Quick Study

By Brian Robinson

Blog archive

Feds prepare RAMP for cloud

As we all know, the federal government is headed for the cloud, though some parts of it seem to be getting there more slowly than others. Now the Cloud Computing Advisory Council, an offshoot of Federal Chief Information Officer Vivek Kundra’s ambitions for government IT, wants to speed things up.

A new program named FedRAMP, which could be up and running in a few months, will try to move things along by providing a single entity through which the government could authorize cloud services for use by agencies.

In an interview with GovInfoSecurity.com, the vice chair of the council, NIST’s Peter Mell, said the details of the Federal Risk and Authorization Management Program has been sent to agencies for their blessing, and the program will go into pilot as soon as that is given.

Security is probably the biggest sticking point when it comes to the feds’ use of the cloud, at least the public cloud. Currently, it’s up to each agency to make sure that the cloud it uses is secure enough to store its data and move it around in the cloud.

FedRAMP, which follows NIST’s most recent guidance on government security, would apparently create the first agreed governmentwide security requirements for cloud services, among other things.

I don’t think I’m the only one who's wondering how enthusiastic individual agencies are about moving to the cloud, given all the other IT stuff they have to contend with. But the above is just one more indication of the administration’s seriousness, at least, along with earlier indications of how fed IT budgets will flow to the cloud.

Posted by Brian Robinson on Mar 30, 2010 at 9:03 AM


Reader Comments

Tue, Apr 13, 2010

Just think if every federal agency went to a cloud provider and said "Let me look at all of your security?" If you were a cloud provider, would you be happy to see one office to deal with and then have that office deal with each agency?...... answer YUP If you have DOD, DHS and GSA agree that the risk to the federal government are acceptable, are you saying that your agency will say, NO..... I think not.

Tue, Mar 30, 2010

So somebody outside of my organization is also going to accept my risk for me? Who is that individual and more importantly what do they know about the mission of my agency? What you should really search for here is a "certification" of a cloud to a certain level... Ohhh wait.. can't do that now that NIST has removed it... I guess we'll "authorize" them even though a government wide authorization is meaningless to an agency.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Defense Systems eNewsletters