FedRAMP
Across the board,
[agencies] want
more visibility
into where cloud service providers are in the authorization process.
sion policy or practice, other agencies eagerly pick it up. “You don’t have to reinvent the wheel,” she said.
The interview below has been edited for length and clarity.
Why evangelist?
I’m spreading good news that can empower agencies. I’m the liaison between agencies and cloud service providers. I’m here to scratch an itch for knowledge and provide agencies with assistance.
What are agencies telling you about FedRAMP?
They’re saying FedRAMP is valuable. Before authorizations, there were
big differences in how agencies did security.There were stovepipes. Each agency had its own process. Anytime we can reuse a process or frame- work that’s proven, it saves time and money.
It’s a two-sided issue. Agencies want to move to the cloud, and they want to move to the cloud fast.
What are their pain points in doing so?
Across the board, they want more vis- ibility into where cloud service provid- ers are in the authorization process.
They see FedRAMP as a market- place.They want to see where it is to transition, along with faster authorization.
They want to learn how to spon- sor service providers, as well as how to get provisional authorizations
from the JAB.They want to use cool cloud services that haven’t been used before.They want a dedicated person as a liaison to help navigate the cloud.
Have agencies changed their approach to cloud in the past year? Each agency is different. They’re learn- ing to remain flexible. Where they had relied on information security officers to know the requirements, it now trends agency to agency. Each agency is specific.
But one thing goes on:They’re really eager to learn about cloud and what they need to do.
How deep into federal IT offices do you go with discussions on cloud and FedRAMP?
We’re working with CIOs focused
on the big picture. We’re also talking with program managers and systems engineers who are using a product or considering one.
We have FedRAMP points of con-
tact at agencies who get information for their agencies.
Has interest in FedRAMP filtered down to state and local government agencies?
It’s a federal program, but yes, they really want information about the program. FedRAMP means something to them. It can drive their business decisions.
There is a lot of anticipation for the high baseline for cloud computing systems that require high-impact security under the Federal Information Security Management Act. When will that be issued?
That’s been the biggest question in the last few weeks. We’re putting the fin- ishing touches on it now. The baseline has been a true collaboration among [the departments of Homeland Secu- rity and Defense], GSA and FedRAMP. It’s been a big accomplishment.
As agencies become grounded in cloud technology in the coming years, do you think you might evangelize yourself out of a job?
I’m here to stay. It’s a continuous pro- cess. Agencies have evolving needs. I’m here to help. n
20 May 15, 2016 FCW.COM
TROY K. SCHNEIDER