FedRAMP’s Influence Grows Outside the Beltway

Even as it’s taken – and responded to – criticism in recent months, the Federal Risk and Authorization Management Program’s influence outside the Beltway has actually continued to grow.

Originally designed as the approach to standardize the U.S. government’s approach to cloud computing security four years ago, FedRAMP compliance – effectively the seal of approval for vendors to sell cloud services to government agencies – may even have helped one U.S. tech firm win a contract with the Canadian government.

Akamai, a Reston, Virginia-based cloud security company, is a subcontractor to the Canadian government’s Managed Web Services contract, which was awarded to Adobe last fall. The contract aims to consolidate some 1,500 Canadian government websites into a single portal.

Tom Ruff, vice president of Akamai’s public sector business in the American and Latin American markets, said “there was no doubt” FedRAMP compliance attained by both Adobe and Akamai factored into the Canadian government’s evaluation.

“We’d spent a fair amount of time talking on Akamai’s strengths in government and why FedRAMP should mean something to the Canadian government,” Ruff told Nextgov. “And they came out and said it was a highly valued attribute that would be recognized in the evaluation of different solution providers.”

Mexico, too, has expressed interest in learning about FedRAMP.

Ruff said representatives from Mexico’s executive office of the president have spent time recently in Washington, D.C., speaking with FedRAMP officials and other cloud security experts as they work through an initiative called Economía Digital.

Ruff said while FedRAMP is not tied directly to the Mexican government’s procurement, it was certainly the focus of conversation around the importance of cloud security.

While it is difficult to underscore FedRAMP’s importance in the federal market – cloud service providers must attain FedRAMP compliance before they sell to government customers – Ruff said Akamai has held briefings regarding FedRAMP with big players in health care, financial and insurance industries as well as large software companies.

Leading companies from other industries, he said, have taken note that FedRAMP requirements are among the most stringent cloud security requirements anywhere.

Companies like Akamai, one of the first companies to receive FedRAMP accreditation back in 2013, are able to use the U.S. government’s cloud security seal of approval as a bit of a trump card as they seek other business.

“It helps distinguish solution A over solution B,” Ruff said