November 11, 2013 | Written by: Sujatha Perepa
Share this post:
Last week, a government IT board gave IBM’s SmartCloud for Government FedRAMP approval, allowing it to sell cloud technologies into multiple government agencies.
What does this mean for IBM Cloud? First, let’s take a look at the Federal Risk and Authorization Management Program itself:
The FedRAMP was instituted to ensure a common and consistent security approach to deploying cloud systems for federal agencies. According to FedRAMP.gov, it is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. You can learn more about it, here.
IBM and FedRAMP
In my experience with my federal clients and their cloud programs, I noticed that FedRAMP is a mandatory requirement—and rightfully so. We have to remember that with all its benefits, cloud computing also poses a security risk. This is even more relevant for federal cloud deployments with a focus on security assurance and continuous monitoring.
Cloud security architecture is only as strong as the security management policies and governance prescribed by the solution owners/service requesters. That’s why I welcome the FedRAMP compliance. It is a federal risk management framework that strives to provide consistent security control across federal deployments through certified cloud service providers. This means the cloud service providers and the requesters all have a common understanding of the security controls. I believe this is the first step to a successful security implementation, particularly for cloud.
IBM currently has a FedRAMP provisional authorization to operate (ATO) for SmartCloud for Government, infrastructure as-a-service (IaaS) platform. For me, it is an affirmation of what’s to come. It will confirm our commitment to current clients who are familiar with our technologies and know that we will continue to support their cloud strategies. It also promises to open doors for new opportunities to work with clients who are keen on FedRAMP assurance.
IBMers have broad and deep expertise with multi faceted security domains as described in the IBM Security Framework—including people data, applications and network security. Security governance is an integral part of this framework. As trusted advisers to our federal customers, My client architect colleagues and I have instituted this expertise with them. We also have been bringing the cloud innovation closer to them through IBM SmartCloud portfolio and our broad software as-a-service (SaaS) offerings. I already evaluated two continuous monitoring programs, which seem to be the current No. 1 focus for federal clients with ever growing vulnerability and cyber threats.
How IBM serves its customers
Today, IBM is positioned exactly at the right three-dimensional (x, y, z) coordinates of the cloud empowerment map. The coordinates include x: cloud leadership, y: customer focus and z: innovation and expertise. We lead our customers onto successful cloud deployments with speed and economics.
IBM’s FedRAMP ATO is an additional step in the right direction. This confirms IBM’s commitment to understanding and supporting our client cloud strategies, standards and compliances. This undertaking is in conjunction with IBM’s cloud solution portfolio, expansion of SmartCloud IaaS portfolio with SoftLayer, IBM’s open cloud architecture (BlueMix) expanding cloud service ecosystem for developers, and IBM’s cloud open standards leadership (CSCC, OpenStack). Taken into consideration as a whole, this provides irrefutable proof that IBM is a leading cloud strategy partner to all federal agencies.
I personally strive to find common ground with my clients’ needs to address threat and vulnerability. It’s also my aim to make continuous monitoring a standard functional capability while fostering collaborative cloud adoptions. This allows our clients to realize the full—and powerful—potential of cloud computing. Namely, cutting costs and improving business efficiencies with flexibility.