Agency officials and cloud service providers are among those riding the tide. The Office of Management and Budget set the deadline for June 5, granting vendors of cloud products and services a final reprieve for certification by the Federal Risk and Authorization Management Program (FedRAMP).
FedRAMP, managed by the General Services Administration, provides a systematized procedure for security assessment, authorization and continuous monitoring. Some federal users might hold fast to the physical servers and networks, albeit the incoming renaissance of cloud infrastructure and services.
Cloud service providers and agencies are growing increasingly more vitreous in their intensity of detail as the certification process assesses their functionality. Roat believes this lack of transparency was absent in the FedRAMP process.
GSA FedRAMP Program Manager Matt Goodrich is of the same mind. “The tech is easy. Culture change is hard.”
Goodrich said that these agencies accept that distinct IT facilities are less than vital to their success, that the cloud might be the best place for optimal functionality.
Roat notes that the Department of Homeland Security possesses elements that will require faculties that FedRAMP and their cloud security might overlook, or instead, fit well with.