TMCnet News
Four Out of Five Federal Cloud Decision Makers Report Deep Frustrations with FedRAMP ProcessMeriTalk, a public-private partnership focused on improving the outcomes of government IT, today published the findings of its latest report, "FedRAMP Fault Lines." The report reveals four out of five Federal cloud decision makers (79 percent) are frustrated with the Federal Risk and Authorization Management Program (FedRAMP), most commonly calling the process, "a compliance exercise." And, despite the General Service Administration's (GSA (News - Alert)) push to fix the process, 41 percent are unfamiliar with GSA's plans to remedy FedRAMP. The report also found Feds are frustrated with the lack of transparency into the FedRAMP process and unsatisfied with its efforts to increase security. More than half of Feds (55 percent) - and 65 percent of defense agencies - do not believe FedRAMP has increased security. While some Feds believe FedRAMP has successfully reduced duplicative efforts, many believe the process is still too slow and fail to take advantage of shared Authority to Operate (ATOs):
With cracks in the FedRAMP foundation, Feds remain uncertain about the process - with some ignoring the program entirely even though it is mandatory for Federal agency cloud deployments and service models at the low and moderate risk impact levels. Nearly one in five Feds surveyed (17 percent) report FedRAMP compliance does not factor into their cloud decisions while 59 percent would consider a non FedRAMP-compliant cloud. "Despite efforts to improve, FedRAMP remains cracked at the foundation," said Steve O'Keeffe, founder, MeriTalk. "We need a FedRAMP fix - the PMO must improve guidance, simplify the process, and increase transparency." When it comes to improving FedRAMP, 49 percent of Feds propose accelerating the Cloud Service Provider (CSP (News - Alert)) certification process so there are more secure cloud options; 47 percent suggest establishing an ATO clearing house where agencies have access to - and are required to accept - all ATOs. Some (27 percent) also recommend changing leadership at the GSA Program Management Office (PMO) - civilian agencies are more likely to suggest this change with 37 percent recommending a change in leadership. For government to capitalize on the promise of cloud, Feds need to embrace FedRAMP. The report outlines the following recommendations to improve the process:
The "FedRAMP Fault Lines" report is based on an online survey of 150 Federal IT cloud decision makers in April 2016. The report has a margin of error of ±7.97 percent at a 95 percent confidence level. To download the full study please visit: https://www.meritalk.com/study/fedramp-fault-lines/. About MeriTalk The voice of tomorrow's government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Focusing on government's hot-button issues, MeriTalk hosts Big Data Exchange, Cloud Computing Exchange, Cyber Security Exchange, and Data Center Exchange - platforms dedicated to supporting public-private dialogue and collaboration. MeriTalk connects with an audience of 115,000 government community contacts. For more information, visit www.meritalk.com or follow us on Twitter (News - Alert), @meritalk. MeriTalk is a 300Brand organization. View source version on businesswire.com: http://www.businesswire.com/news/home/20160523005133/en/ |
