Government officials at the federal, state and local levels, if you weren’t sure you could deploy Google Cloud Platform within your organization because of security concerns, we have some great news for you. FedRAMP has deemed it secure.
The Federal Risk and Authorization Management Program (FedRAMP) recently announced that Google Cloud Platform and Google’s underlying common infrastructure have received the FedRAMP Rev. 4 Provisional Authorization to Operate (P-ATO) at the Moderate Impact Level from the Joint Authorization Board (JAB). G Suite productivity tools are also certified at this level.
To ensure that the government’s technology investments are protected, any cloud services platform that holds federal data must be FedRAMP-authorized for a government agency to use it.
What is FedRAMP Authorization?
Cloud platforms approved at FedRAMP’s Moderate Impact Level account for about 80 percent of the applications that ultimately earn authorizations. This level is the most appropriate for cloud service offerings where loss of confidentiality, integrity or availability could be expected to have serious adverse effects. These effects include damage to assets, financial losses or individual harm that isn’t loss of life or physical.
The process provides a uniform assessment and authorization of cloud security controls, ultimately giving federal agencies the ability to quickly adopt cloud solutions that have been proven secure and valid.
The JAB works to create and maintain a broad marketplace of cloud service providers. Based on its resources and funding, it has the capacity to authorize only a limited number of these providers’ cloud service offering each year. The board prioritizes just six vendors twice yearly to work toward authorization. It selects these cloud solutions providers based on demand for their services from federal agencies.
Once chosen, these organizations undergo a rigorous three-step process. A uniform set of standards drives the process so evaluators can determine if the product meets all necessary security controls. These steps include a readiness assessment, full security assessment and the final authorization process.
What does this mean for government agencies?
Google has gone to great lengths to document its infrastructure and platform security capabilities for Google Cloud. This third-party validation further cements GCP’s position as a leading platform for the government sector.
If you’re in government IT, you’ll be able to deploy a cloud platform that gives your organization better scalability, elasticity and collaboration, not to mention redundancy and high availability of business services.
Plus, this authorization for GCP means you’re deploying a solution within a cloud computer infrastructure that has proven, effective security in place.
Here are six other points you need to know about why you should elevate your agency’s operations to Google Cloud Platform under the FedRAMP authorization.
- You can be assured that security of these cloud solutions has been reviewed against standardized criteria for cloud security by a third-party certification body.
- Because the FedRamp program handles these rigorous assessments, government agencies can save time and money by avoiding the need to conduct their own independent analysis.
- This authorization enables government agencies to move from old, insecure legacy IT to secure, cost-effective and efficient cloud solutions such as GCP, while ensuring a consistent application of existing security practices.
- Moving government agencies to the cloud with GCP and G Suite means these agencies can better communicate and collaborate within an an agency — and across all agencies when needed.
- GCP’s certification covers multiple data centers across the globe so that GCP users across many regions can benefit from this new development.
- JAB maintains ongoing oversight of companies with authorizations; to maintain its status, Google Cloud will continue to undergo audits and assessments. This means security controls for Google Cloud Platform remain intact for government users.
In case you’re curious, Google provides a complete list of authorizations received for GCP and G Suite at the Moderate Impact Level under the FedRAMP program.