Full speed ahead for FedRAMP or should we expect a bumpy ride?
The clock is ticking. In just two years, the Federal Risk and Authorization Management Program (FedRAMP) is scheduled to be fully operational.
FedRAMP– a massive interagency initiative that includes the General Services Administration, National Institute of Standards and Technology, Department of Homeland Security, Office of Management and Budget, Department of Defense and others — aims to speed up the adoption of cloud computing throughout the federal government by standardizing security controls.
Both federal and commercial sector cybersecurity and cloud experts are trying to agree on a standard set of security assessments and monitoring techniques that agencies can adopt when implementing cloud computing solutions. FedRAMP’s governing body, the Joint Authorization Board, is overseeing the process, providing authorization and technical expertise in order to address each agency’s security concerns. The goal is a “do-once, use many times” approach to cloud computing that should lead to improved IT security throughout the federal government, greater transparency between agencies and cloud service providers, and increased savings for taxpayers.
Sounds like a win-win, right? Despite the perceived benefits of FedRAMP, there are some challenges. The greatest, and most obvious, problem is that each agency’s cloud computing security needs are widely different. For instance, the DoD requires highly sensitive intelligence data to execute missions on the battlefield and fight terrorism, whereas the GSA may not need as much security to support agency communication efforts. Implementing the same solution may not be in the best interest of every agency and the federal government as a whole.
Secondly, as I pointed out in my previous post, agencies will have a difficult time finding savings as they comply with the cloud-first mandate. Will the perceived cost benefits of FedRAMP outweigh the expense of switching to the cloud? It’s too soon to tell, and I will be interested to see when, or if, these savings will be realized.
Could FedRAMP ultimately live up to the hype, or will it be relegated to the dustbin of other failed federal IT initiatives and programs? Only time will tell. Leave a comment here, or let me know your thoughts on Facebook or Twitter.
Image courtesy of Flickr User mgrayflickr