Cloud Providers Align With FedRAMP Security Standards - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Cloud Providers Align With FedRAMP Security Standards
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
1/27/2014 | 4:15:02 PM
ABC7 News Program Takes Notice of FedRAMP story
Those who follow FedRAMP may be interested to note, Washington's ABC7 TV news program, Government Matters, featured a segment, based on this report, on this past Sunday's program.  Here's a link to the program: http://www.wjla.com/articles/2014/01/government-matters---jan-26-2014-99605.html

 
WKash
50%
50%
WKash,
User Rank: Author
1/23/2014 | 9:02:45 PM
Re: Standards are great but don't forget about evolving risk
Affine, you make a fair point about the limits of using standards in an evolving cyber world. But FedRAMP isn't just about meeting a securitiy checklist, its also about assessing the risk posture of a system and being prepared for the risks. That's why they call it the Federal Risk and Authorization Management Program, not just the Federal Security and Authorization Management Program.
Affine
50%
50%
Affine,
User Rank: Apprentice
1/22/2014 | 12:26:30 PM
Standards are great but don't forget about evolving risk
The more we can get to a standards based security program, the easier for organizations to improve their security posture.  The risk that most organizations need to avoid is assuming that meeting the standards means they don't need to do anything thing else for security and IT risk.  This is an evolving landscape and NIST, PCI nor any other standard will ever keep up with the attackers will and desire to find new avenues for getting to the data and information that they want.  A strong security program that leverages a standard as a baseline but includes a strong risk analysis program that monitors and responds to the threat landscape is critical in the current environment we do are doing business in.
JaCa
50%
50%
JaCa,
User Rank: Strategist
1/22/2014 | 7:20:17 AM
Managing Cloud Risks With Service Organization Controls
Great to see FEDRAMP accelerating cloud adoption rates however with the current state of cloud security in general this will at times fall short in ensuring an absolutely secure computing environment, bespoke security for cloud based apps is still the way forward along with using compliance standards such as SOC to manage security. I work for McGladrey and there's a whitepaper on the website that aligns well with this article that was created on this subject, readers will be interested in it. @ "Managing cloud risks with service organization controls"   http://bit.ly/1a2LQnE
RB22
50%
50%
RB22,
User Rank: Apprentice
1/21/2014 | 2:55:09 PM
No doubt that "foundational security controls" built on a common standard are catching fire.
As a member of a leading 3PAO, I am excited to see this transformation as it occurs. What is equally impressive, is that organizations are not opting for a "lesser" standard, but instead, are adopting a standard that is challenging from the planning phase through continuous operation.
WKash
50%
50%
WKash,
User Rank: Author
1/21/2014 | 1:50:26 PM
Re: See Teresa Takai's take on JAB vs Agency ATO
Thanks for raising issue regarding JAB vs agency authorization and its scope.  When the JAB gives a cloud service "Provisional Authority to Operate" it has satisfied the CIO offices at DOD, DHS and GSA, as opposed to a single agency. some would say that carries more weight. But the the FedRAMP authoriztion by an agency, as HHS did with Amazone Web Services, satisfies the same requirements.


Of equal importance, and thanks for raising this also, FedRAMP authoritiy lapplies to a specific service.  AWS, for instance has more than three dozen cloud services across multiple regions. What HHS appoved was two infrastructure services that specifically meet HHS' requirements.  Other agencies can now build on those services, but that does not mean other AWS services share the FedRAMP seal of approval.

 
JFKHILTON
50%
50%
JFKHILTON,
User Rank: Apprentice
1/21/2014 | 10:33:50 AM
See Teresa Takai's take on JAB vs Agency ATO
The JAB vs Agency ATO difference isn't a debate. See quote from DoD CIO Takai to may help the deflections that occur about difference. Its not theoretical as some say, it is however rigourous.

 

"Cloud service providers can still receive direct operating authority from an individual federal agency, as Amazon Web Services did last May from the Department of Health and Human Services. But approval by FedRAMP's Joint Authorization Board, on which Takai sits, offers an added badge of authority that a cloud service conforms to a baseline of security standards that, subject to provisional review, will satisfy the demands of most federal agencies."

 

Beware / watch presentations made by CSP's, if one particular offering is FedRAMP accredited it does not "peanut butter" across all the CSP's offerings. Sat in many of presentations that one would assume the all the product offerings a CSP has; are accredited because one of the services has had an Agency ATO.


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll