Five Things You Need To Know About FedRAMP
The US Government’s Latest Move In Cloud Computing
Last week, the US federal government launched the Federal Risk and Authorization Management Program (FedRAMP), which will help to build a single authentication standard for the government’s cloud services. During the past couple of years, the administration has built up a number of projects as part of its cloud-first policy, and this new project could potentially reduce the burdens of CSPs working with the government. The FedRamp is yet another important initiative from the tech-savvy US administration and might eventually help build security standards across the cloud.
What is the FedRamp?
FedRamp is a government-wide security framework that provides an authentication standard and will evaluate and provide authorization for cloud service providers, who can then work with various government agencies. Currently, the security assessments and authorization are done at agency level, whereas this new program will provide a single point approval. The FedRamp’s stated goal is “do once, use many times”, which could help reduce the burden on CSPs.
Why is it Important?
The new program’s approval is mandatory for all future cloud computing investments by the various agencies. The US government and its agencies are among the biggest spenders on technology, and their move to a common security framework could help bring about a greater degree of standards to the cloud computing industry.
How does it work?
The program has invited third-party assessment agencies and CSPs into the program. So far, nine assessment companies have joined the program. You can learn about who is approved so far here. Using these third-party assessors, the program will authorize the CSPs who will be able to work with the various agencies after the CSPs have complied with the various security requirements set by the program.
What are the goals of the program?
The main goals of the program include building a security framework where the rules and policies are applied consistently across multiple projects. By building consistent, better assessments, the confidence levels of the agencies investing in cloud computing solutions will improve. This could lead to further expansion of government cloud computing projects.
Where can you learn more about the FedRamp?
The program is currently managed by the General Services Administration, as part of the Department of Homeland Security. You can learn more about FedRamp at this GSA page: http://www.gsa.gov/portal/category/102371
It is a good initiative, and I will be closely observing how it progresses. If it helps bring the much-awaited standards in cloud computing, it will be a great win, not just for CSPs working in government projects, but also for the entire industry. Let’s keep our fingers crossed until then.
By Balaji Viswanathan