Posted by: Ron Miller
Cloud computing, FedRAMP, Security
The US government is looking to go the Cloud in a big way as a way to save money and consolidate data centers, but as part of that initiative, FedRAMP is a way to streamline federal security approval. If the cloud vendor can pass the US government’s security muster, chances are it can pass yours too.
FedRAMP is a set of federal guidelines, which define the minimum level of security required for a cloud vendor to do business with the federal government. As Dave Perera writes on FierceGovernmentIT, FedRAMP outlines 116 total controls for low-impact systems and 297 controls for moderate-impact systems under FedRAMP.
And when the cloud vendors are done doing that, your business is going to benefit too.
And that’s a big advantage of cloud computing for any down-stream businesses. Years ago I interviewed somebody from Salesforce.com who pointed out to me that when the company’s largest customers ask for certain features, everyone benefits, even a small business with just a few people.
That’s because there is usually only one system, not a tiered one, so when the biggest enterprise or government customers make feature requests you can get that same level of service no matter how big you are. This is a departure from the way traditional proprietary enterprise software usually works. If a small business wants the same level of security as an enterprise, it’s probably going to have to pay through the nose for it. The cloud offers these services at a much more reasonable entry point and you typically only pay for what you use.
Just this week, in fact, FierceGovernmentIT reports that there was a major update to FedRAMP guidelines that takes the security controls even further, providing a soup-to-nuts approach for privacy and security, mobile-specific controls and inside threat mitigation.
That’s an important package of controls for any government agency, but even better, if the cloud vendor is building out this kind of control for the government, it’s building it for you too.
Security and privacy concerns aren’t just the domain of the federal government. These are primary concerns for enterprise customers too and these controls should go a long way toward addressing some of the primal fears of letting go of control of information in the cloud.
As stringent as your security may be, I’m guessing in many cases, it probably hasn’t met the criteria outlined in these guidelines. In a post on dZone’s CloudZone, consultant JP Morgenthal called the cloud the great equalizer, giving big businesses a way to be more agile and flexible while giving small businesses the access to the same services as their larger counterparts.
As the cloud grows in popularity and moves from small to big business and into all aspects of the federal government, these advantages will only grow more apparent, as even the smallest business gets the same service as the federal government.