FedRAMP Authorization: The Ins and Outs of DIY vs. Outsourcing

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Software vendors and federal systems integrators continually wrestle with authorization for their cloud services through the Federal Risk and Authorization Management Program (FedRAMP). It’s fair to ask whether your company really needs FedRAMP authorization at all?

The short answer is yes: Applications have to be FedRAMP compliant before they can be sold to federal government agencies as software as a service (SaaS). FedRAMP authorized applications also are advertised on the FedRAMP Marketplace, which is where government agencies go to determine the types of solutions available to meet their requirements.

The real question is how to handle the cost and complexity of the technical, compliance and documentation challenges of FedRAMP authorization. Should it be handled in-house or should some or all of the process be outsourced? Read more of this post

Are You Ready for FedRAMP? It’s Time to Get Authorized

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

%d bloggers like this: