You know the importance of FedRAMP if you are a government agency or partner. You also know it's required for any cloud provider servicing you or your government customers.
What if you aren't in the government space, why does it matter to you?
This week Autonomic Resources announced it has almost achieved its 2nd FedRAMP Authority to Operate (ATO) for its ARCWRX Platform as a Service (PaaS) based on OpenShift Enterprise by Red Hat, expected to be ready soon. This follows being the first cloud service provider ever granted FedRAMP ATO for its Infrastructure as a Service offering known as Autonomic Resources Cloud Platform (ARC-P) in December 2012.
I realize that's a lot of acronyms. Today I want help you understand what they mean and how they matter to anyone serious about a secure and flexible application hosting environment.
Let's start by talking about the key components that make up FedRAMP. First and foremost, FedRAMP is a defined set of security controls and parameters carved out of the National Institute of Standards and Technology (NIST) Special Publication 800.53 that defines a cybersecruity framework. Without FedRAMP, security and risk management has no consistency and is done on a case-by-case basis as seen here:
Without FedRAMP:
FedRAMP helps remove the complexity for agencies and providers with a set of defined requirements:
With FedRAMP:
Under these requirements, all FedRAMP authorized cloud services providers must:
Enact and comply their cloud offerings with over 300 NIST 800.53 security controls and parameters
Have those controls independently tested, and verified by a 3rd Party Accreditation Organization (3PAO)
Submit the compliance through what is known as continuous monitoring (CM)
Annually work with the FedRAMP Program Management Office (PMO) to re-authorize, re-test, and re-verify the offering by a 3PAO
Autonomic Resources chose OpenShift Enterprise by Red Hat for its ARCWRX PaaS because it met FedRAMP's stringent requirements:
We needed a secure and stable foundation for the infrastructure.
OpenShift is built on top of Red Hat Enterprise Linux (RHEL), already available and FedRAMP certified on ARC-P.
We wanted secure multi-tenancy in the operating system itself.
With SELinux built into the solution, this was easily achieved.
We could securely and effectively, use OpenShift to "firewall" user applications and meet the FedRAMP requirements.
We required enterprise level support. We could have used any open source PaaS project out there (including OpenShift Origin) and gone on our own, but targeting production workloads for what has to be a totally locked-down environment, being able to build our solution on a commercial offering was paramount.
Still not convinced? See for yourself by signing up for a free ARCWRX evaluation powered by OpenShift Enterprise by Red Hat. Get started now with a secure and flexible hosting platform for your applications that meets rigorous FedRAMP standards.
Get a free ARCWRX evaluation powered by OpenShift Enterprise