Users, for a while, had mixed feelings toward cloud services. Cloud could be seen as a burden to adopt in government agencies and an overall security risk. However, the Federal Risk and Authorization Management Program (FedRAMP) helps address these problems. At first, the FedRAMP system received lukewarm reviews. However, in light of a recent revamp of the FedRAMP website, things are looking up for the government’s cloud services.
Matt Goodrich, Director of FedRAMP in the General Services Administration, discussed with Christopher Dorobek, host of the podcast DorobekINSIDER, FedRAMP’s new website, designed to improve the user experience and the existing attitudes towards government cloud services.
Cloud, according to Goodrich, was at first not secure. “Frankly, when we launched, the security was a barrier,” he said. That is no longer the case, and Goodrich wants to make sure that everyone knows it. “At this point, security, like with any IT, is a factor, but it’s not longer being viewed as a sort of hindrance for the cloud,” he said.
Goodrich told us the older FedRAMP website had some issues, which didn’t help matters. It has been very difficult for users to find the information that they need to understand FedRAMP from the perspective of someone on the outside.
“Even though we have a lot of information, it’s not presented in a way that’s user friendly,” said Goodrich. “Frankly, we had a lot of very detailed information on FedRAMP, but we didn’t have a lot of high level overview of what the program does, what the mission of the program is, and how you can effectively interact with the program. We were missing some of that.”
So, a facelift was in order to make things easier for the FedRAMP user. Goodrich’s team put themselves in the shoes of the user to best understand how to improve the FedRAMP experience. They asked themselves a series of questions.
“If you’re an agency, how do I go through this with a vendor? If I’m a vendor, what does that mean I have to do to star? Or, if I’m an assessor that’s working with the vendors and the agencies, where do I interact with this, and what’s my end goal?”
To answer these questions and figure out what specifically needed improvement, they conducted interviews with agencies, cloud providers, and third party investors. Based upon their findings, they redesigned the website and its training function, and their efforts are a continuous work in progress. They changed (and are still changing) many features, such as the security controls, the vendor functions, and did an overhaul of the training program.
So where is this all going? The goal of FedRAMP is to make cloud secure, and hopefully the new system will service this purpose. However, there are some added bonuses.
“The ancillary benefit is enhancing government moving to the cloud faster… People didn’t believe the cloud was secure. And now we’ve proved that. So now, [FedRAMP] is allowing agencies to accelerate their adoption of cloud and put services they didn’t think could go there,” said Goodrich.
Basically, good days are ahead for FedRAMP and government cloud. Looks like the GSA has found the sunny patches around the cloud.