August 28, 2013 | Written by: Sujatha Perepa
Share this post:
Deploying software as a service (SaaS) based solutions and IT resources in a cloud environment is definitely cost effective. But it comes with a price of absolute necessity: security. An unsecured cloud deployment poses serious threats as well as major cost implications. That is why it is vital to host applications in secure cloud environments that are certified by a Certification & Accreditation (C&A) process. The C&A certification ensures that the hosted environment is equipped to address any security risks and protect the infrastructure that contains the client applications and data.
I believe that the following are three major reasons for an organization to consider a secure certified hosting environment:
1. Risk management
2. Asset protection
3. Accelerated confidence in cloud deployments
For example, the prominent and trusted certification recognized by federal agencies is the Federal Risk and Authorization Management Program (FedRAMP). It is instituted to ensure consistently secure cloud deployments for the federal agencies.
FedRAMP is supported by the US Chief Information Officer and Federal CIO Council (see CIO.gov). With CIO backing and successful and cost effective deployments, more federal agencies are bound to adopt cloud deployment strategies. This will inevitably result in curtailing unnecessary build and maintain costs and, more important, in improving service efficiencies far more quickly.
FedRAMP is also in compliance with the Federal Information Security Management Act of 2002 (FISMA). I think it is great that FISMA compliance is included because it addresses the national security requirements thoroughly and encourages active involvement of both business and technology leaders of the program.
Cloud deployments are designed to be dynamic, thus allowing organizations to store their data assets “on-prem” or “off-prem” and on multiple disparate devices. The cloud providers in general do not offer to protect customer data, whereas a cloud provider that is certified by a standards committee is required to take measures to secure customer assets. In addition to internal controls, organizations should ascertain asset protection through standards and security compliances.
Even if FedRAMP and similar certifications have a price tag attached to them, I strongly believe that it is a necessary investment. It pays for itself by protecting the infrastructure assets, keeping the risk low and, above all, allowing safe and successful cloud deployments for the service providers and subscribers.
What is your opinion of the C&A and of these key considerations for secure cloud deployments?