Agency IT managers welcome FedRAMP changes
Top federal IT managers and cloud management experts say recent changes to the FedRAMP program could make life easier.
"I'm excited about FedRAMP Ready, NASA's Roopangi Kadakia said, referring to the just-announced changes to the Federal Risk and Authorization Management Program.
Kadakia's excitement -- about plans to move away from the slow, documentation-driven current approach and put cloud services through a readiness capabilities assessment at the front end of the process -- was shared by several other federal IT managers FCW asked about the new processes unveiled by the General Services Administration on March 28.
At that March 28 announcement, FedRAMP Director Matt Goodrich said cloud services providers should be able to complete that initial assessment in less than a month. Final approvals by FedRAMP's Joint Authorization Board are expected to come much faster as well, but Goodrich said this improved FedRAMP Ready designation would give CSPs and federal agencies alike a clear signal that a given cloud service is on the path for FedRAMP authorization.
Kadakia, the web services executive in NASA's CIO office, spoke at a March 30 FCW event on the barriers to cloud adoption that agencies must overcome. She said the new review process, and especially the preliminary security assessment, would be an important improvement for implementing software-as-a-service, cloud-based systems federal agencies are increasingly implementing.
"An SaaS company may come in and you have no idea of their security posture, which is a very important piece of their service," she said. Under the new review process, Kodakia said, her agency would have more immediate proof with the up-front assessment, rather than having to slog through thousands of pages of documentation that may or may not accurately describe the actual controls.
"From an agency perspective, I don't need to re-do a deep dive on their security plan," she said.
Other federal IT executives at the same event agreed. "GSA gets it," said Securities and Exchange Commission Branch Chief Michael Fairless. The proposed review process that is now out for public comment "ultimately allows us to get [cloud] to our customers faster."
"Better, faster is the key," said Robert Vietmeyer, the Defense Department's associate director for cloud computing and agile development in the Office of the CIO. The new process, he said, shows cloud service providers are maturing in their offerings and federal government agencies are getting better at cloud services.