Byline: Brian Chidester
Agility. Speed. Flexibility. Efficiency. These are not words normally associated with government by most people. In defense of governments, though, they have huge challenges in providing services on the enormous scale at which they function. And the US federal government operates some of the largest organizations in the world. Now, the Federal Risk and Authorization Management Program (FedRAMP) is giving those government operations agility, speed, flexibility and efficiency and creating the framework for future successes.
FedRAMP is a set of data security guidelines established in 2011 with a direct focus on cloud-based products and services. It was created by the Joint Authorization Board (JAB) with representatives from the Department of Homeland Security (DHS), the General Services Administration (GSA) and the Department of Defense (DoD).
The cloud has transformed the way many companies use data information systems. With those changes, however, have come concerns about data integrity and security. In the case of governments this is particularly important, as they are highly visible targets that hold tremendous amounts of valuable data. FedRAMP aims to address those concerns with its “do once, use many times” framework—once you have the appropriate security controls in place, you can use repeatable security assessment processes to ensure your controls are operating up to FedRAMP standards. This repeatable, modular approach to data security helps organizations cut costs and minimize resource investments in data security.
And security is important if the cloud is to be central to government operations. As we’ve seen with the SolarWinds hack, the Microsoft Exchange breach, the dramatic Colonial Pipeline attack, which shut down gasoline distribution to a large part of the US population, and waves of ransomware attacks over the last several years, attackers are becoming more sophisticated and going after major targets. FedRAMP guidelines can help mitigate risk and ensure alignment with US government-approved standards. Private sector companies that implement FedRAMP-compliant solutions will realize the security benefits and ensure their eligibility to bid on and work on government contracts.
FedRAMP makes business sense
The challenge for organizations, whether in the public sector or the private sector, is to unlock the power and value that exists in the data they hold. Legacy systems—many of which were paper-based and heavily manual—grew so large that the lion’s share of the budget was spent on simply keeping those crucial systems running. This resulted in silos of data that made sharing information difficult and slow. And, in turn, this created frustration for the public when trying to use government services.
Moving to the cloud can break down those silos, allow quick and easy sharing of information and ensure there is one true, verified version of that information.
FedRAMP is a major step forward because it allows organizations to move into the cloud securely, free their data and enjoy the full benefits of the cloud. It also means that, where legacy systems cannot be immediately migrated, they are accessible and can work with cloud applications. With data available wherever it is needed, inefficiencies can be removed from the process and the customer or citizen experience can be improved thanks to better case management.
But no technology solution is just about technology—it’s about people as well. With millions of employees in the US federal government, solutions need to be simple to use and eliminate the pain points of those workers who have been struggling with legacy systems. Hiring and retaining staff is going to be harder if tasks are tedious, mundane and not automated. You can’t attract key talent into an organization without the technology in place that they’re used to using in their private lives, the great experiences they see in the applications they use every day to shop, bank, learn and socialize. When outdated technology is making their jobs hard for no reason, staff disengage, morale suffers and it becomes difficult to get the best and brightest talent.
The work done on FedRAMP is the basis for StateRAMP, an initiative to bring the same data controls, security and efficiency to state and local governments, as well. The best practices that have come out of FedRAMP bring high levels of control and security to government and the private sector while providing the flexibility needed to operate more efficiently.
Cloud for Government from OpenText™ transforms Public Sector missions with government workflow automation, data security and enterprise content management. The solution combines content capture, storage and document organization with archiving, records management and imaging on a FedRAMP-compliant platform. Learn more here.
Brian Chidester is the Senior Industry Marketing Strategist, Public Sector, OpenText.