WASHINGTON, D.C. - Ordering a pizza over the Internet is easy. Provisioning compliant cloud services for federal government agencies is hard.
Steve O'Keeffe would like to change that. O'Keeffe is the founder of MeriTalk, a public/private partnership focused on improving government IT, which has launched a new tool to help federal agencies find cloud providers that have received security certifications under The Federal Risk and Authorization Management Program (FedRAMP).
The FedRAMP OnRamp was launched Thursday at the Data Center Brainstorm, a conference at the Newseum that brought together IT managers from federal agencies, along with representatives of leading vendors and service providers to the government sector.
"The challenge with FedRAMP is that it hasn't been particularly transparent until now," said O'Keeffe. "There are different flavors of FedRAMP, and they're all about risk management."
Cloud First, But Only With FedRAMP
FedRAMP is designed to centralize the process of certifying vendors to offer cloud computing services that meet the strict security requirements of federal agencies. Cloud providers must gain FedRAMP certification to provide cloud services to federal agencies. Without FedRAMP, service providers would need to individually certify cloud installations at each agency they serve.
That would be an expensive undertaking. MeriTalk estimates the average cost for the government to perform a FedRAMP cloud security certification at $250,000. Using FedRAMP has already saved service providers more than $37.5 million in certification costs, according to estimates from MeriTalk and the General Services Administration.
That doesn't mean that it's always user-friendly. One of the goals of the FedRAMP OnRamp is to provide quick access to information about which companies have gained certification as Cloud Service Providers. That number currently stands at 14: AINS, Inc., Akamai, Amazon, AT&T, Autonomic Resources, CGI, Concurrent Technologies, HP, IBM, Lockheed Martin, Microsoft, Oracle, and the U.S. Department of Agriculture.
Another 15 cloud providers are currently in the FedRAMP approval process, including Acquia Inc., CA Technologies, CenturyLink Technology Solutions, Clear Government Solutions (CGS), Economic Systems, Fiberlink, HP, Layered Tech Government Solutions, Microsoft, Oracle, Salesforce.com, SecureKey Technologies Inc., Verizon Terremark, Virtustream, and VMware.
Immense Opportunity for Cloud Providers
The government cloud opportunity is immense. The U.S. Federal government spends more than $80 billion each year on IT. The Office of Management and Budget (OMB) has directed federal agencies to embrace a "Cloud First" policy to improve the efficiency of government IT spending and slash spending on data centers and applications.
The FedRAMP program was introduced in 2010, and the federal government has invested $15 million in the FedRAMP certification process. O'Keeffe says that MeriTalk's data shows that this has been a winning investment for U.S. taxpayers.
“The centralized FedRAMP security certification process is accelerating Uncle Sam’s jump to the cloud," said O'Keeffe. "So far, we’re realized $37.5 million in savings. We’re not just talking cost avoidance. We have the investment numbers to map against the cost avoidance, showing a $3.50 return for every $1 invested. As agencies use these secure cloud offerings, that number will continue to grow over time. Hats off to GSA and other agencies that are changing the economics of government IT.”
An "Invaluable" Connector
Service providers see clear benefits from a portal that makes it easier for end users to connect with vendors and understand their offerings.
“This tool offers clarity through an intuitive portal, allowing agencies to effectively evaluate approved Cloud Service Providers,” said John Keese, President and CEO, Autonomic Resources. “FedRAMP OnRAMP is the connector between agencies and their optimum cloud services, and it will soon prove invaluable for the ‘Cloud First’ initiative.”
“As government computing efforts continue to become more ‘cloud focused’ it’s important that Federal IT staffs have a convenient way to know which of their vendors are FedRAMP compliant,” explained Tom Ruff, Vice President, Public Sector, Akamai Technologies. “Participating in the OnRAMP program is designed to give our federal customers confidence that Akamai cloud services can be part of ‘end-to-end’ FedRAMP compliant solutions.”
O'Keeffe sees FedRAMP OnRamp as a small part of the government's long, slow shift to a more economic and effective IT infrastructure. It's not quite as easy as Internet pizza. But it should be.
"We're used to consumerization in our private lives," said O'Keeffe. "Why not in FedRAMP?"