Why Investments in FedRAMP Authorizations are Valuable to Us All
Guest OpEd by Brendan Walsh, SVP Partner Relations 1901 Group, LLC
Our nation’s digital citizen services, especially services relating to public safety, emergency response, and law enforcement, are enhanced by the rapid maturation of public clouds, private clouds, community clouds and their respective owner-operators or Cloud Service Providers (CSPs).
Examples of this progress include comparing the tragedy of the Boston Marathon Bombing in April 2013 to the recent crisis with Hurricane Florence in September 2018.
In April 2013, citizens overwhelmed the government’s ability to accept event photographs and videos – government websites simply couldn’t increase storage and compute capacity quickly enough to collect live pictures, video clips, and audio files pouring in from witnesses attending or participating in the Boston Marathon.
Whereas, in September 2018, citizens impacted by Hurricane Florence were able to communicate and collaborate with rescue teams by reporting their conditions, location, and status via government emergency communication systems.
Additionally, citizens who rely on electricity for healthcare were able to be mapped and their needs shared with local resources through the Health and Human Services (HHS) emPOWER system.
Today’s digital citizen services now have almost instantaneous elasticity (ability to increase and decrease capacity) of storage, network, and compute resources because of the cloud or better yet… clouds.
The wide range of clouds certainly provides greater flexibility and availability; however, the sheer number of possible permutations of clouds combined with more traditional on-premise IT assets can be complex.
This complexity can quickly result in increased performance risk, cyber security risk, and regulatory compliance costs for elected officials, agency executives, and agency IT managers.
Obviously, the ability to service and support citizens in need is the highest priority, but the burden placed on agency leadership to ensure data integrity, system security, and compliance never goes away.
This highlights the importance of pre-crisis planning that includes careful documentation of the combinations of legacy (pre-existing) and cloud systems and system boundaries.
The opportunity for any agency (small, medium or large) to leverage well documented cloud services to improve citizen support is the essence of this OpEd because, as Teresa Carlson, Head of AWS Public Sector said, “There is a big difference in capabilities between the various cloud offerings – not all clouds are equal.”
(See how government agencies can implement a unique hybrid cloud strategy that aligns with Cloud First, FedRamp, and recent IT Monetarization initiatives. While ensuring stringent data control, governance, and side-stepping the creation of silos in the cloud and maintain the chain of custody of your data. Courtesy of Equinix and YouTube. Posted on May 29, 2018.)
Since not all clouds are equal, and agency resources are usually limited, agency executives broadly agree that leveraging government authorized CSP’s saves time and money and is critical to transforming and modernizing services needed before, during, and after a crisis.
So, what does saving time and money while also addressing performance risks, cyber security risks, and compliance costs really mean in practical terms?
One Federal Law Enforcement agency recently implemented a hybrid (combination of multiple clouds) cloud storage and Disaster Recovery (DR) service that required an assessment and issuance of an Authority-To-Operate (ATO).
Typically, this kind of assessment takes 12-18 calendar months to complete; however, the agency leveraged two (2) government authorized CSP’s as parts of their hybrid cloud architecture and was able to efficiently document IT controls, while addressing performance and cyber risks, and was able to issue the ATO in less than four (4) calendar months.
Using government authorized CSPs has compelling benefits that include: having a consistent manner in the way IT security controls are documented, and leveraging previous investments made by other agencies to complete assessment and authorization (A&A) (involving an audit by an independent 3rd party) of qualified CSPs.
One such government program built to provide pre-authorized CSPs is the Federal Risk and Authorization Management Program (FedRAMP).
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services; thereby, enabling federal, state, and local government agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud IT.
(Hear why Reston-based 1901 Group thrives with a platform that reduces costs and promotes migration to the cloud. Courtesy of Fairfax County Economic Development Authority and YouTube. Posted on Mar 13, 2019.)
The cloud is changing the way government and citizens communicate and collaborate, and qualified clouds are a national resource.
If you are an agency IT manager with limited time and resources, leveraging FedRAMP Authorized CSPs provides your agency with vetted access to multiple qualified clouds.
Qualified clouds that offer a wide range of compute, storage, network resources with the practically instantaneous capacity and availability needed to ensure and improve citizen services performance, enhance cyber security, and reduce compliance costs.
And, if you are a citizen benefiting from the ever-expanding list of citizen services including: advanced weather tracking and alerting systems, crime forecasting systems, victim notification information systems, and digital evidence management systems, remember to thank our country’s quality CSPs and appreciate the investments each continues to make to obtain and maintain their quality certifications and FedRAMP authorizations.
(Hear from Sonu Singh, CEO, 1901 Group, about their experience with the AWS Public Sector Partner Transformation Program and how it is helping them build a successful and profitable AWS Cloud business. Courtesy of Amazon Web Services and YouTube. Posted on Feb 19, 2019.)