Have you felt challenged with the FedRAMP approval process? The Federal Risk and Authorization Program (FedRAMP) was created to provide a standardized way of vetting cloud providers, from initial security assessment to authorization and continuous monitoring. But a year ago (2016), 79% of federal IT decision-makers responding to a MeriTalk survey of said they were frustrated with FedRAMP. In fact, 59% said they would consider a non-FedRAMP–compliant cloud service.
So changes have been made to improve the situation. As FedTech notes, FedRAMP Accelerated was introduced to speed up the approval process, while the GSA’s High Baseline Requirements for FedRAMP aims to increase cloud adoption for highly sensitive applications and systems. The FedRAMP Readiness Assessment Report Template helps organizations demonstrate their readiness to achieve a FedRAMP authorization. As FedRAMP moves forward through 2017, they are working on granting provisional operating authorizations faster.
But the controls and scope of FedRAMP have undeniably crept over time, and will continue to do so. The continuous monitoring (ConMon) process remains the hardest piece in the puzzle. As CSPs monitor their security controls and validate the security posture of their service offering, keeping ConMons clean requires in-depth expertise and a mastery of best practices.
As we’ve predicted, this year the portfolio of managed services will grow their offerings, even for niche markets. In addition to FedRAMP compliance, colocation, cloud computing, managed hosting, storage, managed backup services and disaster recovery are essential ingredients in delivering integrated solutions to all levels of government. Departments and agencies must move beyond legacy systems and outdated datacenters. The United States Chief Information Officer has stated the goal to reduce the current 10,000 data centers in government down to under 1,000. That foretells a major wave of data center modernization across agencies and supporting enterprises that work with sensitive data.
But no matter how the Joint Authorization Board revamps FedRAMP going forward, its stringent compliance standards for security and performance will continue to be a huge factor in the deployment of shared services, subscription based services, managed services and more. At Vazata, our FedRAMP compliant hosting platform has enabled clients of many types meet the FedRAMP challenge and work successfully with government customers.
As FedRAMP continues to evolve over the coming year—and perhaps mission creeps some more, too—why not discuss with us how to find your best path to cost-effective compliance?