Strategic CIO // Executive Insights & Innovation
Commentary
2/18/2014
04:10 PM
Sean Applegate
Sean Applegate
Commentary
Connect Directly
LinkedIn
RSS
E-Mail

How FedRAMP Can Accelerate Cloud Adoption

Federal IT leaders can foster cloud adoption by incorporating automated, repeatable security processes.

FedRAMP governance entities.
FedRAMP governance entities.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
2/25/2014 | 10:08:52 PM
Re: Good suggestion
Stratustician makes a valid point. Operations team want to move forward and security specialists historically are the ones to say to no. Add to that layers of contractors and subcontractors who have vested interests in keeping the status quo and its easy to see hard it is to break the old pattterns. But that's another reason why repeatable processes need to be part of FedRAMP practices.

 
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
2/22/2014 | 1:30:54 PM
Re: Good suggestion
I think the biggest hurdle will be getting the security and operations teams to work together.  In most cases, I've seen the animosity between the 2 departments be a driving factor behind why the approval process is 6-12 months.  Operations folks are seen by the Security folks as a team that wants to be the great creators, but have little respect for security controls required to protect the assets.  When Security returns the project to them to say "Hey, it's good but X, Y, and Z need to be fixed to meet requirements A, B and C" the operations folks are rarely understanding. From an Operations perspective, Security folks are seen as the police force who are hell-bent on making their lives difficult by making the requirements so specific that any meetings between the two teams result in bashing of heads on desks out of frustration.

So putting these folks on the same team, while absolutely necessary and viable, could be hard, especially with folks who have been around for long periods of time and have the mentality of "This is how we've always done things".  The leading DevOps companies are all newer companies (compared to old Federal agencies) so they tend to have more forward-thinking employees who are open to new ways of doing things.  That is the real change you need to see in FedRamp to make it successful.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/18/2014 | 6:34:11 PM
Good acceleration advice?
Fed cloud provisioning: spin up a service in a day; spend 6-12 months obtaining security approval. As Applegate says, the federal government has got to get more into the spirit of the thing to get the benefits. Good advice on launching a hardened, secure Amazon Machine Image.

 

 
WKash
50%
50%
WKash,
User Rank: Author
2/18/2014 | 6:08:57 PM
Good suggestion
Sean Applegate makes a good suggestion here.  As he notes above: "It does no good to be able to spin up creative cloud services quickly if the security approval process requires 6-12 months of cumbersome, expensive security paperwork -- possibly costing more than the actual monetary savings of the cloud project itself."

Certainly taking a DevOps approach to streamlining and automating repeatable security processes makes a lot of sense.  Whether the FedRAMP Program Office is able to support that is an important question. It'll be interesting to get their take on it.

 
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest Septermber 14, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.