Top 5 Things You Should Know About FedRAMP℠ and Adobe’s Cloud Services for Government
By John Landwehr
In July, Adobe Experience Manager and Connect Managed Services received FedRAMP℠ Authorization for its Cloud Services for Government. The Department of Health and Human Services (HHS) granted Adobe an Authority to Operate (ATO) for these specific cloud services run by Adobe Managed Services. Most importantly, this ATO can be leveraged government-wide, thereby decreasing the time and cost for other agencies and organizations as they adopt Adobe’s technology. So what exactly does this mean and why is it important? Here are the top 5 things you need to know:
1. What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) provides a cost-effective, risk-based approach for the adoption and use of cloud services. It is a joint collaboration by the Department of Homeland Security (DHS), Department of Defense (DoD) and General Services Administration (GSA) as well as other working groups to assist agencies in meeting FISMA requirements for cloud systems. It provides a single, standard approach to security assessment, authorization and monitoring of cloud services.
2. Why Should I Care About FedRAMP?
According to the official FedRAMP site, FedRAMP is based upon the same set of security controls as documented in the Federal Information Security Management Act (FISMA) of 2001. These controls are outlined by the National Institute of Standards and Technology (NIST 800-53). Where FISMA exists as the approval process for on-premise programs, FedRAMP exists as the equivalent for cloud solutions. With recent legislation, all agencies seeking to use cloud services can only implement ones that are FedRAMP certified. More information about FedRAMP can be found here.
3. What does Adobe offer?
Adobe is the first FedRAMP cloud service provider (CSP) to deliver this combination of solutions:
- Web Content Management (WCM)
- Electronic Forms with eSignatures
- Documents Rights Management (DRM)
- E-Learning (LMS)
These FedRAMP authorized solutions are supported by Adobe Products, run by Adobe Managed Services, from a specific region within the Amazon Web Services infrastructure.
- Adobe Experience Manager Managed Services on Amazon GovCloud
- Adobe Connect Managed Services on Amazon GovCloud
4. What’s the big deal about FedRAMP Authorization ?
An agency authorized Authority To Operate (ATO) is the FedRAMP stamp-of-approval for federal agencies. It allows government entities (as well as commercial organizations) to more easily adopt Adobe’s FedRAMP certified cloud solutions. Approval from one agency means an approval for all agencies on the federal level – making an ATO extremely valuable for cloud service providers (CSPs).
Adobe partnered with the Department of Health and Human Services (HHS) to determine that Adobe’s approved cloud services comply with FedRAMP requirements. In working through the FedRAMP Security Assessment Framework (SAF), Adobe’s approved cloud services were first examined to be of FedRAMP standards and reviewed to ensure that solutions were properly documented. They then were evaluated by the Veris Group, a third party assessment organization (3APO) to make sure the software performs as documented, and had to pass 328 separate security controls in order to become FedRAMP authorized. The approval process is very intensive and takes anywhere from one to three years to complete. Accordingly, Adobe’s investment is significant and further demonstrates how Adobe stays ahead of the curve in terms of security and compliance.
5. Benefits of FedRAMP Certification for Cloud Based Solutions
In 2011 the U.S Federal Government released the Federal Cloud Computing Strategy that instituted a “Cloud First” policy emphasizing cloud services by requiring agencies to adopt a cloud solution if one exists. This strategy was developed as a result of three main benefits of cloud services: its deployment speed, minimal on-premise upkeeping, and constant stream of updates.
- Fast deployment speed – Hosted cloud solutions are typically already ‘up and running’ compared to on-premise solutions which can take months to implement. The beautiful part of the cloud is its scalability – it can be grow or shrink to suit the demands of the enterprise.
- Minimal on-premise housekeeping – in on-premise solutions, a lot of time is required of the security staff of individual agencies to set up servers, install software, manage patches and updates, performing backups and troubleshooting problems. With cloud solutions, there typically aren’t on-site servers, the software installs, patches and back up is the responsibility of the cloud service provider. This saves federal agencies time and money and allows the agency’s security team to focus on their core job.
- Always the newest version – Cloud solutions are constantly updated to provide new features or services and keep up to date with the changing security landscape. Cloud service providers also learn from the implementation of its software for one agency in order to improve the product to its other customers. These learnings help ensure that our customers are getting a secure and high quality service.
The US Government has clearly identified cloud solutions as the way of the future. With its recent FedRAMP authorization, Adobe seeks to be cemented as one of the leaders of cloud solutions in the public sector with its unique cloud service solutions.