Securing Your Cloud Solutions: Research and Analysis on Meeting FedRAMP/Government Standards

The Securealities report focusing on FedRAMP highlights resourcing and budgeting approaches, guidance on common pitfalls and successful strategies for cloud service providers (CSP). 

The findings highlight areas where CSPs can improve their compliance with framework standards in pursuit of FedRAMP authorization to accelerate the adoption of secure cloud solutions within government agencies.

Key insights from the report:

  • CSPs have focused on solutions at the expense of cybersecurity, and have been unprepared in areas like vulnerability scanning, where 70 percent of CSPs needed to improve.
  • Despite beliefs that FedRAMP is too expensive and only for large companies, more than 40 percent of authorized CSPs have less than $100 million in revenue.
  • There are a broad range of authorized solutions, but competition among service providers providing those solutions is shallow providing opportunities for entry.
  • Many CSPs bringing commercial solutions to the FedRAMP process have needed to make modifications in order to meet the requirements.
  • Since 2014, average times to obtain authorization have decreased 65% for CSPs working with the Joint Authorization Board (JAB) and 59% for those working directly with an agency.
  • CSPs working with a Third Party Assessment Organization (3PAO) for preparation and assessment typically spend $250,000 to $385,000.
  • Our best estimate indicates approximately 60% of federal agencies do not yet participate in FedRAMP. This provides an opportunity for CSPs to continue to pursue new markets for their cloud solutions.
  • 20 federal agencies have leveraged FedRAMP five or more times, and cabinet-level departments use an average of 16 solutions.

Please fill out the registration form on this page to receive access to the report.