Feds Issue First Cloud Services Security Authorization - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
12/28/2012
11:15 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Feds Issue First Cloud Services Security Authorization

FedRAMP, which aims to make it easier and more cost-effective for government agencies to adopt cloud services, is now officially open for business with the authorization of Autonomic Resources ARC-P service.

IW500: 15 Top Government Tech Innovators
IW500: 15 Top Government Tech Innovators
(click image for larger view and for slideshow)
In a bid to accelerate and make more cost-effective the adoption of cloud computing, the federal government Thursday issued the first government-wide security authorization for a cloud computing service as part of the new Federal Risk and Authorization Management Program (FedRAMP).

The FedRAMP program will eventually be a mandatory, common approach to ensuring that cloud computing services meet federal cybersecurity requirements. It will replace the historically agency-by-agency and therefore often duplicative approach to certifying that services meet these requirements. For now, though, almost 19 months after being announced, FedRAMP is still just getting off the ground.

In issuing the authorization on Thursday, the General Services Administration met its goal of finalizing its first security authorization by the end of 2012 and vaulted little-known North Carolina-based government contractor Autonomic Resources LLC, which received the authorization, into the public eye.

[ For more on federal cloud initiatives, see DOE, National Labs Reveal Sweeping Cloud Strategy. ]

The authorization process required Autonomic Resources to implement and thoroughly document its implementation of dozens of required FedRAMP security controls in the vendor's ARC-P infrastructure-as-a-service offering, and had auditors from cybersecurity consultancy the Veris Group verify and test those controls. The authority to operate granted by GSA serves as proof that Autonomic Resources meets federal cybersecurity requirements for cloud services, and enables any government agency to use ARC-P.

Autonomic Resources' ARC-P is a community cloud infrastructure-as-a-service offering that can provide federal agencies with managed and unmanaged virtual machines. Autonomic Resources hires only employees with government security clearances to manage its cloud operations.

The company, which offers a variety of cloud and other managed services to government agencies, counts among its customers the Environmental Protection Agency, the Department of Homeland Security, the Navy, the National Institutes of Health, and a number of state and local governments. It has also been awarded contracts as part of several broader GSA contract vehicles, such as the government-wide cloud email contract vehicle.

Dave McClure, associate administrator of GSA's Office of Citizen Services and Innovative Technologies, which has played a leading role in developing FedRAMP, estimates that agencies using FedRAMP will save $200,000 per authorization. While the authorization for Autonomic Resources is a start, agencies likely won't start seeing real savings until more prominent, commonly used services providers have their services authorized as part of FedRAMP.

While Autonomic Resources received the first FedRAMP authorization, larger cloud service providers and government contractors are sure to follow. About 80 companies have applied for FedRAMP authorization since GSA began accepting applicants this summer, and GSA said in a statement Thursday that more authorizations are expected in "early 2013."

Cloud computing, virtualization and the mobile explosion create computing demands that today's servers may not meet. Join Dell executives to get an in-depth look at how next-generation servers meet the evolving demands of enterprise computing, while adapting to the next wave of IT challenges. Register for this Dell-sponsored webcast now.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
1/6/2013 | 1:20:38 AM
re: Feds Issue First Cloud Services Security Authorization
I know this has been in the work for some time and it is good that it is finally being implemented. Is this strictly for government agencies or does Autonomic Resources also deal with a public/civilian sector as well? Is there any other agencies that are known in the pipeline that are going to be also approved for FedRAMP program? In mentioned 80 applications but any specific companies worth watching?

Paul Sprague
InformationWeek Contributor
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll