The Federal Risk and Authorization Management Program, also known as FedRAMP, has had its eye on cloud computing since government agencies first began expressing interest in these solutions as a way to boost efficiency and cut costs. While projects such as the Federal Data Center Consolidation Initiative have sought - and in many cases succeeded in their efforts - to put the cloud on the fast-track in the federal arena, FedRAMP has stood as a pillar of security and scrutiny in the face of the off-premise revolution.
Now, government officials are recognizing that the cloud is here to stay, and that FedRAMP must catch up with the times by becoming more flexible and communicative with organizations either entrenched in off-premise deployments or only just beginning the migration process. In recent news, the organization announced that it will be embracing a new perspective on the cloud in hopes of generating greater support and security for federal infrastructure in years to come.
A revamped strategy
While FedRAMP has been a staple of the federal cloud procurement process for more than two years, according to FCW, the program is expanding with a new roadmap issued by the General Services Administration. The source explained that the 24-month blueprint released by officials last week is slated to not only grow FedRAMP's sphere of influence, but also to streamline the functions it currently offers. While 27 cloud service providers and 313 third-party assessment organizations are already approved, there is certainly much more ground for FedRAMP to cover.
On a broader scale, the program aims to increase focus on compliance standards and agency participation, improve the efficiency of its processes and foster the adoption of transformative new technology. In more concrete terms, this means delivering baseline metrics on key adoption and implementation cases, as well as releasing new automation requirements that will help participating vendors meet FedRAMP regulations on shorter time horizons. These enhancements are meant to provide advantages to all participating agencies - not just intrepid early adopters.
"The first thing we always hear from agencies is, 'Why should I do it first because then everyone else is getting it for free,'" FedRAMP Director Matthew Goodrich said in a recent statement, according to Federal Times. "So we want to make sure we're showing the benefits of FedRAMP across the government. If you do one, another agency does one, you're all going to benefit in the end. The entirety of government is going to save in the end."
Security reigns supreme
Above all, FedRAMP officials have vowed to maintain their commitment to cyber security as the program progresses into its third year, especially as new digital threats have government agencies on high alert. FCW noted that the GSA is currently in the process of drafting a baseline for non-classified technology systems in accordance with the Federal Information Security Management Act, in addition to a continuous data monitoring strategy that will uphold best practices long after cloud resources are implemented.
As FedRAMP continues to raise the bar for compliance and security while facilitating the procurement of next-gen IT assets, government agencies must hold up their end of the bargain in terms of remaining in line with the measures laid out by the program. Kathy Conrad, acting associate administrator for the Office of Citizen Services and Innovative Technologies, told Federal Times that agencies are ultimately accountable for the success or failure of their cloud agendas, and must focus on their own strategies first and foremost. While FedRAMP will be there to assist organizations in the process, it is up to internal decision-makers and trustworthy vendors to transform IT for the better.