What is the future of FedRAMP? Recently I had an in-depth discussion on this vital topic with the Center For Cybersecurity Policy And Law. The organization gathered industry and public sector experts to discuss modernizing FedRAMP to keep up with the fast pace of innovation in modern cloud technologies.

Apart from minor disagreements on which sock of the month is best—orange polka dots with a blue suit or blue penguins with a brown suit—everyone agreed that cloud technology is tremendously important to future government innovation. As a result, the process of compliance, including FedRAMP certifications and audits, is increasingly important to the speed of government cloud adoption and IT innovation.

With my experience in Oracle’s public sector practice for several years now, I’m fully aware of what it takes to set, implement, and meet compliance-focused initiatives, especially within the agency. I now see opportunities to build partnerships that can offer efficiencies both internal to Oracle and for our government agency partners.

Reshaping FedRAMP into a Contemporary Risk-Based Security Program

FedRAMP has illuminated how compliance standards can offer efficiencies as they make great strides to enable the adoption of cloud. Today, it’s increasingly difficult to keep up with demand as cloud companies innovate, introducing new capabilities that offer rapid delivery of modern technology. Mission and program owners seek to have similar technology that allows them to keep up with their commercial counterparts and offer better experience for the citizens they serve.

Chief information officers (CIOs) and technology leaders want to ensure that they deliver value as they meet their responsibilities for security, privacy, continuity of operations, and changing evolution of their workforce needs. Technology leaders are always looking for ways to keep pace and adapt to their increasing demand for accelerated delivery, agility, speed of innovation. A key piece is to offer accelerators that reduce time-consuming processes without compromising the integrity of security and data.

Oracle has FedRAMP high authorization for our cloud infrastructure, US data centers, and many of our SaaS and PaaS offerings. After making the journey through the tedious accreditation process, we realized the FedRAMP program can improve and evolve in many ways.

Originally designed for earlier generation of technology and deployment models, FedRAMP moves at a deliberate speed. Further, FedRAMP inherits many security controls from a compliance regime designed for an earlier, far more technologically static era. The cloud market is not static, and government compliance can’t be either.

Change and Evolution

Today, many commercial cloud providers share our opinion that FedRAMP should evolve into a more dynamic program, built around automated risk assessment and certification. Security controls could be assessed with automated scripts and APIs, rather than paper documentation and manual review. Allowing vendors to link their cloud environments to automated feeds could streamline and accelerate the cloud assessment process.

To aid in this critical change, Industry should look for ways to reduce the burden on our public sector partners. Agency technology leaders can look for opportunities that streamline these practices, focusing their resources on mission value.

How can evolving FedRAMP improve access to innovation and enhance security and boost efficiencies?

  • Lowering barriers for startups and small businesses who want to sell to the federal market can create greater accessibility to newer products and services.

  • Automation can enhance security by enabling the government to continually, rather than periodically, monitor the implementation of critical security controls.

  • By automating processes, FedRAMP can facilitate efficient use of scarce federal cybersecurity resources and free up time to focus on risk reduction, rather than manual evaluation of compliance.

Looking to the Future

There’s no doubt that FedRAMP has smoothed the pathway for federal adoption of cloud computing as a cornerstone of federal security. To build on its success, there needs to be a systematic shift toward it being more dynamic to enable scale. Let’s all help the FedRAMP team reshape the future of cloud adoption in the government.

Learn more about step and recommendation for a better future of FedRAMP.