The Business Benefits of Outsourcing FedRAMP Compliance

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

If you are new to the federal government market, you are no doubt wrestling with how to ensure your products and services are compliant with the Federal Risk and Authorization Management Program (FedRAMP). This government-wide program standardizes security assessment, authorization and continuous monitoring for cloud products and services.

If you’re making a decision to move forward with FedRAMP authorization, it’s important to understand your options from the beginning. It’s tempting to try to do it all yourself, but the complexities of compliance can quickly send the cost of doing it yourself sky high, while delaying your time to market by years.

Getting to authorization requires deep expertise in compliance, IT security, engineering and more, which means a heavy investment of expensive resources extended over a long period of time.

For example, many ISVs don’t understand that hosting their software applications in a FedRAMP-compliant cloud does not make the actual applications FedRAMP authorized. To earn FedRAMP authorization for software as a service, both the environment and the application must be authorized. Read more of this post

CBP Plans Its Move to the Cloud

Tom O'Keefe

By Tom O’Keefe, Consultant

Customs and Border Protection (CBP) recently released an RFI seeking industry input on a comprehensive cloud solution that may lead to an RFP later this year or in early 2020. Cloud is a big topic of conversation at federal agencies, but right now, its bark is much larger than its bite. We can expect that to change over the next few years. As this new RFI shows us, agencies are looking to transition significant portions of their environment to the cloud. While traditional IT delivery models may still hold their value, cloud is the future.

CBP is the largest component within the Department of Homeland Security, and how it manages cloud may be indicative of how some of the smaller DHS agencies may also do so. Kshemendra Paul, DHS’s cloud officer, has indicated that only 10% of DHS applications are currently in the cloud. Another 30% are in process or are slated to move to the cloud. Most of what has already been migrated are easy-to-migrate applications like email. Large, mission-critical applications are still being hosted on premise and are likely to be the last of the applications to migrate. CBP will likely use the contract that results from this RFI to accomplish this migration.

Read more of this post

Are You Ready for FedRAMP? It’s Time to Get Authorized

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

7 ways cybersecurity companies can help government right now

Lloyd McCoy Jr.By Lloyd McCoy, DOD manager

The public sector market for cybersecurity tools is only going to grow as federal agencies increasingly look to the commercial sector to help solve some of the most complex cybersecurity problems.

During immixGroup’s 4th annual Government IT Sales Summit, government and industry cyber leaders urged companies to help in a variety of ways, from having a better understanding of agency missions to obtaining FedRAMP authorization.

Read more of this post

Want to sell cloud? Here’s what you need to think about

Tom O'KeefeBy Tom O’Keefe, consultant

Cloud has been a topic of conversation for years now in cloudfederal circles without a great deal of meaningful movement. Government is still heavily reliant on legacy infrastructure stacks and is making slow but steady progress to shuttering those systems and moving the applications that rested on them into different types of cloud environments.

But the cloud market is largely defined by a few major players – the behemoth that is AWS, Microsoft Azure and subscription models for popular pieces of software like Microsoft Office, Adobe and Salesforce.

This can leave a reseller or technology OEM at somewhat of a loss as to how to proceed, so here are a few tips and tricks when thinking about cloud:

Read more of this post

What are FISMA and FedRAMP?

By Chris Wiedemann, consultant

Whether you’re a veteran of federal IT sales or a complete newcomer to the space, there’s one recurring theme you’ve probably noticed in the way our customers talk to industry: regardless of their mission or program, they all mention cybersecurity as a critical part of their job.

Given the sheer number of incidents and the size and scope of federal networks, not to mention the often sensitive information they contain, the focus on security makes business sense. However, as is often the case with government, there’s an extra factor to their behavior – they’re required by law to secure federal networks. One law in particular – the Federal Information Security Management Act (FISMA) – plays a critical role in determining how agencies need to secure their environments.

Read more of this post

What is the GSA?

By Chris Wiedemann, consultant

Any company that’s in government contracting or interested in doing business in the public sector should be familiar with the General Services Administration.

If you’ve been following my “What is…?” series, you’ve learned some of the basics of government contracting and knowing the GSA is yet another rung on the ladder.

GSA primarily provides office space for government employees by constructing, managing and preserving government buildings and by leasing and managing commercial real estate. In fact, GSA is the largest landlord in the country.

Read more of this post

%d bloggers like this: