FedRAMP Cloud Security Approval: Look Who Applied

Officials unveil new FedRAMP Web portal, release details on firms seeking government's cloud security seal of approval.
Internet Of Things: 8 Cost-Cutting Ideas For Government
Internet Of Things: 8 Cost-Cutting Ideas For Government
(Click image for larger view and slideshow.)

FedRAMP (Federal Risk and Authorization Management Program), the program that helps agencies migrate to the cloud securely, is making public the names of cloud service providers that are in the process of obtaining the government's security certification.

The information appears in a new FedRAMP resource section on the Federal CIO Council's site. visitors were redirected to the site beginning last week. The new site provides a range of materials that agencies and cloud providers need to meet FedRAMP requirements.

The new FedRAMP site identifies, among other information, 10 previously undisclosed ''cloud systems in process'' seeking FedRAMP certification for new or additional cloud infrastructure, platform, and software services. The site provides details on the services under review from CenturyLink Technology Solutions, Clear Government Solutions (CGS), Economic Systems, Fiberlink (a unit of IBM), Hewlett-Packard, Layered Tech Government Solutions, Microsoft, Oracle, SecureKey Technologies, and Virtustream. CA Technologies also is reportedly seeking FedRAMP certification.

FedRAMP has already certified 14 cloud services from 12 providers, including an Oracle PaaS offering approved on Feb. 24.

[Get the full download on FedRAMP. Read Q&A: FedRAMP Director Discusses Cloud Security Innovation.]

The CIO Council cloud portal pulls together reference documents for agencies, cloud service providers, and third-party assessment organizations from FedRAMP's existing website. That site is run by the General Services Administration, which manages the FedRAMP program. The information is also integrated across the site, which focuses on users' need to ''learn about, use, acquire, manage and secure'' cloud services.

The new site has more forums and FAQs, according to Maria Roat, FedRAMP director at GSA. The GSA will continue to keep its version of the FedRAMP site active, she explained, because many documents out there reference the GSA website.

Agencies are under White House pressure to adopt cloud computing services and have them FedRAMP-certified by June 5, 2014. The program's security standards have attracted interest from cloud providers, but as FedRAMP officials acknowledge, they're trying to expand the offering of approved services.

FedRAMP officials have also announced plans to partner with the public-private group MeriTalk in an effort to widen FedRAMP's visibility within the federal IT market with the launch of the FedRAMP OnRamp.

The promotional site, due to go live March 13, promises to provide additional details about where companies are in the application process. It also plans to report on what agencies can save using FedRAMP-certified cloud services instead of building and certifying their own systems.

Based on preliminary reports from six FedRAMP-certified cloud providers and data on 210 cloud installations, MeriTalk estimates that FedRAMP has saved the government $52.5 million since the program began operating in 2012. It also found the government spent an average of $250,000 to bring each cloud service into full FedRAMP compliance.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)/p>

Editor's Choice
Mary E. Shacklett, President of Transworld Data
James M. Connolly, Contributing Editor and Writer