The U.S. federal government is not exactly renowned for taking a lot of technology risks, especially when sensitive and classified information is at stake.
But it may be breaking out of its comfort zone after the Federal Risk and Authorization Management Program (FedRAMP), under the auspices of the Government Accountability Board, authorized its first cloud security vendor. This bodes well for MSPs and solution providers with government ties, as they can now rev cloud solutions that target federal and other public sector customers.
The first vendor to make the grade was IT services firm Autonomic Resources LLC, which proved it could implement necessary security controls aligning with federal guidelines that sensitive information stored in the cloud would remain safe.
Cloud security has been edging its way into the federal space for a while. Launched earlier this year, FedRAMP is aimed at standardizing the approach of vetting the security capabilities of cloud computing services. The program provided metrics that ensured cloud provider adherence to federal security requirements. The net-net: Government customers will rely on more cloud services and employ and contract more cloud providers.
However, the process will be more rigorous. The induction of Autonomic Resources was contingent on passing a series of approvals and security audits from a third-party auditor, and more are scheduled for 2013. Going forward, FedRAMP standards will be the determining metric to IT upgrades and consolidation in the federal space.
The rigorous scrutiny may be well worth it for the cloud security channel. The federal government represents one of the largest buyers of information management technologies, and the fact FedRAMP is actively approving cloud providers indicates those markets will open to managed services and solution providers.
The first wave will likely be service providers with existing government relationships. Founded in 2001, government IT service provider Autonomic Resources has benefited from long-standing federal ties. Its Autonomic Resources Cloud Platform (ARC-P) was granted government-wide “Authority to Operate” status at the FISMA Moderate Impact Level in December of 2011. But approving Autonomic Resources for FedRAMP will set a precedent for a wider array of cloud providers to achieve greater eligibility for federal contracts throughout 2013.
The development is a departure for the federal government, which has typically shied away from disruptive technologies such as cloud and social media that could threaten sensitive and classified data.
Cloud security has rapidly been gaining traction in other verticals and is set to top $6 billion by 2016, according to a Transparency Markets research report.
But to cloud providers, federal and public sector markets have typically remained out of reach until now. It’s a good sign for cloud security vendors, such as governance, risk and compliance firm LockPath, and it sets the stage for others cloud security firms to be onboarded in the not-too-distant future.
Leave a Reply