A Bold Step to Secure Cloud Computing for the AI Era

The U.S. government is considering changes to the Federal Risk and Authorization Management Program (FedRAMP) to modernize and enhance security in cloud computing.


The Need for Change in FedRAMP

The U.S. government spent $12.3 billion on cloud services last year, a number that is expected to grow to $16 billion in 2023. However, there is a question of whether this investment will fully utilize the capabilities of innovative and secure cloud providers.

The Office of Management and Budget (OMB) has released a draft memorandum to modernize the Federal Risk and Authorization Management Program (FedRAMP), which certifies commercial cloud providers for government workloads. This memorandum, if adopted, will bring about necessary changes and enable the government to fully embrace commercial clouds.

Many vendors created GovClouds, separate clouds for government workloads, to meet FedRAMP's security controls. However, these GovClouds lack the security, compute power, and capabilities needed in the current era. OMB's draft memorandum aims to transition federal agencies away from GovClouds and towards commercial clouds that prioritize security, innovation, and cyber resilience.

Streamlining Certifications and Authorizations

OMB's draft guidance recognizes the need to speed up the certification process for cloud technologies in government. It proposes supporting different types of FedRAMP authorizations, such as single- and joint-agency authorizations, program authorizations, and other types approved by the FedRAMP Board.

By replacing the current cumbersome process, agencies can accelerate the adoption of best-in-class cloud technologies and improve efficiency across the government. Additionally, the draft guidance aims to establish a baseline for the reliability of authorizations, reducing duplicative work and bringing coherence and consistency to what is required from cloud providers.

Automation is a key aspect of streamlining the certification process. The draft guidance requires the General Services Administration (GSA) to establish means of automating FedRAMP security assessments and reviews by December 2023. This would eliminate the reliance on PDF and Word documents and potentially introduce new validation tools and mechanisms for machine-readable data and continuous monitoring.

Embracing Commercial Cloud Technology

OMB's guidance represents an innovative and transformative step towards leveraging the full potential of commercial cloud technology. The use of commercial clouds is crucial for running AI workloads and ensuring the security of our nation's technology. Cyberattacks on cloud systems have been on the rise, highlighting the need for advanced security measures.

By giving the U.S. government access to cutting-edge cloud technology and security, we can better protect our nation and provide improved services to the American people. The proposed changes in FedRAMP will enable government agencies to benefit from the compute power, security, and capabilities offered by commercial clouds.

Ultimately, the transition from GovClouds to commercial clouds will bring about a new era of security, artificial intelligence, and automation in government. It is a necessary step to keep up with the rapid advancements in technology and ensure the government can leverage the best cloud solutions available.