By Francis Rose
Presented by Carahsoft
I recently spent the day at Carahsoft's FedRAMP Headliner Summit talking to industry leaders on the future of the FedRAMP program and its implications for cybersecurity and cloud services. Here are the key takeaways:
Streamlining the FedRAMP Process: A predominant focus of the conversations revolved around the imperative need to enhance the efficiency, cost-effectiveness, and speed of the FedRAMP process, aiming to expedite vendor authorization. Notably, challenges linked to securing agency sponsorship for the initial Authorization to Operate (ATO) were illuminated. To address these challenges, participants put forward potential remedies, including the reevaluation of a self-authorization mechanism and the exploration of aggregator systems for managing multiple app authorizations. The overarching objective is to significantly reduce the time agencies take to act as sponsors, thereby accelerating the entire authorization process.
Evolving Threat Landscape: The evolving threat landscape in the realm of cybersecurity was a significant focus. FedRAMP is adapting to address these changing threats. Continuous monitoring and maintaining high-security standards beyond compliance emerged as crucial elements. The discussions emphasized that cybersecurity is not solely about meeting compliance requirements but also staying ahead of emerging threats and vulnerabilities.
Collaboration and Partnership: Collaboration and partnership between the public and private sectors were underscored as essential for the successful implementation of technology solutions and enhancing security practices. The government's role in providing resources and support, along with industry's commitment to improving security, is seen as pivotal. The synergy between these sectors is essential for effective technology adoption within government agencies.
Customer Experience and Privacy: The intersection of security, technology, and customer experience was another focal point. Streamlining the vendor process for FedRAMP solutions can enhance the customer experience, particularly for government customers. Privacy concerns, data sharing, and user responsibility were discussed in the context of customer experience. The need for a proactive approach to security, beyond compliance, was emphasized. Establishing best practices and continuously striving for the highest security standards were seen as vital.
Process-Centric Security: A process-centric approach to security was noted as crucial. It involves well-defined and repeatable security measures that can adapt to evolving threats. Flexibility and adaptability were stressed as essential qualities for addressing emerging security challenges posed by evolving technology.
The Carahsoft FedRAMP Headliner Summit provided valuable insights into the future of the FedRAMP program and its broader implications. Streamlining processes, addressing the evolving threat landscape, fostering collaboration, enhancing customer experiences, and embracing proactive security measures are key themes that will shape the future of cybersecurity and technology adoption within government agencies.
Richard Breakiron, Dir Strategic Initiatives at Commvault
Scott Chapman, CEO at Project Hosts
Ted Cotterill, Chief Privacy Officer for the State of Indiana
Bob Day, President at Blackberry Government Solutions
Zach DiFranza, Federal Practice Manager at Acquia
Wyn Elder, Managing Director, Global Federal at Box
Kevin Gallagher, Cloud Product Launch Lead at SAP NS2
Kevin E. Greene, Public Sector CTO at OpenText Cybersecurity
John Greenstein, GM, Public Sector at Bluescape
Ryan Herzberg, Government Sales Manager with FM:Systems
Jorma Jennings, Principal Solutions Architect at CoSo Cloud
AJ Malik, Director, Security & Compliance Advisory at Quzara
Leah McGrath, Executive Director at StateRAMP
Loren Russon, SVP, Product Management at Ping Identity
Graham Sibley, CEO of Collabware
David Torgerson, VP of Infrastructure and IT at Lucid
Susan Valverde, Sr. Manager, Federal Civilian at Oracle
Steve Witt, Director, Public Sector at Nintex
Michael Wright, Senior Director, Federal at CloudBees
Tristen Yancey, Director of Civilian Agencies at RegScale