Advanced Computing in the Age of AI | Sunday, September 24, 2023

U.S. Cloud Shift Advances 

U.S. government agencies' slog to the cloud, a journey that has lately been complicated by a new set of security requirements designed to fend off an outbreak of "nation-state" cyber attacks, registered some modest progress this week when another cloud services provider announced it had achieved "ready status" under a federal cloud security initiative.

CloudPassage Inc., a security platform vendor focusing on shielding servers running in datacenters and cloud infrastructure, joins three other cloud service providers listed as "ready" under the Federal Risk and Authorization Management Program, or FedRAMP. Others are Companion Data Services, OnWire and Oracle Corp. (NYSE: ORCL).

San Francisco-based CloudPassage said Tuesday (Oct. 11) its Halo cloud platform achieved the first of three milestones in an accelerated FedRAMP approval process established to help government agencies shift functions to a secure cloud. The certification means the Halo platform can be used to satisfy "a significant portion of the technical and operational controls" cloud suppliers need in order to attain final FedRAMP approval, or "authorization to operate," the company said.

Company executives noted that the phase one FedRAMP approval means cloud providers seeking federal certification can use the Halo security platform for auditing and monitoring many of the controls requirement under the FedRAMP certification process.

Seeking to streamline what has proven a cumbersome cloud certification process, federal cloud regulators launched an accelerated timeframe to provide more predictable audit timelines for cloud vendors seeking to provide services to government agencies.

Separately, CloudPassage announced last week that its Halo security platform is available on the Amazon Web Services (NASDAQ: AMZN) GovCloud. The AWS government cloud, also designated as its U.S. region, is an isolated region designed to allow federal agencies and contractors to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

CloudPassage also stressed that its security platform meets stringent new security standards that cloud vendors must meet under the FedRAMP process to fend off a growing number of state-sponsored cyber attacks. The guidelines are in response to massive data breaches such as last year's hack of employee records at the U.S. Office of Personnel Management.

China is widely believed to have been behind the OPM attack. Meanwhile, the Obama administration accused Russia last week of hacking Democratic Party web sites in the run-up to the 2016 presidential election.

CloudPassage released a cloud security survey in August that revealed a growing "attackable surface area" as more server workloads shift to the cloud. One consequence, the survey found, is that 95 percent of respondents said the shift to the cloud requires them to create, modify or retire server workloads much more frequently in the cloud than traditional datacenters.

FedRAMP is a government program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).