Home / Civilian / FedRAMP’s ‘Flaws’ Won’t Improve Cloud Security, Expert Says

FedRAMP’s ‘Flaws’ Won’t Improve Cloud Security, Expert Says

Image: fsteurope.com, Stephen Orsillo

As cloud computing in the federal computing increasingly takes flight, some observers remain worried about security of information stored on a cloud platform.

Just a few weeks ago, the General Services Administration and the Chief Information Officers Council unveiled the new security guidelines for cloud computing, the Federal Risk and Authorization Management Program. FedRAMP, as it is known, will continuously monitor cloud platforms, provide security authorizations and reduce redundancies, is currently seeking comments, before the first phase becomes operational, likely early next year.

But even that is not enough to assuage some experts, such as Alan Paller, director of research at the SANS Institute, an information security training organization. He recently penned an analysis for Nextgov, about FedRAMP’s flaws, which he wrote will “lead to a broad failure to measurably improve security in cloud computing.”

FedRAMP does not focus enough on application security, Paller said. The method FedRAMP uses (a contractor to manage the infrastructure and another to run the application) “almost completely ignores the responsibility of the application contractor to ensure that the application is secure and all its components updated and patched,” he added.

This is becoming increasingly important as application attacks have become more frequent than system-level attacks, Paller said.

Another FedRAMP flaw deals with “continuous monitoring.” Paller said this should mean testing every few days, but the plan calls for testing on a quarterly and annual basis, requiring outdated paper reports, he said.

Check Also

Four Universities to Manage Nuclear Research Centers Under DOE NNSA Partnerships

The Department of Energy's National Nuclear Security Administration has selected four universities to operate new centers of excellence under a shared allotment of $40.5M. These new centers will work to foster collaboration between the NNSA and academia under the Stewardship Science Academic Alliances program, the DOE said Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *