Cloud Security
SECURITY AND COMPLIANCE PROVIDERS
SPEED TIME TO ATO
John Lee
Vice President of Cloud Solutions, Carahsoft
automated the process to obtain authorizations serve as FedRAMP Security and Compliance Providers for others that are new to the government market. Their best practices
include automating nearly every aspect of the authorization process and building government- approved security platforms that serve as the base on which their partners’ applications can run.
Here are three companies that are helping cloud providers achieve ATOs quickly, efficiently and cost-effectively so that agencies can have faster access to innovative technology without compromising security.
The Federal Risk and Authorization Management Program (FedRAMP) offers agencies the assurance that approved cloud services and products meet the government’s rigorous security standards. Although efforts have been made to streamline the process, achieving a FedRAMP authority to operate (ATO) is still a multi-layered, time-consuming process that can be challenging for companies to navigate.
It begins with finding a sponsor that will shepherd a cloud product or service through the process. Companies can pursue either an ATO through an individual agency or a provisional ATO
through the FedRAMP Joint Authorization Board. A provisional ATO gives an agency a springboard to authorize a cloud product or service for use at that agency.
Next, companies must document every dimension of their cloud technology, which must be configured according to detailed specifications. If a company wants to reach Defense Department customers, it must go through an additional evaluation to ensure that its product or service complies with DOD’s Impact Level 4 or 5.
Fortunately, some companies that have
Automating the authorization process
THE MORE WE SEPARATE THE PURSUIT of security and compliance, the more we end up with environments that are neither secure nor compliant. The solution to this is automation. When security and compliance are an integrated, automated component of a cloud environment, they become more reliable, more consistent and less expensive.
Anitian has taken that idea and built a security and compliance platform that automates the deployment, configuration and certification of cloud environments. In about an hour, our platform deploys an entire cloud environment that is pre- engineered to meet compliance frameworks such as FedRAMP, DOD SRG, PCI, CJIS and more. The platform then wraps a whole suite of security controls around a customer’s applications to dramatically accelerate the security and compliance process.
For example, Smartsheet, a well-known software-as-a-service company, already had many federal agency customers for its SaaS workflow management offering. However, it needed to obtain FedRAMP authorization while also moving its products
Andrew Plato
CEO, Anitian
and services into the cloud at the same time. Anitian helped Smartsheet shift its applications into Amazon Web Services’ GovCloud, implement all the FedRAMP security controls, document its entire environment and become audit-ready in 58 days. The company received its FedRAMP ATO a few months later.
Since then, Smartsheet’s federal business has grown significantly. This is an excellent case study where security and compliance were transformed from an impediment that slowed down business to an energizing catalyst that promotes growth and prosperity.
Andrew Plato is CEO of Anitian (anitian.com/fedramp- compliance-automation).
14 SPONSORED CONTENT