Strategic Pivot of FedRAMP l Priorities Between Developers & Security l FedRAMP Roadmap & Emerging Technology

July 28, 2024

Presented by Palo Alto Networks & Carahsoft

The Strategic Pivot of the FedRAMP Board 

Drew Myklegard, Deputy Federal CIO, USA at the Office of Management and Budget, provided an in-depth discussion on the FedRAMP board's strategic pivot at the Carahsoft ATO and Cloud Security Summit. Myklegard explained how the board is transitioning from a narrow focus on delivering secure products to adopting a broader, more strategic role. This shift includes setting comprehensive policies, defining clear success metrics, and enhancing transparency with various stakeholders. He emphasized that this strategic pivot aims to foster a culture of reuse and broader adoption of FedRAMP-approved products across different agencies, thereby reducing historical redundancy and inefficiencies in the process. Myklegard also underscored the necessity of building stronger trust among federal agencies and vendors, utilizing standardized frameworks for consistency, and embedding secure-by-design principles into the development of products to ensure ongoing security and compliance.

Key Takeaways

1. The FedRAMP board’s new strategic role includes setting policies, defining success metrics, and enhancing transparency.
   
   
2. Fostering a culture of reuse and adoption of FedRAMP products helps to minimize redundancy and inefficiencies.
   
   
3. Building trust and leveraging standardized frameworks are crucial for effective cloud security.
   
   

Aligning Priorities Between Developers and Security Professionals

David Kubicki, Solution Architect Manager, Federal at Palo Alto Networks, addressed critical human factors influencing cloud security during his talk at the Cahahsoft ATO and Cloud Security Summit. Kubicki highlighted the inherent tension between developers, who prioritize rapid deployment and feature updates, and security professionals, who focus on compliance and risk management. He argued that overcoming this friction is essential for achieving both rapid innovation and robust security. Kubicki proposed that making security processes more seamless and integrated into development workflows is vital for aligning these often conflicting priorities. He advocated for adopting a platform-based approach to security that offers comprehensive visibility, enabling quicker response and remediation throughout the application lifecycle. Additionally, Kubicki emphasized the importance of investing in technologies that are scalable and capable of evolving with organizational needs to ensure that security measures remain effective over the long term.

Key Takeaways

1. Aligning the priorities of developers and security professionals is essential for maintaining efficient and secure cloud operations.
   
   
2. A platform-based security approach provides enhanced visibility and quicker response capabilities.
   
   
3. Investing in scalable technologies is crucial for ensuring long-term security effectiveness and adaptability.
   
   
   

The New FedRAMP Roadmap and Emerging Technology Prioritization Framework

Eric Mill, Executive Director of Cloud Security at GSA, shared his insights on the new FedRAMP roadmap and the emerging technology prioritization framework during the Carahsoft ATO and Cloud Security Summit. Mill detailed how the roadmap is designed to address current stakeholder concerns by providing a clear, actionable plan to enhance the efficiency and effectiveness of the FedRAMP program. He stressed the importance of publishing new customer-oriented program metrics, which will help create a robust feedback loop with stakeholders and ensure that the program is responsive to their evolving needs. Mill also highlighted that the emerging technology prioritization framework is crafted to be adaptable, not limited to current technologies like artificial intelligence but designed to accommodate and prioritize future technological advancements, ensuring FedRAMP’s continued relevance and responsiveness in a rapidly changing technological landscape.

Key Takeaways

1. The new FedRAMP roadmap offers a clear plan to enhance program efficiency and address stakeholder concerns.
   
   
2. New customer-oriented program metrics create a feedback loop to ensure the program aligns with stakeholder needs.
   
   
3. The emerging technology prioritization framework is flexible, enabling FedRAMP to adapt to future technological advancements.