Simply Security - News, Views, and Opinions from Trend Micro

Posted on March 28th, 2012 in Cloud Security, Current News by Simply Security | Be the first to comment | Tags: cloud computing security

Few cloud vendors expected to receive initial FedRAMP assessments

Numerous U.S. government agencies are adopting cloud computing solutions to secure critical data, reduce IT costs and improve efficiency. In December, the General Services Administration (GSA) launched the Federal Risk and Authorization Management Program (FedRAMP), a government-wide policy developed to standardize agency adoption of cloud services through security assessment and authorization.

Although FedRAMP has yet to be put into effect, its potential impact on government IT departments and federal CIOs is beginning to take shape. In February, the GSA announced that cloud vendors could submit services for assessment without first having a contract with an agency. However, according to a recent Federal Times report, no more than 20 cloud providers are expected to receive initial security assessments for federal use when FedRAMP is officially implemented in June.

"It is not going to be a situation where we will be drowning in FedRAMP applications," Dave McClure of GSA's Office of Citizen Services and Innovative Technologies told the news source. "We want to roll this out very cautiously and carefully, [and] make sure it works."

McClure said he predicts six to 20 vendors will send cloud products and services through FedRAMP in the inaugural six to eight months, with providers on the GSA's impending Email-as-a-Service contract and current Infrastructure-as-a-Service contract having first priority. Furthermore, McClure expects FedRAMP to become a sustaining program by 2014, with all cloud products eventually going through the assessment and authorization process.

FedRAMP is a major part of the U.S. government's desire to promote IT solutions that reduce IT costs, increase innovation and enable agencies and businesses to better prepare for future technologies. Despite several agencies already running cloud-based applications, infrastructure and other services to accomplish these goals, security in the cloud remains a top concern for federal IT leaders.

Federal CIO Steven VanRoekel has spoken extensively regarding the importance of government agencies improving security strategies and adopting cloud services to facilitate cost savings and productivity gains.

"We will use technology to improve government productivity and lower barriers to citizen and business interaction with the government, all while bolstering cybersecurity," VanRoekel said in a recent interview with Federal News Radio.

While recent studies have revealed that security concerns are among the biggest obstacles to universal government and enterprise cloud adoption, organizations could consider implementing an advanced security solution built specifically to protect data in multiple virtual and cloud environments.

Cloud Computing News from SimplySecurity.com by Trend Micro