HP Enterprise Services has become the latest CSP (cloud service provider) to announce it has passed Federal Risk and Authorization Management Program (FedRAMP) protocols to get the official US government cloud security stamp.
Amazon, as you’d probably expect, announced its FedRAMP seal of approval last week. So what’s that stomping sound you’re hearing? It’s all the public cloud competition rushing to catch up…
With FedRAMP compliance, federal organisations can instantly assess whether a CSP’s solution works for them, as well as increase levels of consistency and attainment in cloud security.
That’s the theory, at least. The FedRAMP official website lists a series of ‘program goal’ bullet points which includes “accelerat[ing] the adoption of secure cloud solutions through reuse of assessments and authorisations”, increase[ing] confidence in security of cloud solutions”, as well as an increase in automation and near real-time data for continuous monitoring.
HP, in a press release, calls FedRAMP “the most rigorous standard for cloud service provider security”, and according to Marilyn Crouther, senior VP HP Enterprise Services US public sector: “The high sensitivity of the data stored in the cloud requires government CIOs and IT managers to adopt cloud solutions that are trustworthy, reliable and consistent.
“FedRAMP authorisation represents a critical milestone in HP’s efforts to deliver a secure converged cloud to our US government clients, helping us establish strong partnerships and increase clients’ confidence in the security of their cloud systems.”
Governments are of course looking to enable the most cutting edge cloud computing technology out there. FedRAMP, therefore, can be seen as one of the more important elements in the White House’s ‘cloud first’ policy. Back in March the UK became ‘cloud first’, with the third iteration of the G-Cloud being recently released, while Australia has been criticised in some quarters for being “not quite cloud-first” having launched its strategy last month.
Expect plenty more from this in the coming months, as vendors look to get their authentication for greater cloud security. But will this actually make more secure clouds, or is it just the newest pile of government admin?
Update 12 June: This report originally said that HP was the second CSP to gain accreditation – however, as pointed out, Autonomic Resources ARC-P cloud got FedRAMP’s first issued authority to operate back in December 2012. CloudTech is happy to correct the record.