FedRAMP OnRamp Seeks to Ease Path to Secure Government Clouds [March 14, 2014]
By Rich Miller
WASHINGTON, D.C. - Ordering a pizza over the Internet is easy. Provisioning compliant cloud services for federal government agencies is hard.
Steve O’Keeffe would like to change that. O’Keeffe is the founder of MeriTalk, a public/private partnership focused on improving government IT, which has launched a new tool to help federal agencies find cloud providers that have received security certifications under The Federal Risk and Authorization Management Program (FedRAMP).
The FedRAMP OnRamp was launched Thursday at the Data Center Brainstorm, a conference at the Newseum that brought together IT managers from federal agencies, along with representatives of leading vendors and service providers to the government sector.
“The challenge with FedRAMP is that it hasn’t been particularly transparent until now,” said O’Keeffe. “There are different flavors of FedRAMP, and they’re all about risk management.”
Cloud First, But Only With FedRAMP
FedRAMP is designed to centralize the process of certifying vendors to offer cloud computing services that meet the strict security requirements of federal agencies. Cloud providers must gain FedRAMP certification to provide cloud services to federal agencies. Without FedRAMP, service providers would need to individually certify cloud installations at each agency they serve.
That would be an expensive undertaking. MeriTalk estimates the average cost for the government to perform a FedRAMP cloud security certification at $250,000. Using FedRAMP has already saved service providers more than $37.5 million in certification costs, according to estimates from MeriTalk and the General Services Administration.
That doesn’t mean that it’s always user-friendly. One of the goals of the FedRAMP OnRamp is to provide quick access to information about which companies have gained certification as Cloud Service Providers. That number currently stands at 14: AINS, Inc., Akamai, Amazon, AT&T, Autonomic Resources, CGI, Concurrent Technologies, HP, IBM, Lockheed Martin, Microsoft, Oracle, and the U.S. Department of Agriculture.
Another 15 cloud providers are currently in the FedRAMP approval process, including Acquia Inc., CA Technologies, CenturyLink Technology Solutions, Clear Government Solutions (CGS), Economic Systems, Fiberlink, HP, Layered Tech Government Solutions, Microsoft, Oracle, Salesforce.com, SecureKey Technologies Inc., Verizon Terremark, Virtustream, and VMware.