News this week from Adobe, which is justifiably pleased that it has received FedRAMP certification for its cloud services. FedRAMP, which stands for the Federal Risk and Authorization Management Program, is a rigorous set of assessments that vendors wishing to sell to the federal government must achieve. For those who are skeptical about FedRAMP, it is another layer of compliance that does little to deliver real security but rather simply introduces an element of drag into the system. For proponents of FedRAMP, however, it provides a standardized and secure process for selecting cloud service providers that can be utilized across every government agency.
In its case, the Department of Health and Human Services sponsored Adobe's certification, and the tick means that Adobe will be the first cloud provider to be able to deliver Web content management, electronic forms with eSignatures, Web conferencing, e-learning, and document rights management to federal agencies. The company will do so from the Adobe Experience Manager and Adobe Connect suite of products.
Security concerns, whether valid or not, are still seen as one of the key factors preventing government agencies from adopting cloud services. According to a study earlier this year, nearly half of government IT leaders and key technology decision-makers are still “uncomfortable” turning over IT to the cloud, making FedRAMP authorization more important than ever for establishing trust in cloud services.
“Security compliance is critically important in cloud services,” said John Landwehr, vice president and public-sector CTO at Adobe. “This FedRAMP milestone demonstrates Adobe’s capability to comply with the highest security requirements, while delivering engaging and efficient digital government solutions across devices.”
The interesting thing about this announcement is that it was pushed by the Department of Health and Human Services. Frank Baitman, chief information officer at the DHS, is quoted as saying that “Adobe has met the compliance requirements of the FedRAMP program. … This authorization meets the varied business requirements of our operating divisions. It not only benefits these organizations within the Department, but other government agencies are also able to more easily utilize this security documentation and assessment for their own information technology projects.”
There is a long history of the federal government seeking ways to bring clarity to its own operations, as well as more generally, about the impacts and import of new technology. In 2011 NIST, the National Institute of Science and Technology, developed a set of standards and definitions for what constitutes cloud. While many criticized this as little more than a semantic process, the NIST classification did certainly bring a degree of clarity and stopped some of the more blatant "cloudwashing" that existed previously.
In terms of what FedRAMP actually means, there are more than 340 requirements and an intensive auditing process that vendors need to complete before being certified. FedRAMP can be seen as an overarching certification that extends over more specialist certifications like those for the financial services industry (GLBA) and health (HIPAA).
While FedRAMP in no way guarantees Adobe that it will convert opportunities into sales, it gives the company a seat at the table. That alone is worth lots of corporate confidence.
This article is published as part of the IDG Contributor Network. Want to Join?