The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.
With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.
Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.
Once we've emerged from the crisis, it will be interesting to see how government moves forward with the use of technology acquired and utilized in this time of rapid response. As FedRAMP enters its second decade, an evolution larger than anyone could have predicted may be on the horizon. Its role in effective and secure cloud use today and into the future will be a hot topic.
Stay up to date on the latest FedRAMP trends, predictions, and discussions at the following events.
- Public Sector Cloud Security Briefing (May 12, 2020; online) - This cloud security briefing will present principles of securely adopting cloud services within public sector agencies. Attendees will gain insights to empower security and assurance teams and learn how fellow agencies are using direct-to-internet approaches.
- Data Security in a Perimeterless World (May 13, 2020; online) - As agencies modernize legacy systems and move apps, systems, and workloads to the cloud - and more employees, contractors, and citizens connect remotely and from multiple devices - the perimeter for federal networks is dissolving. Data is the new perimeter. Identifying and protecting data wherever it is created, shared, or stored through its entire lifecycle becomes the priority. This digital briefing will unveil survey results presented in the 2020 Thales Data Threat Report - Federal and share best practices in creating a cohesive data security strategy in a perimeterless world.
- Cloud Computing Conference @930 Gov (May 20, 2020; online) - This event will review the variety of platforms and solutions available for agencies that are looking to use the cloud for data center consolidation and other technology efficiencies. It will highlight federal government success stories and provide a roadmap of how those responsible for implementing cloud-based technologies can evaluate the options and choose the best solutions for their agency.
- AWS Public Sector Summit Online (June 30, 2020; online) - Whether it's exploring the cosmos, researching life-saving cures, or hosting petabyte-scale apps, the cloud is revolutionizing how we work and live. This event brings together the innovators who are building the future with secure, artificial intelligence (AI) ready cloud services.
- Cloud Together Summit (October 15, 2020; Pentagon City, VA) - With new federal policies like the Cloud Smart Strategy and TIC 3.0 leading the way, the federal government faces an inflection point of unprecedented digital transformation in the cloud. The Cloud Together Summit is a forum where government, industry, policy, and academia will converge to share, educate, and inspire our Federal IT community on the ways that technology is converging to keep modernization and digital transformation initiatives moving forward.
How are you balancing FedRAMP compliance while leveraging cloud solutions? Tell us about it in the comments. Be sure to check out GovEvents for our listing of virtual events, webinars, and library of on-demand events.