FedRAMP’s Ongoing Evolution

The Federal Risk and Automation Management Program, commonly known as FedRAMP, was introduced in 2010 and signed into policy at the end of 2011 as a "standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services." In plain English, it provides a baseline for agencies to determine if a cloud solution is secure enough for them to use. Vendors get FedRAMP certified as a way to prove their solution is ready to plug and play into federal systems.

In recent years, cloud has moved from a curiosity for most agencies to a key part of IT infrastructure. With this change in cloud acceptance and use, FedRAMP has also started to evolve to meet today's needs. Last summer, Rep. Gerry Connolly introduced the FedRAMP Reform Act of 2018 as a more stringent enforcement of the use of FedRAMP guidance.

While widely used, getting FedRAMP authorization can be costly and time intensive for vendors. Agencies looking to deploy a solution quickly many times find ways to bypass FedRAMP to get what they know is a secure and effective cloud solution up and running. This reform act aims to "clarify the responsibilities of federal and private sector stakeholders, establish a process for metrics so Congress can evaluate the progress of the program, and provide FedRAMP customers with the certainty and process reforms they have long sought." This reform also looks to make it more appealing for agencies to use previously reviewed solutions, realizing the re-use goals of the initial program.

Agency modernization plans inevitably include some form of cloud. Hybrid cloud is looking like the prevailing methodology in today's digital transformation. FedRAMP will play a huge role in making sure that these multiple cloud systems are secure when connected. This hybrid strategy is underlined by the administration's move from "cloud first" to "cloud smart." This approach means understanding what applications work best in the cloud (be it public or private) and making modernization decisions based on that information rather than just moving to cloud to meet mandates. The Social Security Administration recently spoke about how the cloud smart strategy has helped them reduce their footprint and reliance on mainframes to become more responsive to the growing benefit pool.

There are a number of great events, both live and recorded, that provide education and collaboration on FedRAMP and smart cloud migration strategies. We've listed just a few here:

• Government Cloud Computing: The Latest Trends, Initiatives, and Best Practice Advice (on-demand webinar) - A panel of government experts discuss the latest guidance, trends, strategies, initiatives and tools driving cloud computing in the public sector. Some of the issues addressed include: Which is the best cloud architecture to support the business? How is data protected and risk mitigated? What are the interdependencies among applications and systems? How do I gain transparency into my costs, operations, and performance?
• Digital Transformation in Local Government (on-demand webinar) - Experts from Salesforce and Vertiba discuss the findings of The Center for Digital Government Research that surveyed over 150 IT officials, agency heads, and appointed officials across the US to identify the key aspects of digital transformation in Government. Discussion includes how comfortable they and their peers are with cloud technologies.
• Cloud Synergies delivering Value to Public Sector (on-demand webinar) - This webinar features Cloud Subject Matter Experts discussing the tangible benefits of an integrated approach to cloud. They discuss how to create synergies with on-premise capabilities and the public cloud to improve efficiency, lower costs, and operate within FedRAMP authority.
• RSA Federal Summit (January 24, 2019; Washington, DC) - This event will discuss the ecosystem of IT Modernization within the Federal Government, including the Congressional Modernizing Government Technology (MGT) Act, the GSA Centers of Excellence, IT Category Management, and the Report to the President on IT Modernization for protecting high value assets, encouraging cloud migration and the emphasizing shared services.
• The Role of Cloud and Customers in Modernizing Health and Human Services (January 30, 2019; webcast) -- Michigan transformed the way it delivers health and human services to better serve case workers and those seeking assistance. Moderated by Jessica Kahn, former director at CMS, this webcast will explain how a focus on people and the right technology foundation can help governments modernize their health and human services programs.
• Cybersecurity Leadership Forum (April 4, 2019; Arlington, VA) -- Learn how the best minds in government and tech are changing the paradigm when it comes to cybersecurity. Leaders from across government will share what is working today and what they are focused on next when it comes to protecting our nation, our citizens and our critical assets. Attendees will hear from experts representing a spectrum of cyber situations and risks, including CDM, data analytics, insider threats, and cloud security.
• Ignite '19 (June 3-6, 2019; Austin, TX) - Produced by Palo Alto Networks, this conference features highly technical information, industry luminaries, 1:1 sessions, specialized course tracks, networking with peers, and certification exams. Attendees will hear the latest best practices, tips and strategies from industry experts for safely enabling applications while preventing successful cyber breaches across networks, endpoints, and public and private clouds.
• AFCEA DC Innovative Technologies Summit (June 4, 2019; Washington, DC) -- The accelerating pace of technology innovation certainly has the potential to reap benefits for federal agencies, offering potential game-changers and force-multipliers for agency operations and missions. But there's a catch: Agencies first need to figure out how to adopt these technologies within the parameters set by existing policies, processes and mandates.

Let us know what events you're attending to learn more about smart and secure use of cloud solutions.