by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2015
burden on the agency. Agencies also won’t spend as much for auditing services for the entire stack— just the part of the stack the agency itself is responsible for. In addition, many of the costs that agencies do incur can move from capital expenses to operational expenses, and are payable on a monthly basis instead of paying large amounts once or twice per year. Finding and retaining enough IT security staff to prepare systems for compliance and maintain compliance over time is another issue many agencies and government contractors face. A certified provider will have its own fully compliant security operations team. This reduces the burden for the agency or contractor for system support. One issue that isn’t often top-of-mind is what happens after certification. While it takes a lot of time, expertise, tools and other resources to get through the FedRAMP certification process, the challenges don’t stop there. FedRAMP requires continuous monitoring and reporting throughout the life of the system to ensure compliance. A certified vendor can shoulder that responsibility by performing the required daily, weekly, monthly, quarterly and annual activities and reports on behalf of the agency. It also becomes the vendor’s responsibility to continue to update its security authorization package and resources to remain compliant, even if the requirements change over time. Relying on a FedRAMP compliant vendor also makes the ongoing process of configuration and change management—something that is difficult for any organization to do well consistently—much easier. Another part of the compliance puzzle that can be complicated and expensive for agencies is acquiring, learning and integrating all of the tools required for FedRAMP compliance. This includes security-related tools needed for scanning, vulnerability and penetration testing. A certified provider will use only tools that are approved by the government for this purpose, and will have the expertise required to integrate and use them as defined by the security requirements. Finally, using FedRAMP compliant service providers and vendors can significantly reduce the time it takes to become compliant. That, in turn, allows agencies to move forward with hybrid cloud-based initiatives that increase agility, save money, and improve service to citizens as soon as possible. And while FedRAMP is one of the most difficult security-related requirements that agencies and their contractors must comply with, there are others as well. Depending on the agency and its mission, these may include the Health Insurance Portability and Accountability Act (HIPAA) and Service Organization Controls (SOC) 1 and 2, among others. Many of the requirements for standards like these are similar to those for FedRAMP, such as physical security and other common control baselines. That means that by choosing a FedRAMP-compliant vendor, agencies may meet many requirements of other applicable standards without additional security related work. Conclusion For federal agencies, applications and services delivered via the hybrid cloud model is the ultimate in efficiency and agility. Getting there today requires full compliance with FedRAMP and other applicable security and privacy-related standards—a process that is difficult, time-consuming and expensive to achieve and maintain without help. By working with vendors that have already achieved FedRAMP ATOs, agencies can leverage pre-approved expertise, facilities and resources with as little disruption as possible. Most importantly, it allows agencies to get on with the business of benefitting from the cloud. For more information about FedRAMP compliant cloud services purpose-built for federal agencies, visit http://vmware.carpathia.com. EXECUTIVE INSIGHTS: THE COMPLIANCE PUZZLE shutterstock.com
June 30, 2015
July 30, 2015