APPROACH
After an exhaustive six-month evaluation process, Orca engaged Coalfire’s FedRAMP advisory and Accelerated Cloud Engineering (ACE) teams to help guide the development of its FedRAMP Software-as-a-Service (SaaS platform and advise on the associated control and compliance requirements. Orca decided to partner with Coalfire based on their experience with 70% of all new FedRAMP ATOs. “We chose Coalfire for having far more experience with FedRAMP engagements than their closest competitor, their cloud team’s direct expertise in building the environment, internal operational compliance requirements, and their advisory team working through the audit process,” said Hudson.
Advise
After learning about Orca’s goals and objectives, Coalfire helped the company define its strategy, investment needs, and anticipated ROI, which enabled Orca to gain internal buy-in and investment. Coalfire’s advisors explained the FedRAMP and agency sponsorship process to Orca’s team, and then worked with them to define and develop a comprehensive FedRAMP business strategy to move the project forward.
Migrate
Utilizing Coalfire’s ACE services, Orca deployed a FedRAMP-compliant environment with AWS services in less than 8 months, for nearly 80% less than historic costs. ACE simplifies the compliance process by utilizing pre-engineered, automated modules to develop secure, audit-ready cloud environments in as little as 60 days. AWS was the clear choice for Orca because of the scalability and variety of offerings. “Working with Coalfire and AWS through this process was straightforward, enabling us to gain FedRAMP Ready status,” said Hudson.
RESULTS
Orca was listed as FedRAMP Ready on the FedRAMP Marketplace in time to take advantage of maturing procurement practices that prioritize modern cloud operations under security first mandates. While the designation wasn’t easy, it was well worth it, as measured by new client acquisitions and increased revenues. The typical timeline to FedRAMP Ready status is 18 months, but Orca reached that milestone in less than half that time. “Orca achieved its FedRAMP Ready status significantly faster than average timelines,” explained Hudson. “Our roadmap for FedRAMP Moderate Authorization will include Azure Government as part of our FedRAMP ATO package. Overall, our path to FedRAMP Moderate authorization is on target to be completed within one year
“As a result of our teams’ efforts to get Orca embedded with the FedRAMP ecosystem, we’ve seen significant growth in our sales pipeline and are already well on our way to reaching next year’s revenue targets.” The company’s strategic planners can now move ahead with a deeper understanding of the FedRAMP environment and the associated compliance management requirements.