When one sells to the government, even a measly $500 hammer, there are more hoops to jump through than a three-ring circus.
HP just jumped through a major hoop as its Virtual Private Cloud, part of the vendor’s Enterprise Cloud Services, has been cleared for FedRAMP JAB takeoff.
FedRAMP is a federal program that does security assessment, and then authorizes the use of approved products. Afterwards, the program helps insure that cloud services are consistently and effectively monitored. JAB, meanwhile, stands for Joint Authorization Board.
“The FedRAMP JAB pATO represents the most rigorous standard for cloud service provider security as three of the largest federal agencies have scrutinized and provisionally authorized HP’s compliance with FedRAMP standards. Any agency can leverage HP’s pATO and grant its own ATO without conducting duplicative assessments,” HP explained.
FedRAMP was born out a partnership between key government agencies such as GSA, DOD and NSA, and private companies.
FedRAMP is of particular importance to cloud service providers. Before many in the federal government can deploy or buy a service it must go through a FedRAMP assessment which focuses quite a bit on security. And in these days of cyber-warfare and organized hacks against government systems, the feds can be too careful.
The process is pretty rigorous, as it should be. “CSPs must implement the FedRAMP security requirements on their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.”
After the assessment, the Joint Authorization Board looks it over and can give a provisional authorization to buy.
FedRAMP is critically important to both cloud providers and government customers.
“FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low and moderate risk impact levels. Private cloud deployments intended for single organizations and implemented fully within Federal facilities are the only exception,” the federal guidelines say. “Additionally, each year Executive departments and agencies must submit to the Federal CIO a listing of all existing cloud services that do not meet FedRAMP requirements with the appropriate rationale and proposed resolutions.”
The HP Virtual Private Cloud
The HP virtual private cloud service can support Infrastructure as a Service (IaaS), and this can be managed by the government agency itself or as an HP managed service.
“The high sensitivity of the data stored in the cloud requires government CIOs and IT managers to adopt cloud solutions that are trustworthy, reliable and consistent,” said Marilyn Crouther, senior vice president and general manager of U.S. Public Sector, HP Enterprise Services. “FedRAMP authorization represents a critical milestone in HP’s efforts to deliver a secure converged cloud to our U.S. government clients, helping us establish strong partnerships and increase clients’ confidence in the security of their cloud systems.”
Last month, Amazon also gained FedRAMP approval for its Amazon Web Services (AWS), and now boasts a so-called “authority to operate.”
Amazon already does business with the feds. The approval simple makes it easier, and AWS available to a larger swath of the federal market.
“The Department of Health and Human Services, working with GSA and the FedRAMP program, has certified that AWS is compliant with all of FedRAMP controls, which helps HHS and other agencies move to the cloud in a fast and secure fashion,” said Max Peterson, director of partners, capture and contracts at AWS.
Edited by
Alisen Downey