What FedRAMP approval means for IBM

Share this post:

Last week, a government IT board gave IBM’s SmartCloud for Government FedRAMP approval, allowing it to sell cloud technologies into multiple government agencies.

What does this mean for IBM Cloud? First, let’s take a look at the Federal Risk and Authorization Management Program itself:

The FedRAMP was instituted to ensure a common and consistent security approach to deploying cloud systems for federal agencies. According to, it is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. You can learn more about it, here. 


In my experience with my federal clients and their cloud programs, I noticed that FedRAMP is a mandatory requirement—and rightfully so. We have to remember that with all its benefits, cloud computing also poses a security risk.  This is even more relevant for federal cloud deployments with a focus on security assurance and continuous monitoring.

Cloud security architecture is only as strong as the security management policies and governance prescribed by the solution owners/service requesters. That’s why I welcome the FedRAMP compliance. It is a federal risk management framework that strives to provide consistent security control across federal deployments through certified cloud service providers. This means the cloud service providers and the requesters all have a common understanding of the security controls. I believe this is the first step to a successful security implementation, particularly for cloud.

IBM currently has a FedRAMP provisional authorization to operate (ATO) for SmartCloud for Government, infrastructure as-a-service (IaaS) platform. For me, it is an affirmation of what’s to come. It will  confirm our commitment to current clients who are familiar with our technologies and know that we will continue to support their cloud strategies. It also promises to open doors for new opportunities to work with clients who are keen on FedRAMP assurance.

IBMers have broad and deep expertise with multi faceted security domains as described in the IBM Security Framework—including people data, applications and network security. Security governance is an integral part of this framework. As trusted advisers to our federal customers, My client architect colleagues and I have instituted this expertise with them. We also have been bringing the cloud innovation closer to them through IBM SmartCloud portfolio and our broad software as-a-service (SaaS) offerings. I already evaluated two continuous monitoring programs, which seem to be the current No. 1 focus for federal clients with ever growing vulnerability and cyber threats.

How IBM serves its customers

Today, IBM is positioned exactly at the right three-dimensional (x, y, z) coordinates of the cloud empowerment map. The coordinates include x: cloud leadership, y: customer focus and z: innovation and expertise. We lead our customers onto successful cloud deployments with speed and economics.

IBM’s FedRAMP ATO is an additional step in the right direction. This confirms IBM’s commitment to understanding and supporting our client cloud strategies, standards and compliances. This undertaking is in conjunction with IBM’s cloud solution portfolio, expansion of SmartCloud IaaS portfolio with SoftLayer, IBM’s open cloud architecture (BlueMix) expanding cloud service ecosystem for developers, and IBM’s cloud open standards leadership (CSCC, OpenStack). Taken into consideration as a whole, this provides irrefutable proof that IBM is a leading cloud strategy partner to all federal agencies.

I personally strive to find common ground with my clients’ needs to address threat and vulnerability. It’s also my aim to make continuous monitoring a standard functional capability while fostering collaborative cloud adoptions. This allows our clients to realize the full—and powerful—potential of cloud computing. Namely, cutting costs and improving business efficiencies with flexibility.

Watson Delivery Solution Architect

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading