Jul 13 2020

FedRAMP Should Be a Catalyst for Modernization

Follow these three principles to drive innovation at your agency.

As we adapt to an increasingly digitized society, the Federal Risk and Authorization Management Program is crucial for enabling modernization across federal agencies. Because FedRAMP helps them save money and time through the adoption of innovative cloud services, agencies can trust that their IT partners are well suited to meet their critical needs. 

Today, many services have already achieved FedRAMP authorization, which gives agencies a variety of choices to help modernize their IT systems. However, for agencies to remain competitive in this new environment, FedRAMP must be a new baseline, and not the end of the journey. 

As technology and security threats continue to evolve, here are three things organizations should keep in mind in addition to selecting solutions from the FedRAMP marketplace.

1. Cloud Security Protocols Should Consistently Evolve

According to the 2019 Enterprise Cloud Index, security was the largest factor affecting organizations’ future cloud strategies. According to the report, 60 percent of respondents said that the state of security among clouds would have the biggest influence on their cloud deployment plans in the future. 

Today, cloud security remains a top concern for government agencies. While FedRAMP helps ensure cloud services meet a standardized security baseline, relying solely on one technology creates security overtrust, which can prevent agencies from identifying threats within their systems and can be damaging in the long term. 

Beyond relying too heavily on vendor trust, cloud-related breaches are often linked to human error and poor governance. This was only amplified as many government agencies transitioned to telework during the onset of the COVID-19 pandemic. 

According to a recent study, external attacks on government cloud accounts increased by 773 percent during the first few months of 2020. Agencies that were not fully prepared for remote work and had to quickly adopt new technologies potentially opened up their organizations to a variety of new threats. 

Now that the initial rush to onboard remote employees has subsided, agencies must proactively protect the sensitive information stored within their systems for the long term. Agencies can consider actions such as continuous, real-time security logging to keep a digital record of all system activity. 

This practice gives agencies a clear view to track any changes being made within the network, which then allows IT leaders to identify and quell any suspicious behavior in real time. Simply having a point-in-time security authorization in place is not enough. Looking forward, agencies can consider developing more stringent disaster preparedness plans and external security protocols.

READ MORE: Find out how agencies are using the Technology Modernization Fund. 

2. Agencies Should Focus on Agile Solutions

As security threats evolve, agencies should expect more stringent certifications to become available. Certifications will most likely be developed to focus on specific pieces of business, as one-size-fits-all models won’t be applicable to all organizations. For example, the Cybersecurity Maturity Model Certification (CMMC) will help protect sensitive government data housed in the supply chain and ultimately set organizations that work with the federal government up for future success against outside threats.

While relying on the variety of certifications available, agencies must also constantly reassess and improve upon existing policies and technologies to ensure that operations remain efficient, cost-effective and of the highest quality. 

Simply relying on a certification to determine security and future protection isn’t enough, and organizations must be agile to meet telework requirements and respond to disasters and other unforeseen threats. Adopting technologies such as Desktop as a Service helps organizations meet the unique needs of every end user while giving agencies the flexibility to roll out tailored desktops based on business needs. Additionally, organizations must work to anticipate the future needs of customers and the regulatory hurdles they will face when deploying new technologies. Proactively adopting new standards will help agencies stay one step ahead, while a reactive stance to federal regulations is a sure way to fall behind. 

MORE FROM FEDTECH: Find out how to effectively plan for a hybrid cloud environment.

3. Agencies Must Prioritize IT Innovation

For many agencies, a focus on meeting stringent security standards can mean less focus on innovation, but this shouldn’t be the case. Organizations should use authorizations as a jumping-off point to modernize legacy systems and anticipate the needs of employees and partners. 

A FedRAMP-authorized cloud service combined with an agency’s forward-leaning security practices will not only enable cloud modernization but will also lead to a modernized security model that is continuously monitoring for threats. The onset of the digital economy has placed pressure on federal and state governments to meet the demands of new working styles and has sparked new modernization efforts across agencies. Looking ahead, as the government continues to invest in technology, it will allow more flexibility and innovation within the public sector.

Agencies should buy into FedRAMP authorization and other certification programs that make them competitive, but they shouldn’t rely on certifications to cover all security needs or allow them to stifle product development and innovation. 

As more programs like FedRAMP and CMMC enter the market, agencies should use them to their full potential while also taking care to constantly develop new ideas and be proactive. Taking this proactive stance will require a combination of communicating openly internally, monitoring the latest technological trends and maintaining a highly skilled team that can innovate to address evolving needs.

ipopba/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT