions within GovCloud to operate in.

Thank you. Anyway, so we're up to our fourth microphone in uh 12 minutes. So again, uh dual region approach here. But anyway, as Sean was saying, yes, so the the second region for GovCloud enables resiliency. But you know what, that still wasn't enough because we realized again that there were a series of customers primarily in the DOD and in the intelligence community that needed cloud solutions for all the same reasons we just talked about for GovCard, right, the elasticity, the security, the scalability, the ability to move faster.

And so that led us to launch. Uh and i have to be very vague here. It led us to launch additional regions for, for our secret and our top secret customers. And yeah, i'm i'm here to tell you today that that our pursuit and our, our interest in helping our public sector customers is never stopping. We continue to invest heavily in all four of these enclaves to help our customers.

And you heard many comments throughout uh all of the different sessions that you've been to regarding new processes, new services, new capabilities and that we have a vision to help all of our public sector customers move forward no matter what the classification of their data is.

So on our next slide, this is one of my favorite slides. I could spend an hour talking to you about it, but i'm gonna spend four minutes given the time that we have here. Um this information is based upon Sean and i's relentless engagement with customers and the feedback that we get. And these are the top five spaces that we talk about with our customers.

And we typically ask our customers, we work with them to lead with compliance, right? If we take security aside for a second, because all AWS infrastructure is secure, that's the most important thing that we do. So we typically work backwards from the compliance requirements. And oftentimes the customer will say this workload must be in GovCloud. I i, i've, i've just got to have GovCloud. Right. And i, if you really start to dig into it, maybe that's not the right choice. Right. Maybe they need to be in the commercial regions because their compliance programs don't require GovCloud.

And we have the same discussions with commercial customers. Right. If they have a workload that needs to be in an isolated infrastructure, it needs to be within, inside an ITAR boundary, it needs to be operated by US citizens only. Well, you know that that's GovCloud.

So I would encourage each one of you as you study your cloud journey to take security as a given, right? We're, we're all smart people, we know how to do security of the cloud and in the cloud, right? And then look at the compliance programs and look at it through a a sobering lens.

Now, the other really important aspect of picking the right infrastructure and this is what Sean and i spend most of our time on together. We're the resiliency team for, for, for GovCloud. We recognize that there is a balance between resiliency budget, right? Cause citizen tax towers, i mean, they're, they're finite, right? So agencies have to spend smart complexity is really important, right? And that goes to resiliency because if you think about it, a workload running in one availability zone is a lot less complex than running in six availability zones.

Acro across two regions with eight direct connection and you know, 20 backup VPN s and c and a CDN in front of it right now. Now, David, that point is so important because uh Werner talked about it this morning with the frugal architect and his keynote. Here is the remaining transcript formatted for better readability:

That's true. Yeah. You know, uh Werner Vogels got that for me. Can I get away with that? Maybe they'll turn my mic off again? I don't know. But a another important consideration and this goes to uh the, the Biden administration, right? Ta taking politics aside, of course, um you know, with the sustainability focus of the Biden administration, sustainability, we're starting to see those conversations in in the front.

Customers want to architect for resiliency no matter what enclave we're talking about. But they also want to be environmentally respectful, right? And, and let's face it if, if money were no issue and we were considering the environment, why not build in uh both regions with six availability zones and, and double down on your EC2 and double down on your storage and just let the environment, you know, go, right.

But there's an impact, right? It costs the environment, right? You have the carbon, that's a huge issue right now. You consume a ton of electricity, right? And you pollute. So i always tell my customers, Sean al al also always tells us customers that look, let's think about this in the context of the environment, right?

Um and i'm also really happy to say that our AWS GovCloud regions in all of our regions, we obviously have the, the Paris climate accord goal that we're planning to exceed. And we are also uh very proud to say that uh GovCloud West is uh wastewater positive uh and carbon neutral at this time. Oh, GovCloud East is very close. So we have made a huge investment to help our customers be able to architect for sustainability.

Now, finally, when we think about this trade space, we do think about risk, right? And we talked about this in the beginning, if we think about the catastrophic impact of a workload, unavailability to the to the citizens, to the users, to the missions and so forth. So we do, you know, look at things like the risk management framework depending upon what you know what area of government you're in or what area of the industrial base that you're in. So we always have to balance all of these factors risk included.

Now this is aaa another really uh tight emerging trend and that is a developing low testing, low and deploying in a higher enclave, right? So, so we do see customers uh for example, uh it is very common for a customer to do their development in our US commercial regions, right? And to do our testing, uh they even do things like fault injection simulation uh in the commercial regions. They use Resilience Hub in the commercial regions. They experiment with fail over to between regions and availability zones in the commercial regions, but then once the workload is tested and it's ready for production, they'll port it over, say to GovCloud, right?

And of course, you're, you, you're uh always testing, right? The resilience life cycle, continuous testing continuing. But, uh, anyway, that's another topic. So i, i say this to say that don't, don't limit yourself to just in one region, right? Always look for opportunities to deploy low and then, or sorry to develop low and deploy high, whether you're talking commercial to Gov GovCloud to secret and, and, and so forth.

Um it saves you a lot of money, it saves you a lot of time and it gives you a lot of flexibility. Um and the other factor that kind of goes with that is the fact that uh so many customers, i'm thinking of four or five right now, they will actually leave their workload in the dev state in the commercial region so that they can do future testing of additional features or, or capabilities. They can test it in a nonthreatening non proud environment.

Um the other, the other point i would make in the minute and a half that we have left is experiment. We see a lot of cut, particularly with, hey, you know, obviously we're talking about general uh sorry general of a i a little bit at the conference, right? So uh i would encourage all of you take some risks, do some experimenting in a non production environment move quickly fail, fast move on.

Um that's a, a wonderful sentiment to take away from this session and this conference that it's ok to experiment and it's ok to fail as long as it's not in a production environment and that we would leave you. Uh sean myself and the other hundreds of people that support public sector, you know, we're here to help you.

Um you know, it's sean's job to help the architect, the system is gonna meet all the goals that we just talked about here. Um and it's my job to help him help you. So, so um that's the extent of what we have to share today. Uh i've really appreciated your time if you have any questions. Uh we have to clear the stage. There's another one, but we'll, we'll hang out down here.

So if i can help you at all or if sean can help you, please feel free to come forward. And if you'd like more information, uh th this happens to be for the GovCloud watch page. But from there, you can just do the pull down and check out the commercial regions, the secret region, the top secret regions and, and of course GovCloud.

So thank you very, very much for your time. And uh we will look forward to seeing you down at the bottom there or at any time i will put this up. Uh you can uh you, you can email sean or i at any time, we'll be, uh, of course, traveling home tomorrow. But, uh, monday morning, we'll be, uh, bright eyed bushy tailed ready to serve us on saturday and sunday.

Yeah. Yeah. So we get it when we get back on monday. Yeah. Yeah. Thank you for your time everyone.