Over three years into the program that allows US government agencies to use Cloud Service Providers (CSPs), there are 75 authorized products.
Most federal agencies currently use five or less of the authorized cloud offerings, other agencies use these offerings extensively.
The top five agencies with the most authorizations are:
- Department of Defense – 37 authorizations
- Department of Information Systems – 31 authorizations
- Department of Health and Human services – 27 authorizations
- Department of the Interior – 20 authorizations
- Department of Commerce – 17 authorizations
If you are unfamiliar with what FedRAMP is the Program Overview details how this program is an outflow of FISMA with a goal of providing a framework to vet the security of cloud services for use by federal agencies. FedRAMP intended to produce a “do once, use many times” framework in order to raise security assurance while lowering costs and shortening adoption time.
[su_pullquote align=”right”]FedRAMP accelerates approval of cloud offerings from two years to 15 weeks[/su_pullquote]
From the private sector, the approach the federal government has taken in detailing a process and maturing it is impressive. This is the type of model you want to pursue to both maintain or raise your level of confidence in what you offer your stakeholders and to take advantage of value in the marketplace.
I can run into some who desire to adopt wholesale any given cloud-based offering. Using a principle-based approach like this that utilizes a framework and then refining the process without throwing away critical pieces is appealing. Part of my consulting work is building out a similar style of framework; customizing legal, regulatory, contractual, and corporate information security requirements in support of a secure corporate environment, secure solutions, and secure operations. We leverage examples like FedRAMP as we craft our corporate solutions without giving up hope of maintaining our high corporate standards of delivering to our customers and creating value in the market.
Using evolving enablers like cloud offerings without throwing due care to the wind can be fatiguing but I think FedRAMP is a success story for migrating services to the cloud.
This post coincides with the National Cyber Security Awareness Month 2016. #NCSAM