FedRAMP’s Ongoing Evolution

The Federal Risk and Authorization Management Program (FedRAMP) is entering its teen years, having been established in 2011. Just as age 13 brings a host of changes for humans, it's also proving to be just as momentous for the program that provides a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for cloud products.

FedRAMP has evolved to meet the growing importance of cloud services to the daily operations of the government. However, the speed at which FedRAMP grants cloud service status has consistently been an issue. In 2022, Congress enacted the FedRAMP Authorization Act, making FedRAMP law. The bill included a laundry list of modernization steps for the program to speed up its work and expand its capacity, including through the use of more automation technologies. There have been a number of modernization efforts this year, implemented to help FedRAMP meet the demands of agencies and live up to its promise as a secure way to deploy cloud in government. Continue reading

Schools Have to Learn the ABCs of Ransomware

Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.

What Gets Compromised in a Ransomware Attack?

An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parents with threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors. Continue reading

Security in the “New Normal”

With telework expected to stay long after the pandemic ebbs, government agencies are looking to shore up the remote work solutions they put in place to ensure on premise security measures extend to the dispersed workforce. Multi-cloud environments are the reality for almost every agency. The many applications needed for the diverse functions of an organization require multiple cloud solutions to provide the specific support needed.

A report from Meritalk, Multi-Cloud Defense: Redefining the Cyber Playbook, found that 83 percent of respondents are increasing multi-cloud adoption to support telework and mission needs related to COVID-19. However, 42 percent said their cyber strategies cannot keep up. One part of the challenge is creating a solution that can be applied to the wide variety of endpoint devices and meeting enterprise security requirements.

Continue reading