Government // Cloud computing
News
3/4/2014
11:38 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

FedRAMP Cloud Security Approval: Look Who Applied

Officials unveil new FedRAMP Web portal, release details on firms seeking government's cloud security seal of approval.

Internet Of Things: 8 Cost-Cutting Ideas For Government
Internet Of Things: 8 Cost-Cutting Ideas For Government
(Click image for larger view and slideshow.)

FedRAMP (Federal Risk and Authorization Management Program), the program that helps agencies migrate to the cloud securely, is making public the names of cloud service providers that are in the process of obtaining the government's security certification.

The information appears in a new FedRAMP resource section on the Federal CIO Council's cloud.cio.gov site. FedRAMP.gov visitors were redirected to the site beginning last week. The new site provides a range of materials that agencies and cloud providers need to meet FedRAMP requirements.

The new FedRAMP site identifies, among other information, 10 previously undisclosed ''cloud systems in process'' seeking FedRAMP certification for new or additional cloud infrastructure, platform, and software services. The site provides details on the services under review from CenturyLink Technology Solutions, Clear Government Solutions (CGS), Economic Systems, Fiberlink (a unit of IBM), Hewlett-Packard, Layered Tech Government Solutions, Microsoft, Oracle, SecureKey Technologies, and Virtustream. CA Technologies also is reportedly seeking FedRAMP certification.

FedRAMP has already certified 14 cloud services from 12 providers, including an Oracle PaaS offering approved on Feb. 24.

[Get the full download on FedRAMP. Read Q&A: FedRAMP Director Discusses Cloud Security Innovation.]

The CIO Council cloud portal pulls together reference documents for agencies, cloud service providers, and third-party assessment organizations from FedRAMP's existing website. That site is run by the General Services Administration, which manages the FedRAMP program. The information is also integrated across the Cloud.cio.gov site, which focuses on users' need to ''learn about, use, acquire, manage and secure'' cloud services.

FedRAMP.gov visitors now land on a section of Cloud.cio.gov
FedRAMP.gov visitors now land on a section of Cloud.cio.gov

The new site has more forums and FAQs, according to Maria Roat, FedRAMP director at GSA. The GSA will continue to keep its version of the FedRAMP site active, she explained, because many documents out there reference the GSA website.

Agencies are under White House pressure to adopt cloud computing services and have them FedRAMP-certified by June 5, 2014. The program's security standards have attracted interest from cloud providers, but as FedRAMP officials acknowledge, they're trying to expand the offering of approved services.

FedRAMP officials have also announced plans to partner with the public-private group MeriTalk in an effort to widen FedRAMP's visibility within the federal IT market with the launch of the FedRAMP OnRamp.

The promotional site, due to go live March 13, promises to provide additional details about where companies are in the application process. It also plans to report on what agencies can save using FedRAMP-certified cloud services instead of building and certifying their own systems.

Based on preliminary reports from six FedRAMP-certified cloud providers and data on 210 cloud installations, MeriTalk estimates that FedRAMP has saved the government $52.5 million since the program began operating in 2012. It also found the government spent an average of $250,000 to bring each cloud service into full FedRAMP compliance.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)/p>

Wyatt Kash is a former Editor of InformationWeek Government, and currently VP for Content Strategy at ScoopMedia. He has covered government IT and technology trends since 2004, as Editor-in-Chief of Government Computer News and Defense Systems (owned by The Washington Post ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/4/2014 | 12:38:14 PM
Better add VMware to the list
VMware should be added to this list. VMware is the primary virtualization vendor for as much as 80% of large enterprises,  by some estimates. VMware's Angelos Kottas estimates its share in federal agencies may be "higher than the commercial market." That's a potential springboard into the compatible VMware vCloud Hybrid Servcie provided by Carpathia.
WKash
50%
50%
WKash,
User Rank: Author
3/4/2014 | 5:41:24 PM
Re: Better add VMware to the list
Certainly one should expect to see them added to the list.

First, however, they must complete a readiness process prior to the application kick-off where FedRAMP officials do an initial review of the CSP's docs to make sure they meet the mark on the level of detail required in describing their controls. Some CSPs don't know the government's FISMA requirements (which are at the heart of FedRAMP common standards) and can't adequately describe their system and controls. The readiness process does just that - gets them ready for the full-on authorization process.  
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
3/5/2014 | 8:31:09 AM
Re: Better add VMware to the list
On the positive side, the security approval process will add a kind of guarantee to some extent so that the enterprise need to have the "license" to enter cloud world. On the negative side, it may put extra burden and become just a kind of documentation process, which consumed resource of enterprise unnecessarily without any real value.
wfly222
50%
50%
wfly222,
User Rank: Apprentice
3/4/2014 | 2:18:51 PM
In process vs. applied.
There are the companies who actually made it into the FedRAMP process, not a comprehensive list of the companies who actually applied wich is probably in the hundreds. Just because someone feels VMware and Carpathis 'should' be listed here doesn't mean they are actually in the FedRAMP process.
Gov Cloud: Executive Initiatives, Enterprise Experience
Gov Cloud: Executive Initiatives, Enterprise Experience
In this report, we'll examine the use of cloud services by government IT, including the requirements, executive initiatives and service qualifications, and auditing and procurement programs that make government cloud adoption unlike that in the private sector.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.