In this special report, Nextgov distills what you need to know about federal cloud security.
Federal agencies have been migrating data and workloads to the cloud for over a decade now, but the ever-changing technology landscape can make it difficult to keep up with cybersecurity needs.
Several government agencies have a role in ensuring federal cloud architectures are secure, including the Federal Risk and Authorization Management Program, or FedRAMP, the central office for certifying commercial cloud products have a baseline of cybersecurity.
The FedRAMP program—and any program that grants an authority to operate, or ATO—has long been a roadblock to agile IT deployments, as the process is often time- and resource-intensive. The program office is trying to change that, and recently asked stakeholders from government and industry for feedback on what needs fixing.
The results are a renewed effort to automate large parts of the process, increase engagement with the community and offer clearer guidance on what it means to be secure in the cloud. For this special report, FedRAMP Director Ashley Mahan spoke with Nextgov about the future of the program and what changes stakeholders can expect to see this year.
The report also includes information on the Defense Department’s shift to reusing cloud authorizations issued by other agencies, in an attempt to speed the ATO process without compromising security.
Finally, the report rounds out with advice from the National Security Agency to other federal departments on the latest best practices in cloud security.