StateRAMP: An Outgrowth of FedRAMP for SLED

By Troy Fortune, VP & General Manager

Is StateRAMP on your radar screen? If you are a cloud software vendor and trying to sell into the state, local and education market, I encourage you to pay attention.

Modeled after FedRAMP, StateRAMP is gaining traction among many state CIOs. For the last seven years cybersecurity has topped the priority lists for CIOs at the state, local and education (SLED) levels, yet there are no established security standards they have all agreed to.

StateRAMP plans to leverage the existing FedRAMP assessment and approvals processes to help simplify the implementation for government and industry. Logistics for FedRAMP to StateRAMP transitions are still being finalized but vendors should look for the marketplace to launch in Q2 of 2021.

Cyberattacks on the Rise

Cyberattacks in SLED have amped up in recent years and become increasingly sophisticated, targeting sensitive citizen PII data. Many organizations have begun taking steps to protect their databases and systems, but those measures vary widely from state to state and even department to department. The expanded use of cloud-based systems to house and manage critical services like Medicaid and unemployment insurance only increases the risk. Unfortunately, few standards exist for cybersecurity or cloud security, which makes the protection of their sensitive data even more challenging.

StateRAMP promises to alleviate the burden by verifying the cybersecurity of cloud service providers for state and local government in a centralized approach. While StateRAMP is not currently required across all 50 states, increasing pressure for a higher level of security is expected to drive adoption by many state and local governments.

Here are three reasons why StateRAMP is a win-win for both government and vendors.

(1) Simplified Procurement

The StateRAMP one-to-many approval concept simplifies procurement. It provides a one-stop shop of verified, secure cloud solutions. State and local governments can be confident they will be adhering to published security policies. As more state and local governments begin adopting StateRAMP for cloud security verification, you should make sure your solution is listed on the StateRAMP marketplace — or you’ll be missing potential opportunity.

(2) Flexible Design

Each of the more than 90,000 organizations that comprise SLED are unique, so a flexible approach to security standardization was needed. While modeled after FedRAMP, StateRAMP incorporated flexibility into the process that will allow each state and local government organization to align the approval process with their unique cybersecurity posture. This flexible but standardized approach shortens the negotiation process for states and makes StateRAMP approved vendors more attractive during the evaluation process.

(3) Reduced Cost and Risk

With third-party verified products, state and local governments not only reduce risk, they can also save money on overhead and less expensive cyber insurance premiums. IT budgets are stretched tight and state and local governments need to be careful with every investment they make. Using the StateRAMP approval process and its approved vendors state and local governments make the justification for investment because the risk is low.

Cybersecurity attacks on state and local governments don’t show any sign of letting up. To ensure sensitive data is being protected, StateRAMP will likely become the marketplace of choice for CIOs to quickly and easily procure secure cloud solutions. If you do business in the state and local arena, StateRAMP authorization will be a market differentiator that you can’t afford to pass-up.

Keep on top of the latest trends in government IT. Subscribe to immixGroup’s Government Sales Insider blog.

If you’d like to learn more about getting FedRAMP authorized and our OnRAMP solution, visit our webpage here.

Leave a Reply

%d bloggers like this: