There's a nagging question for just about everyone involved in public sector technology: As agencies continue to modernize IT with cloud and other solutions, will cybersecurity protocols hold up?
Are you confident in your agency’s cybersecurity? Do you think you are detecting and repelling every attack against your network? Are your policies strong, your tools robust and your leaders supportive?
Federal and defense agencies are in many cases still stuck in old habits, missing out on the greatest potential of security. To move forward, many government organizations are investigating new technologies to increase cybersecurity.
But the reality is that while many solutions exist for organizations and companies transitioning to cloud architecture, most aren't suitable for the more sensitive government work. That creates a somewhat tricky landscape to navigate, as agency CIOs must approach IT through an at times more conservative lens. A constant battle wages between being compliant with federal mandates while also staying competitive in digital transformation.
To help steer agencies in the right direction, the federal government implemented the Federal Risk and Authorization Management Program (FedRAMP), which standardizes the "approach to security assessment, authorization, and continuous monitoring for cloud products and services," according to the U.S. General Services Administration (GSA) website. FedRAMP determines which cloud solutions are viable for government organizations from a security perspective, so agencies can keep sensitive and confidential information secure while taking advantage of the latest cloud solutions.
The program has considerable upside for the government at large, as well as individual agencies. According to FedRAMP's website, "cloud solutions allow for faster processing and more elasticity in computing in an on-demand, more efficient platform." That added efficiency could eliminate a significant percentage government costs by cutting back on time and staff required for typical security assessments, for instance.
The federal government has also worked to lessen length and cost of the approval process. Because FedRAMP is such a massive, collective effort (between major agencies like the General Services Administion, Department of Homeland Security and National Security Agency, to name just three), the process can take months to work through.
That's why last month FedRAMP released FedRAMP Tailored, which provides a faster, more streamlined approval process for low-impact software-as-a-service offerings. Instead of the usual 125 security controls, it only requires 36. That reduction lowers costs and opening up more possibilities for vendors who were hesitant about working with the federal government for this reason.
As FedRAMP evolves, government officials should find it easier to keep up with digital trends while still keeping cybersecurity core to its IT strategy. Agencies and the public can be confident that their information is kept safe, and employees can use the tools to do their jobs better and more easily.
October is Cyber Security Awareness Month, and Cisco is a Champion Sponsor of this annual campaign to help people recognize the importance of cybersecurity. For the latest resources and events, visit cisco.com/go/cybersecuritymonth.
This article is based on a Cisco Blogs article called "Taking the Necessary Cybersecurity Steps Forward with Federal Government Programs."