Secure Environment Accelerator (Canada) - Public Sector Cloud Transformation

Secure Environment Accelerator (Canada)

To meet the high security standard required by the Government of Canada, the AWS Canada (Central) Region was assessed against hundreds of controls. This security assessment provides additional assurance to customers of all sizes and across all industries, including local and provincial governments that AWS has passed a significant technical review set forth by the Government of Canada.

The Government assessed whether AWS has the ability to address the requirements of the Government of Canada selected security controls and enhancements, as outlined in ITSG-33 IT Security Risk Management: A Lifecycle Approach, Annex 3 – Security Control Catalogue. The AWS compliance program descriptions are posted publicly, and the SOC 3 report, as well as all of the AWS ISO certifications, are downloadable usiing the AWS Artifact portal. Detailed reports of compliance and the detailed audit results are available to customers and potential customers under NDA.

The AWSSecure Environment Accelerator (SEA) is a tool designed to help deploy and operate secure multi-account, multi-Region AWS environments on an ongoing basis. The power of the solution is the configuration file that drives the architecture deployed by the tool. This enables extensive flexibility and for the completely automated deployment of a customized architecture within AWS without changing a single line of code.

While flexible, the AWS SEA is delivered with a sample configuration file which deploys an opinionated and prescriptive architecture designed to help meet the security and operational requirements of many governments around the world (initial focus was the Government of Canada). Tuning the parameters within the configuration file allows for the deployment of customized architectures and enables the solution to help meet the multitude of requirements of a broad range of governments and public sector organizations.

While the installation of the provided prescriptive architecture is reasonably simple, deploying a customized architecture requires extensive understanding of AWS.