Painless FedRAMP Authorization: Four Steps to Follow

March 4, 2020 Leave a comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

My last column compared the merits of outsourcing FedRAMP authorization with doing it on your own. Many companies have successfully navigated the process on their own. Small independent software vendors (ISVs), however, may find it more advantageous to outsource.

Here are four key areas you should consider when pursuing FedRAMP authorization:

  1. Sponsorship
  2. Leadership buy-in
  3. Knowing the process
  4. Communication

Read more of this post

Filed under Market Intelligence, Sales Tagged with ,

FedRAMP Authorization: The Ins and Outs of DIY vs. Outsourcing

December 17, 2019 Leave a comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Software vendors and federal systems integrators continually wrestle with authorization for their cloud services through the Federal Risk and Authorization Management Program (FedRAMP). It’s fair to ask whether your company really needs FedRAMP authorization at all?

The short answer is yes: Applications have to be FedRAMP compliant before they can be sold to federal government agencies as software as a service (SaaS). FedRAMP authorized applications also are advertised on the FedRAMP Marketplace, which is where government agencies go to determine the types of solutions available to meet their requirements.

The real question is how to handle the cost and complexity of the technical, compliance and documentation challenges of FedRAMP authorization. Should it be handled in-house or should some or all of the process be outsourced? Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

The Business Benefits of Outsourcing FedRAMP Compliance

October 10, 2019 1 Comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

If you are new to the federal government market, you are no doubt wrestling with how to ensure your products and services are compliant with the Federal Risk and Authorization Management Program (FedRAMP). This government-wide program standardizes security assessment, authorization and continuous monitoring for cloud products and services.

If you’re making a decision to move forward with FedRAMP authorization, it’s important to understand your options from the beginning. It’s tempting to try to do it all yourself, but the complexities of compliance can quickly send the cost of doing it yourself sky high, while delaying your time to market by years.

Getting to authorization requires deep expertise in compliance, IT security, engineering and more, which means a heavy investment of expensive resources extended over a long period of time.

For example, many ISVs don’t understand that hosting their software applications in a FedRAMP-compliant cloud does not make the actual applications FedRAMP authorized. To earn FedRAMP authorization for software as a service, both the environment and the application must be authorized. Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

Are You Ready for FedRAMP? It’s Time to Get Authorized

July 17, 2019 Leave a comment

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

Filed under Sales Tagged with , ,

%d bloggers like this: