Ensuring Compliance with Government Security Standards: A Guide to Evaluating a Policy Management Platform

Policymaking is mission critical for governments. Government agencies need to ensure that whatever tools and software they use for their policymaking- whether regulatory or non-regulatory- meets strict government security standards, especially when it comes to any public-facing components.

This is why Esper’s policy management platform is a great choice for state agencies. Esper is built natively in the Amazon Web Services Cloud, which means that it benefits from the security and reliability of the world’s leading cloud platform.

In our latest guide, we’ll explore the security features of Esper and hear from Brian Galloway, Solutions Architecture (SA) Security Leader for U.S. Education, State and Local Government at Amazon Web Services, who will be sharing his insights on why AWS and Esper meet the strict government security standards required for deploying a new policy management platform.

As a security leader, Brian Galloway establishes and prioritizes business improvements, frequently collaborating with internal and external organizations. Brian holds an M.S. in Information Technology from the University of Maryland Global Campus and a B.S. in Computer Science from Howard University. As a security practitioner, he is also a Certified Information Systems Security Professional (CISSP).

Prioritize flexibility and security in your cloud services

"Security is critical to cloud computing. AWS is architected to be the most flexible and secure computing environment available today. Our core infrastructure is built to satisfy the security requirements for the military, global banks, and other high sensitivity organizations."

Brian Galloway

AWS

This is backed by a deep-set of cloud security tools- with 300 security, compliance and governance services and features.

AWS supports 143 security standards and compliance certifications, more than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2 and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.

Choosing a policy management platform that meets government security standards

Esper runs on AWS and inherits these controls and security features. Esper leveraged the AWS Shared Responsibility model to accelerate and complete their FedRAMP certification process as a SaaS solution. FedRAMP certification and evaluations provide customers with assurance that AWS has effective physical and logical security controls in place for their workloads.

“AWS is vigilant about customer privacy and implemented sophisticated technical and physical measures to prevent unauthorized access. We have a world-class team of security experts monitoring our systems 24/7 to protect customer content and all off the more than 200 featured AWS services offer the ability to encrypt data,” says Galloway.

Esper assumes these capabilities by leveraging native AWS security services like AWS Web Application Firewall and AWS Shield. In addition to the protection of data at rest, customers also inherit the value of AWS PrivateLink, which establishes connectivity between workloads and some AWS services without exposing data to the internet.

Security and compliance should be the cornerstones of any policy management platform

Esper’s approach to security and compliance positions us at the forefront of security for governments when conducting their policymaking. We understand the importance of protecting sensitive information and have made security and compliance fundamental cornerstones of our product.

This approach extends to all areas of our business, guiding every software, team and partnership decision. All vendor selections by Esper are required to adhere to FedRAMP or equivalent compliance guidelines, ensuring that the products and services we use meet the highest security standards.

Furthermore, Esper recognizes the importance of continuing to evolve our security measures and seek other relevant compliance to ease procurement for government agencies. And through ongoing disclosure of past performance and audit results, Esper intends to promote confidence in the platform for all buyers. All of these factors make Esper a secure choice for governments to use in conducting their policymaking.

See Esper’s secure policymaking platform in action

If you’d like to learn more about how Esper is collaborating with AWS to meet government security standards or to see our policymaking platform in action, schedule some time with one of our experts.