Agencies, Contractors get Rules of the Road for Cloud Security Approvals
December 8, 2011
Federal cloud providers by June 2012 will have to comply with new uniform security controls so that multiple agencies can piggyback off the certifications for faster installation, White House officials announced Thursday.
To more quickly slice $5 billion from the government's annual $80 billion information technology tab, the Obama administration has released requirements for expediting cloud security approvals. Protecting data in the cloud -- or remote storage and software accessible online -- has been a stumbling block for some federal managers, officials said. The Federal Risk Authorization Management Program (FedRAMP) is a process aimed at guaranteeing a vendor's goods adhere to baseline controls so that any agency can immediately deploy the services, without reassessing the product's safety.
Recycling accreditations is expected to save the government 30 percent to 40 percent in testing and procurement costs, federal Chief Information Officer Steven VanRoekel said. "Cloud computing has become an integral part of the government's DNA," he told reporters. "One of the main challenges that people have identified is around security and using security as a barrier to entry around cloud computing."