CrowdStrike is authorized to protect ‘moderate impact level’ cloud-based government systems.
The company that helped chase Russian hackers out of the Democratic National Committee’s networks before the 2016 election will now be protecting government information held in computer clouds, the company said Thursday.
The cybersecurity firm CrowdStrike, which has assisted with many of the most high profile computer breaches of the past five years, received an authorization to operate on cloud-based government systems that are deemed “moderate impact level” under the government’s Federal Risk and Authorization Management Program, or FedRAMP, according to a news release.
The moderate impact level accounts for about 80 percent of government’s cloud-based systems and includes systems where “the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals,” according to a FedRAMP fact sheet.
It does not include law enforcement, emergency management, financial or healthcare systems.
The authorization, which came from the Commerce Department’s International Trade Administration but will be available across the civilian government, is for CrowdStrike’s Falcon platform, which sits in the cloud but protects “endpoints,” such as computers, smartphones and tablets.
The government has generally struggled to push cyber protection and visibility from the edge of computer networks to the endpoints where employees are sending and receiving emails, clicking links and otherwise opening themselves up to digital danger.
In addition to assisting with the DNC breach, CrowdStrike has assisted in numerous major cyber strikes and attributed breaches to specific hacking groups in Russia, China and North Korea, including the 2014 North Korean breach of Sony Pictures Entertainment.
“FedRAMP authorization allows CrowdStrike to build on this success in protecting the private sector and to expand our reach dramatically into the U.S. public sector,” the company said in a statement.