You’ve heard about the benefits, you’ve read the case studies and you know how much the cloud can help your organization’s IT efforts. You’re sold. But now what?
For US federal government agencies, before you deploy any cloud solution, you need to make sure the tool has been evaluated and approved by FedRAMP (Federal Risk and Authorization Management Program). FedRAMP has been around for half a decade, so the name should ring a bell. At its core, FedRAMP aims to streamline the process of ensuring a cloud solution is robust, resilient and safe enough for sensitive government data.
Most of the big players in the cloud computing space have some form of authorization to operate (ATO). Using the FedRAMP Marketplace tool, it’s easy to identify which products have already been FedRAMP approved, but also which solutions are currently being evaluated and may become available in the near future. According to the FedRAMP website, 87 cloud solutions have been authorized, with 66 additional solutions currently under evaluation.
For example, Microsoft has several authorizations for Azure Government, Dynamics CRM Online for Government, Global Foundation Services for Government and multi-tenant deployments of Office 365, with more authorizations on the way. Office 365 with ITAR support is one of the products currently being evaluated by FedRAMP for authorization – the first email application to become FedRAMP approved, according to a 2014 article from the Federal Times.
One of the benefits of FedRAMP approval isn’t just that it eases the evaluation and ATO process for federal agencies – it also means that approved cloud solutions are constantly being monitored to ensure cybersecurity features are constantly up to par.
Concerns about FedRAMP centered on time. The evaluation and ATO process was drawn out, and agencies that needed to upgrade their legacy infrastructure had to wait. It also meant there were limited options to choose from when the project got up and running.
According to a 2017 report by Coalfire, cloud service providers have seen the process pick up pace – it takes 65% less time for approval than in 2014. The report also shares that “20 federal agencies have leveraged FedRAMP five or more times,” though the report also posits that approximately 60% of agencies have not yet taken advantage of FedRAMP.
This means that federal agencies are missing out on a significant opportunity to upgrade from the legacy solutions of yesteryear and move to the cloud. As last year’s GAO report pointed out, modernization spend for federal agencies has dropped $7.3 billion since 2010, while spend on maintenance of existing legacy infrastructure has crept up year-over-year, which might explain why some agencies have yet to take advantage of FedRAMP-approved cloud solutions.
One useful tool for federal agencies that want to start looking at FedRAMP solutions and other modern IT upgrades is the Microsoft partner ecosystem. Many partners specialize in working with US government agencies and are very familiar with the compliance, security and governance concerns unique to the public sector. If you’re interested in cloud solutions or cloud migration for your federal government organization, we invite you to get in touch – we have an offering of FedRAMP compliant solutions that work alongside Microsoft cloud deployments to make migration, archiving, securing and more much easier.