A study from Coalfire, a third-party assessment organization (3PAO) has found that getting through the Federal Risk Authorization and Management Program (FedRAMP), process is actually less onerous than generally perceived. That’s great news for any organization planning to master government compliance regulations and FISMA compliance issues. It’s a journey that can be undertaken without trepidation!
Case in point: Coalfire finds the average time to FedRAMP authorization has declined to six months—a 59 percent improvement for cloud services providers (CSPs) working directly with agencies, and a 65 percent improvement for those working with the FedRAMP Joint Authorization Board. To date, 20 federal agencies have leveraged FedRAMP five or more times, and cabinet-level departments use an average of 16 solutions.
Vazata has long been FedRAMP certified—we were the twenty-first company to achieve certification—and we can offer our own insights into some of the highlights from the Coalfire study:
•We agree that providing unparalleled cybersecurity presents a crucial challenge for cloud services providers, who must deliver advanced solutions to customers as well as robust compliance. The Coalfire study notes that in areas like vulnerability scanning, as much as 70 percent of CSPs need to improve.
•Vazata confirms that we have seen a fading of the once-common perception that FedRAMP is too expensive for mid-size companies—and that’s a good thing. Coalfire finds that more than 40 percent of authorized CSPs have less than $100 million in revenue.
•Given the broad range of FedRAMP authorized solutions, it’s very important to select a provider offering a solution such as Vazata’s vStructure IaaS platform that benefits from proven in-depth experience and capabilities.
•One finding we take exception with is the study’s estimate of cost. For CSPs working with a Third Party Assessment Organization (3PAO) for preparation and assessment, a more realistic minimum figure for JAB authorization is $500,000. This does not count required monthly monitoring and reporting or annual audits, which can cost $100,000 to $200,000 or more.
Finally, Coalfire estimates that approximately 60% of federal agencies do not yet participate in FedRAMP, which prompts the question, How soon can Vazata conduct a Cloud Computing Needs Assessment for your business? Why not contact us today?