CloudPassage works towards FedRAMP for AWS GovCloud

Government use cases are increasingly seen as attractive business for cloud vendors, but with that come some strict requirements.

AWS re:Invent cloud security

In recent years, there has been an increasing awareness of how Government agencies can be big users of cloud computing. While Amazon Web Services' massive win to build a private cloud for the CIA got huge attention, more modest opportunities are available to deliver standard cloud services to agencies. But with that comes some strict requirements; government agencies are, not surprisingly, under strict guidelines to ensure security and privacy. In the U.S., these requirements are codified into a government-wide program, FedRAMP, that has created a standardized approach to security assessment, authorization, and monitoring.

FedRAMP came about after collaboration by IT teams with the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry. Out of the collaboration came a set of strict security standards that vendors must satisfy to be certified as FedRAMP-ready.

Alongside AWS' re:Invent conference being held this week, one vendor is jumping on the FedRAMP bandwagon. CloudPassage is a security vendor that offers visibility and protection over standard data centers and both public and private clouds. The company's Halo platform is offered as a service that can be deployed rapidly. CloudPassage is in use by commercial organizations such as Citrix,, and Adobe.

CloudPassage wants to extend to governmental use-cases and is now available within AWS' isolated region that is focused purely on U.S. government agencies, AWS GovCloud (US). GovCloud itself is complaint with U.S. International Traffic in Arms Regulations (ITAR) regulations, as well as FedRAMPSM and DOD SRG Levels 2 and 4 requirements.

Alongside the availability, CloudPassage is going through the process of FedRAMP certification. Of course, an announcement saying that CloudPassage had already one FedRAMP would be even better, but these things understandably take time. Either way, this focus on government customers is a positive one and should help to build the efficiency and effectiveness of governmental IT.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.