Yesterday was a big day around here. We achieved Federal Risk and Authorization Management Program (FedRAMP) compliance as a cloud services provider.
Big deal, you say? Why, yes. It is.
FedRAMP is a U.S. government-wide program that standardizes the approach to security assessment, authorization, and continuous monitoring for cloud products and services. Specifically, Akamai's globally distributed, publicly shared cloud services platform has received "Provisional Authority to Operate (P-ATO)" from the FedRAMP Joint Authorization Board (JAB).
As Akamai Public Sector VP Tom Ruff noted, "Achieving FedRAMP compliance allows public sector organizations to trust the Akamai Intelligent Platform as the foundation for their cloud computing projects, while at the same time supporting their defense-in-depth strategies. As important, FedRAMP compliance is another example of Akamai's commitment to serving the public sector and complements our DNSSEC, IPv6 and HIPAA compliant offerings, currently supporting nearly all Cabinet-level agencies."
Akamai CSO Andy Ellis said on Twitter: "The FedRAMP accreditation for @Akamai covers pretty much our entire commercial service portfolio."
The U.S. General Services Administration lists the following goals and benefits of FedRAMP on its website:
--Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
--Increase confidence in security of cloud solutions
--Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP
--Ensure consistent application of existing security practices
--Increase confidence in security assessments
--Increase automation and near real-time data for continuous monitoring
--Increases re-use of existing security assessments across agencies
--Saves significant cost, time and resources - "do once, use many times"
--Improves real-time security visibility
--Provides a uniform approach to risk-based management
--Enhances transparency between government and cloud service providers (CSPs)
--Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process
The Akamai InfoSec compliance and public sector staffs worked long and hard to reach this moment. For me, it's one of many examples of how dedicated people here are to making Akamai products and services secure. They were tireless and tenacious in reaching this point, and I'm honored to share the same workspace with them.