Making FedRAMP a Requirement for State and Local Cloud Adoptions
November 5, 2018
The Office of Management and Budget (OMB) recently announced a new “Cloud Smart Strategy” proposal, the first cloud strategy update in seven years, with the goal of delivering a long-term successful path to drive cloud adoption across the federal government. As part of the proposal release, Suzette Kent, Federal Chief Information Officer, was quoted as saying:
“To keep up with the country’s current pace of innovation, President Trump has placed a significant emphasis on modernizing the Federal government. By updating an outdated policy, Cloud Smart embraces best practices from both the federal government and the private sector, ensuring agencies have capability to leverage leading solutions to better serve agency mission, drive improved citizen services and increase cyber security.”
Although this strategy is federally-focused, state and local agencies can still look to programs and policies driving successful cloud adoptions at this level. From a security perspective, one of the key elements of success for the federal government is the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to cloud security.
FedRAMP benefits for state and local governments
The IT Alliance for Public Sector (ITAPS) is a huge proponent of state agencies using FedRAMP authorized providers to support their mission. In its States Cybersecurity Principles and Best Practices document, the alliance shares how state agencies should “utilize FedRAMP certification to better inform their acquisition of quality cloud products and services. When looking to standardized cybersecurity, states should avoid trying to reinvent the wheel, and should instead embrace existing standards developed by industry and leading professionals.”
ITAPS understands the benefits that a formal program like FedRAMP, which utilizes independent Third Party Assessment Organizations (3PAO) to validate the security controls inherent in industry cloud solutions, can offer to state and local government. For state and local agencies, looking at a FedRAMP-approved provider takes a lot of the pressure, and risk, away from choosing the most secure solution. Additionally, it provides the following benefits:
- Strict security protocols – FedRAMP security standards, based on NIST 800-53, are some of the most stringent protocols when it comes to data security. According to Techopedia, NIST 800-53 was created by the National Institute of Standards and Technology and includes procedures on risk management for federal information systems covering 17 areas, including incident response, access control, and continuity of operations. FedRAMP provides a “standardized approach to cloud security assessment,” combining the collective knowledge from experts across federal agencies including the General Services Administration (GSA), NIST, Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), and Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry knowledge experts. It is the baseline to follow.
- Cloud Acceleration – “Do once, apply many times.” FedRAMP takes this approach to agency cloud adoption. With this standard, all the legwork of vetting and ensuring a cloud vendor’s security protocols can support the highly sensitive nature of government data, so the burden no longer lies on the agency themselves. The efficiency of this program allows agencies to choose from pre-vetted vendors who already have all of the necessary standards in place, reducing an agency’s decision from the evaluation of security protocols, benefits, and price to just benefits and cost.
- Cost Savings – Cost savings is a widely known benefit of moving to a cloud environment. Agencies who chose to migrate to the cloud can expect to receive substantial savings over traditional “build-and-operate” solutions. In addition to the savings in the infrastructure, agencies can improve the efficiency of their staff, allowing them to be more productive. That said, cost savings is not enough, security needs to be a key component to any program.
Modernize your communications platform now
As ITAPS stated, why reinvent the wheel when you don’t have to? You have enough challenges to work through without having to deal with the complexity and scope of a full procurement process. Ease the transition and risk by looking for FedRAMP authorized technologies. For additional information, visit the cloud for state government section of our website or contact one of our specialists now.