At the same time, because of this security imperative and the govern- ment’s limited ability to process FedRAMP authorizations, many inno- vative and deserving commercial cloud products are locked out of the govern- ment market. Ironically, some of them might be useful to further enhance security.
The benefits of a FedRAMP
shared service
So what can be done? One possibility would be to redirect some of the $1 bil- lion Technology Modernization Fund to scale up and resource a government-
wide shared-services operation for the purpose of relieving agencies of FedRAMP authorizations. This shared service could be housed at the Gener- al Services Administration along with the FedRAMP Program Management Office, at the Department of Homeland Security or at another agency that is well-equipped to deploy a shared- services model.
A well-positioned and well- resourced FedRAMP shared service would deliver consistency and help commercial cloud providers get through the process in a more stream- lined manner. Additionally and impor- tantly, a shared service would create an ongoing central point for monitor- ing the continued security status of FedRAMP-authorized providers.
Furthermore, the shared service could do operational research to continually improve the process, seek automated tools to reduce time frames and own the entire life cycle of cloud product authorizations. Agencies that wish to do their own FedRAMP spon- sorship could continue, but a properly resourced and expanded FedRAMP shared service — dedicated to ensur- ing proper security with the goal of
rapidly increasing the volume of authorizations — would be extremely valuable.
FedRAMP is a well-thought-out approach to cybersecurity, but given the IT modernization and security impera- tives, it is time to scale up the program to meet the growth and demand of cloud products. By analogy, it was the correct bridge to build 10 years ago, but that infrastructure investment needs to be at least quintupled to meet the reali- ties of the current software market.
Scaling and creating operational effi- ciencies for FedRAMP that lower the barriers to entry and facilitate more rapid adoption of safe and secure
innovative technologies are goals that are well worth exploring. Expansion of FedRAMP into a full-scale shared service is a logical place to make a high-impact, high-return infrastructure investment. If the government is serious about modernization, it should focus on addressing the FedRAMP bottleneck. ■
Michael Garland is the founder of Garland LLC, a consulting firm that advises clients on issues related to federal procurement law and the busi- ness of IT. Gaurav “GP” Pal is CEO and founder of stackArmor and has more than 20 years of IT consulting experience.
May 2021
FCW.COM 49