PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
July / August 2014 Vol. 16 / No. 6

Is FedRAMP the cloud security standard we've been waiting for?

The Federal Risk and Authorization Program was launched in June 2012 to support the adoption of standardized cloud services among federal agencies in response to President Barack H. Obama's "cloud first" policy -- a move intended to reduce the government's IT spending by cutting the number of data centers in use and sharing computing resources. To continue working with the federal government, cloud service providers (CSPs) had to apply for an authorization to operate (ATO) via either the FedRAMP Joint Authorization Board (JAB) or directly through a government agency by June 5, 2014. It's a feat that 12 CSPs have completed to date -- Akamai Technologies, Amazon Web Services, HP, IBM, Lockheed Martin, Microsoft and Oracle among them -- with dozens more stuck in a lengthy queue. While FedRAMP was created to save federal agencies both time and money ($40 million so far based on FISMA reporting), the accreditation program has been touted in some corners as a standards-based cloud security approach that could serve as a model for ...

Features in this issue

Columns in this issue