Industry Insights from the FedRAMP Headliner Summit

By Francis Rose

Presented by Carahsoft

I recently spent the day at Carahsoft's FedRAMP Headliner Summit talking to industry leaders on the future of the FedRAMP program and its implications for cybersecurity and cloud services. Here are the key takeaways:

Streamlining the FedRAMP Process: A predominant focus of the conversations revolved around the imperative need to enhance the efficiency, cost-effectiveness, and speed of the FedRAMP process, aiming to expedite vendor authorization. Notably, challenges linked to securing agency sponsorship for the initial Authorization to Operate (ATO) were illuminated. To address these challenges, participants put forward potential remedies, including the reevaluation of a self-authorization mechanism and the exploration of aggregator systems for managing multiple app authorizations. The overarching objective is to significantly reduce the time agencies take to act as sponsors, thereby accelerating the entire authorization process.

Evolving Threat Landscape: The evolving threat landscape in the realm of cybersecurity was a significant focus. FedRAMP is adapting to address these changing threats. Continuous monitoring and maintaining high-security standards beyond compliance emerged as crucial elements. The discussions emphasized that cybersecurity is not solely about meeting compliance requirements but also staying ahead of emerging threats and vulnerabilities.

Collaboration and Partnership: Collaboration and partnership between the public and private sectors were underscored as essential for the successful implementation of technology solutions and enhancing security practices. The government's role in providing resources and support, along with industry's commitment to improving security, is seen as pivotal. The synergy between these sectors is essential for effective technology adoption within government agencies.

Customer Experience and Privacy: The intersection of security, technology, and customer experience was another focal point. Streamlining the vendor process for FedRAMP solutions can enhance the customer experience, particularly for government customers. Privacy concerns, data sharing, and user responsibility were discussed in the context of customer experience. The need for a proactive approach to security, beyond compliance, was emphasized. Establishing best practices and continuously striving for the highest security standards were seen as vital.

Process-Centric Security: A process-centric approach to security was noted as crucial. It involves well-defined and repeatable security measures that can adapt to evolving threats. Flexibility and adaptability were stressed as essential qualities for addressing emerging security challenges posed by evolving technology.

The Carahsoft FedRAMP Headliner Summit provided valuable insights into the future of the FedRAMP program and its broader implications. Streamlining processes, addressing the evolving threat landscape, fostering collaboration, enhancing customer experiences, and embracing proactive security measures are key themes that will shape the future of cybersecurity and technology adoption within government agencies.

Industry Insights

Richard Breakiron, Dir Strategic Initiatives at Commvault

Scott Chapman, CEO at Project Hosts

Ted Cotterill, Chief Privacy Officer for the State of Indiana

Bob Day, President at Blackberry Government Solutions

Zach DiFranza, Federal Practice Manager at Acquia

Wyn Elder, Managing Director, Global Federal at Box

Kevin Gallagher, Cloud Product Launch Lead at SAP NS2

Kevin E. Greene, Public Sector CTO at OpenText Cybersecurity

John Greenstein, GM, Public Sector at Bluescape

Ryan Herzberg, Government Sales Manager with FM:Systems

Jorma Jennings, Principal Solutions Architect at CoSo Cloud

AJ Malik, Director, Security & Compliance Advisory at Quzara

Leah McGrath, Executive Director at StateRAMP

Loren Russon, SVP, Product Management at Ping Identity

Graham Sibley, CEO of Collabware

David Torgerson, VP of Infrastructure and IT at Lucid

Susan Valverde, Sr. Manager, Federal Civilian at Oracle

Steve Witt, Director, Public Sector at Nintex

Michael Wright, Senior Director, Federal at CloudBees

Tristen Yancey, Director of Civilian Agencies at RegScale