Federal IT Pros Vent FedRAMP Frustrations
Four out of five federal cloud decision makers (79 percent) are frustrated with the Federal Risk and Authorization Management Program (FedRAMP), most commonly calling the process, a compliance exercise, according to a MeriTalk survey of 150 federal IT cloud decision makers.
The survey also found that despite the General Service Administration’s (GSA) push to fix the process, 41 percent are unfamiliar with GSA’s plans to remedy FedRAMP.
"From the beginning, FedRAMP has suffered from lack of transparency—industry and agency officials alike have been clamoring for automated tools that would provide visibility into what cloud services are available, which vendors are in which stage of the authorization process," Dan Verton, executive editor of MeriTalk, told eWEEK. "But the program management office has only very recently started an outreach effort to agencies. And that outreach effort consists of one person: Ashley Mahan, the so-called FedRAMP Evangelist. That’s not enough. Agency officials tell us that they want a central clearinghouse of information."
When it comes to improving FedRAMP, 49 percent of feds propose accelerating the Cloud Service Provider (CSP) certification process so there are more secure cloud options, while 47 percent suggest establishing an Authority to Operate (ATO) clearinghouse, where agencies have access to—and are required to accept—all ATOs.
A MeriTalk survey found that despite the GSA's push to fix the process, 41 percent of respondents are unfamiliar with GSA’s plans to remedy FedRAMP.
"Clearly, the most troubling and revealing finding from our survey is that one in five government IT decision makers say that FedRAMP—a mandatory program—doesn’t factor into their cloud computing decisions," Verton said. "Closely related to this is the startling number of agencies that have not allowed other agencies to use their authorizations, as well as the high number who said they’ve been denied the use of authorizations by other agencies. This is the fundamental promise of the FedRAMP program—certify once, use many times."