Follow Feds To The Cloud - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:20 PM
Connect Directly

Follow Feds To The Cloud

Uncle Sam is a leader in the secure use of cloud services. Here’s what FedRAMP and FISMA can teach you.

InformationWeek Green -  April 29, 2013 InformationWeek Green
Download the entire April 29, 2013, issue of InformationWeek, distributed in an all-digital format (registration required).

Follow The Feds

It's not often that IT teams charged with new projects and initiatives say, "Let's look at how the feds are doing things." The U.S. government's IT systems are seen as slow, archaic and overly complex -- think the Veterans Affairs Department's huge claims backlog and the sorry state of the National Instant Criminal Background Check System, which handles only 6% of requests electronically. But thanks to the "Cloud First" and open data sharing initiatives that former federal CIO Vivek Kundra mandated, the government is an innovator when it comes to cloud computing and data security.

The benefits of that work aren't limited to government agencies. Businesses can take advantage of it, too, particularly with regard to security issues. Our 2013 InformationWeek State of Cloud Computing Survey of nearly 450 business technology professionals at companies with 50 or more employees shows there's a real need to address security concerns.

On one hand, the percentage of respondents predicting their companies will use few or no IT cloud services has dropped seven points since our 2012 survey, to 31%. But just 18% populate the middle ground -- with a quarter to half of their services in the cloud -- even though that's what most CIOs we work say is the sweet spot for cloud uptake. Security is the top concern, specifically concerns about defects in cloud technology and the potential leakage of proprietary or customer data. Much lesser concerns are performance, vendor viability and vendor lock-in.

Enter Uncle Sam

The Federal Risk and Authorization Management Program, or FedRAMP, provides a framework for certifying the security of federal government cloud environments. To participate, a cloud service provider must hire an independent, government-certified auditor to verify that the provider complies with the standards framework. Once certified, fed agencies can buy services from the provider without having to go through a security review process.

Report Cover
Our report on the state of cloud computing is free with registration. This report includes 27 pages of action-oriented analysis, packed with 22 charts.

What you'll find:
  • Why some are still taking a cautious approach to the cloud
  • The problem with service-level agreements
Get This And All Our Reports

FedRAMP is being driven by the General Services Administration in collaboration with the Department of Defense, Office of Management and Budget, Federal CIO Council and other agencies. A rigorous governance structure was necessary to support government-wide adoption, and that's one of the reasons businesses are looking to the feds as a strong cloud computing reference model.

FedRAMP's focus on trust verification is a big reason it will reverberate beyond the government. Within five years, FedRAMP-mandated controls will be the rule, not the exception, in both the private and public sectors.

FedRAMP's real beauty is that it looks at use cases, not just providers. For example, if high-value data is involved in a project, then no cloud provider can be used, no matter how well vetted it is.

Translated to the private sector, this approach takes the heat off IT. You won't have to be the no police or make a series of one-off decisions. Instead, you can focus on a more important issue: the movement of data and processes to the cloud.

To read the rest of the article,
download the April 29, 2013, issue of InformationWeek.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
John Foley
John Foley,
User Rank: Apprentice
4/29/2013 | 8:35:34 PM
re: Follow Feds To The Cloud
One of the primary objectives of FedRAMP is to vet commercial cloud services for use by government agencies. Once a cloud service goes through the process and receives the FedRAMP stamp of approval, it becomes (theoretically) faster and easier for other agencies to subscribe to that cloud service knowing it is bonafide and up to federal requirements. It makes sense that businesses can benefit from all of that front-end scrutiny, as well.
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll