An interesting article By Rutrell Yasin on GNC.com:
Being granted approval to offer cloud services under the federal government’s FedRAMP cloud security program appears to be a more rigorous process than some cloud providers anticipated.
Of the more than 80 cloud providers who have applied to go through the FedRAMP certification, more than half are not yet ready to go through the process, according to Kathy Conrad, principal deputy associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies.
FedRAMP, the Federal Risk Authorization Management Program, is based upon trust. “The essence of that trust,” Conrad said, “is the rigor and the integrity of its security assessment that then can be leveraged across government.” The government intentionally designed FedRAMP certification to be rigorous and does not plan to make it easier, she said.
FedRAMP “is not a process for those who are looking for a quick and easy security assessment,” Conrad said. Instead, the average security assessment for systems that are not cloud-based takes about six months, and it is no quicker for FedRAMP and cloud systems, she said.
Conrad spoke to an audience of government and industry representatives Feb. 12 at the Cloud/Gov conference held by the Software and Information Industry Association in Washington, D.C.
Read more here.