Industry Insights from the FedRAMP Headliner Summit

Written by montecristomedia | Sep 7, 2023 1:46:51 PM

By Francis Rose

Presented by Carahsoft

I recently spent the day at Carahsoft's FedRAMP Headliner Summit talking to industry leaders on the future of the FedRAMP program and its implications for cybersecurity and cloud services. Here are the key takeaways:

Streamlining the FedRAMP Process: A predominant focus of the conversations revolved around the imperative need to enhance the efficiency, cost-effectiveness, and speed of the FedRAMP process, aiming to expedite vendor authorization. Notably, challenges linked to securing agency sponsorship for the initial Authorization to Operate (ATO) were illuminated. To address these challenges, participants put forward potential remedies, including the reevaluation of a self-authorization mechanism and the exploration of aggregator systems for managing multiple app authorizations. The overarching objective is to significantly reduce the time agencies take to act as sponsors, thereby accelerating the entire authorization process.

Evolving Threat Landscape: The evolving threat landscape in the realm of cybersecurity was a significant focus. FedRAMP is adapting to address these changing threats. Continuous monitoring and maintaining high-security standards beyond compliance emerged as crucial elements. The discussions emphasized that cybersecurity is not solely about meeting compliance requirements but also staying ahead of emerging threats and vulnerabilities.

Collaboration and Partnership: Collaboration and partnership between the public and private sectors were underscored as essential for the successful implementation of technology solutions and enhancing security practices. The government's role in providing resources and support, along with industry's commitment to improving security, is seen as pivotal. The synergy between these sectors is essential for effective technology adoption within government agencies.

Customer Experience and Privacy: The intersection of security, technology, and customer experience was another focal point. Streamlining the vendor process for FedRAMP solutions can enhance the customer experience, particularly for government customers. Privacy concerns, data sharing, and user responsibility were discussed in the context of customer experience. The need for a proactive approach to security, beyond compliance, was emphasized. Establishing best practices and continuously striving for the highest security standards were seen as vital.

Process-Centric Security: A process-centric approach to security was noted as crucial. It involves well-defined and repeatable security measures that can adapt to evolving threats. Flexibility and adaptability were stressed as essential qualities for addressing emerging security challenges posed by evolving technology.

The Carahsoft FedRAMP Headliner Summit provided valuable insights into the future of the FedRAMP program and its broader implications. Streamlining processes, addressing the evolving threat landscape, fostering collaboration, enhancing customer experiences, and embracing proactive security measures are key themes that will shape the future of cybersecurity and technology adoption within government agencies.

Industry Insights

Richard Breakiron, Dir Strategic Initiatives at Commvault

 

 

Scott Chapman, CEO at Project Hosts

 

 

Ted Cotterill, Chief Privacy Officer for the State of Indiana

 

 

Bob Day, President at Blackberry Government Solutions

Zach DiFranza, Federal Practice Manager at Acquia

 

 

Wyn Elder, Managing Director, Global Federal at Box

 

 

Kevin Gallagher, Cloud Product Launch Lead at SAP NS2

 

 

Kevin E. Greene, Public Sector CTO at OpenText Cybersecurity

 

 

John Greenstein, GM, Public Sector at Bluescape

 

 

Ryan Herzberg, Government Sales Manager with FM:Systems

 

 

Jorma Jennings, Principal Solutions Architect at CoSo Cloud

 

 

AJ Malik, Director, Security & Compliance Advisory at Quzara

 

 

Leah McGrath, Executive Director at StateRAMP

 

 

Loren Russon, SVP, Product Management at Ping Identity

 

 

Graham Sibley, CEO of Collabware

 

 

David Torgerson, VP of Infrastructure and IT at Lucid

 

 

Susan Valverde, Sr. Manager, Federal Civilian at Oracle

 

 

Steve Witt, Director, Public Sector at Nintex

 

 

Michael Wright, Senior Director, Federal at CloudBees

 

 

Tristen Yancey, Director of Civilian Agencies at RegScale