By: Peter Nancarrow
Like any organization, agencies within the government sector recognize the numerous benefits that come from cloud migration, but also the need to ensure that cloud providers meet quality guidelines. The Federal Risk Authorization Management Program (FedRAMP) was created as part of the federal government’s effort to maintain consistent and rigorous standards during the ongoing digital transformation, modernization, and cloud migration. Using a standardized assessment approach, FedRAMP has created a secure marketplace “to ensure effective, repeatable cloud security for government.”
Today, we are excited to announce the FedRAMP authorization of the Virtru Data Protection Platform. Virtru data protection already supports government organizations as diverse as the Department of Veterans Affairs and the State of Maryland. With FedRAMP authorization, we can quickly extend this collaboration to provide real-time, cloud-based data protection and privacy across the federal government.
Digital transformation and modernization are extremely difficult to achieve through acquisition processes built for a previous era. FedRAMP was established to streamline federal government acquisition of cloud solutions while maintaining high standards for security, efficacy, and interoperability. Through a consistent, transparent, and continuous authorization process, cloud solutions undergo a rigorous evaluation process based on capabilities and security. Once authorized, over 120 federal agencies can acquire these solutions, saving significant time and resources through a “do once, use many times” authorization approach. Currently, the average solution is reused six times, saving over $130 million in cost avoidance.
FedRAMP has raised the bar in cloud security and digital transformation. We are thrilled to be part of this initiative by bringing the Virtru Data Protection Platform to the FedRAMP. Each cloud service offering (CSO) is assessed across three security objectives: confidentiality, integrity, and availability. These are centered on the NIST SP 800-53 control requirements and are categorized into low, moderate, and high impact based on the sensitivity of the data. Virtru was authorized with moderate impact. They define Moderate Impact systems as accounting “for nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals.”
As only the 128th solution authorized, Virtru joins an elite group of providers on the FedRAMP marketplace. The third-party assessment and thorough, independent evaluation change the paradigm in security evaluations, and benefits both the solution providers as well as customers. In an industry where solution providers can often game the system to set the criteria, update their solution mid-assessment, or even self-evaluate, FedRAMP offers refreshing transparency. And for federal agencies looking to transform their cloud security and data protection, FedRAMP has done the heavy lifting. Agencies can request and review our authorization package and conduct their own comparisons and due diligence across authorized solutions.
As we discovered, the assessment process requires significant commitment on behalf of the service provider with benefits that extend well beyond the public sector. Because of our public cloud model, all of our customers receive the security benefits of using a FedRAMP authorized provider. And thanks to the continuous evaluations, both private and public sector organizations will be aware of any changes in FedRAMP compliance for solutions providers.
The FedRAMP is a welcome and necessary part of the government’s digital transformation. As FedRAMP evolves, we look forward to continuing to expanding our data protection and privacy support for the critical missions across the federal government.
Talk to Virtru to learn more about FedRAMP and what it can mean for you.