This blog is an excerpt from GovLoop’s recent pocket guide, Collaboration-as-a-Service: Breaking Down What You Need To Know. Download the full perspective here.
Collaboration tools (e.g., instant messaging and presence, web conferencing, voice and unified messaging, mobility, and pervasive video) provide organizations, teams, and individuals the ability to “labor together” to achieve common desired outcomes in a more effective manner. Public and hybrid cloud services provide agility and flexibility via a more on-demand consumption model. While this sounds like the perfect combination, where do concerns about data security and risk mitigation fit into the collaboration cloud model?
For government users, and an increasing number of commercial enterprises, FedRAMP provides a tangible, standardized data security regimen for cloud-based collaboration tools.
“Without confidence in data security, the value to government users of cloud-based collaboration tools is diminished significantly,” said Andy Campbell, Government Cloud Business Development Manager at Cisco.
“For more than 25 years, Cisco has consistently developed products to meet our customers’ security compliance regulations such as FIPS (Federal Information Processing Standards), Common Criteria for Information Technology Security Evaluation, and the Department of Defense approved products list,” Campbell said. “Cisco is now applying these years of experience to our collaboration cloud SaaS offerings. As a trusted cloud service provider to the Public Sector, achieving FedRAMP authorization is a top priority. Additionally, FedRAMP’s framework of security controls is being integrated systemically into all of Cisco’s development efforts.”
Cisco’s web and video collaboration tool — WebEx — is a great example of this security focus, and is Cisco’s initial collaboration cloud SaaS authorization. WebEx FedRAMP-compliant services received FedRAMP Moderate authorization in January, 2016.
“To achieve FedRAMP Moderate authorization,” Campbell noted, “Cisco invested in designing, implementing and operating new WebEx FedRAMP-compliant clusters in multiple U.S. data centers. With an established, robust web and video collaboration service such as WebEx, we committed a lot of resources to prepare this offer for FedRAMP authorization. Our public sector customers now have the exact same highly-acclaimed web and video collaboration functionality in the WebEx FedRAMP-compliant system as private sector customers have in the commercial WebEx system.”
But Cisco isn’t stopping there. Later in 2016, the company will introduce a new group of collaboration tools for government to be known as Hosted Collaboration Solutions for Government (HCS-G). Leveraging its partnership with Apple Computer, HCS-G will bring the top collaboration tools (instant messaging and presence, voice and unified messaging, and mobility) to Cisco’s FedRAMP-compliant cloud portfolio. Combined with WebEx FedRAMP, HCS-G services will deliver to government customers a feature-rich, FedRAMP compliant, unified collaboration system. Additionally, Cisco is working to make sure that all of its commercial SaaS solutions are available to its government customers. “FedRAMP gives us a means to systematically build broadly-accepted security controls into government-trusted SaaS offers,” Campbell said.
Campbell likes to compare the evaluation of cloud collaboration tools to evaluating an automobile’s Insurance Institute for Highway Safety (IIHS) crash rating. “Government CISOs and users are seeking confidence in data security controls in multi-tenant cloud systems. Similarly, automobile buyers are seeking confidence in the security of themselves and their passengers in the case of a crash. FedRAMP compliance is the government’s version of a five star IIHS crash rating. When it comes to cloud collaboration, data security, and risk management, government agencies want assurance that the cloud systems they rely on are continuously capable of withstanding significant threat impacts. They want the safest cloud system available to protect their data whether that data is in-transit or at rest.”
Cisco’s FedRAMP-compliant cloud collaboration tools prove that data security, and bringing people together in an efficient, collaborative environment to achieve a common objective, do not have to be opposing forces — they can and do work together.