When the Federal Risk and Authorization Management Program (FedRAMP) launched in 2012, cloud computing was a fairly new business model in government. Few agencies were buying IT services and they were struggling to grasp the logistics of cloud procurement, implementation and security.
Fast-forward to the present. Virtually every Cabinet-level agency, including the Defense Department, is investing in cloud. FedRAMP has played a key role in that adoption by establishing a common baseline for securing cloud products and services.
Despite the progress, “it’s important for agencies to realize that we’re still in the beginning phase of FedRAMP maturity,” said Daniel Kent, Senior Director and Chief Technology Officer of Cisco’s U.S. Public Sector Organization. “There are about 16,000 cloud applications out there today, and only about 70 have been authorized by FedRAMP.”
But agencies at all levels of government see the value in using standards to improve cloud security. Although FedRAMP is a mandatory federal program, there is a growing number of state and local governments using the same requirements to evaluate their cloud service providers. The benefits include time and cost savings when verifying security practices at those companies, as well as a level of assurance that vendors have met rigorous security requirements. “FedRAMP has become a seal of approval with expanded value beyond the federal market,” Kent said.
To help government make the most of FedRAMP, GovLoop partnered with Cisco, a market leader in networking tools and FedRAMP-authorized cloud provider, to produce this report. To glean from Cisco’s insights GovLoop sat down with Kent and Andy Campbell, Business Development Manager of Cisco’s U.S. Public Sector, Regulated Cloud, to help agencies better understand what FedRAMP entails, how it can help them and practical tips to get the most out of the program.
