Cloud

Agency IT managers welcome FedRAMP changes

Cloud computing icon

"I'm excited about FedRAMP Ready, NASA's Roopangi Kadakia said, referring to the just-announced changes to the Federal Risk and Authorization Management Program.

Kadakia's excitement -- about plans to move away from the slow, documentation-driven current approach and put cloud services through a readiness capabilities assessment at the front end of the process -- was shared by several other federal IT managers FCW asked about the new processes unveiled by the General Services Administration on March 28.

At that March 28 announcement, FedRAMP Director Matt Goodrich said cloud services providers should be able to complete that initial assessment in less than a month. Final approvals by FedRAMP's Joint Authorization Board are expected to come much faster as well, but Goodrich said this improved FedRAMP Ready designation would give CSPs and federal agencies alike a clear signal that a given cloud service is on the path for FedRAMP authorization.

Kadakia, the web services executive in NASA's CIO office, spoke at a March 30 FCW event on the barriers to cloud adoption that agencies must overcome. She said the new review process, and especially the preliminary security assessment, would be an important improvement for implementing software-as-a-service, cloud-based systems federal agencies are increasingly implementing.

"An SaaS company may come in and you have no idea of their security posture, which is a very important piece of their service," she said. Under the new review process, Kodakia said, her agency would have more immediate proof with the up-front assessment, rather than having to slog through thousands of pages of documentation that may or may not accurately describe the actual controls.

"From an agency perspective, I don't need to re-do a deep dive on their security plan," she said.

Other federal IT executives at the same event agreed. "GSA gets it," said Securities and Exchange Commission Branch Chief Michael Fairless. The proposed review process that is now out for public comment "ultimately allows us to get [cloud] to our customers faster."

"Better, faster is the key," said Robert Vietmeyer, the Defense Department's associate director for cloud computing and agile development in the Office of the CIO. The new process, he said, shows cloud service providers are maturing in their offerings and federal government agencies are getting better at cloud services.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Tue, Apr 5, 2016 Chris Shenton Near the Beltway

We really need the FedRAMP process to be as quick as cloud providers create new services. While VM-style AWS EC2s may check the cloud box, we need more. Being allowed to use new services like AWS Lambda and API Gateway will drastically reduce the cost to government by avoiding infrastructure setup and 24x7 operations costs. Not being able to leverage those keeps us back and makes us less competitive in the market.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group