Update 12/19/19: GCP Receives FedRamp High Authorization
Government officials at the federal, state and local levels, if you're wondering if you could deploy Google Cloud Platform within your organization because of security concerns, great news! FedRAMP says Google Cloud Platform is secure.
According to Google Cloud, the Federal Risk and Authorization Management Program (FedRAMP) recently announced that 17 Google Cloud Platform products in five cloud regions now have High authorization to operate (ATO). Google Cloud also indicates it has expanded its FedRAMP Moderate authorization, received in May 2018, to 64 products in 17 cloud regions. This means that public sector agencies now have the ability to run compliant workloads at the highest level of civilian classification.Twenty-seven G Suite productivity tools are also authorized at this Moderate level.
To ensure that the government’s technology investments are protected, any platform from top cloud service providers that holds federal data must be FedRAMP-authorized for a government agency to use it. Cloud security is a must.
What is FedRAMP Authorization?
The FedRamp authorization process provides a uniform assessment and ATO of cloud security controls, ultimately giving federal agencies the ability to quickly adopt cloud solutions that have been proven secure and valid.
Cloud platforms approved at FedRAMP’s Moderate Impact Level account for about 80 percent of the applications that ultimately earn authorizations. The moderate level is the most appropriate for cloud service offerings where loss of confidentiality, integrity or availability could be expected to have serious adverse effects. These effects include damage to assets, financial losses or individual harm that isn’t loss of life or physical.
The High Impact Level, according to FedRamp, is most frequently required in law, emergency services, financial, health and any other systems "where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals."
The FedRamp program authorizes only a limited number of cloud service offerings each year. Once chosen, these organizations undergo a rigorous three-step process. A uniform set of standards drives the process so evaluators can determine if the product meets all necessary security controls. These steps include a readiness assessment, full security assessment and the final authorization process to identify secure cloud solutions.
What Does This Mean for Government Agencies?
Google has gone to great lengths to document its infrastructure and platform security capabilities for Google Cloud. These third-party validations further cement GCP’s position as a leading platform for the government sector.
If you’re in government IT, you’ll be able to deploy a cloud platform that gives your organization better scalability, elasticity and collaboration, not to mention redundancy and high availability of business services.
Plus, this authorization for GCP means you’re deploying a solution within a cloud computer infrastructure that has proven, effective security in place.
Here are six other points you need to know about why you should elevate your agency’s operations to Google Cloud Platform under the FedRAMP authorization.
- You can be assured that security of these cloud solutions has been reviewed against standardized criteria for cloud security by a third-party certification body.
- Because the FedRamp program handles these rigorous assessments, government agencies can save time and money by avoiding the need to conduct their own independent analysis.
- This authorization enables government agencies to move from old, insecure legacy IT to secure, cost-effective and efficient cloud solutions such as GCP, while ensuring a consistent application of existing security practices.
- Moving government agencies to the cloud with GCP and G Suite means these agencies can better communicate and collaborate within an an agency — and across all agencies when needed.
- GCP’s certification covers multiple data centers across the globe so that GCP users across many regions can benefit from this new development.
- The program maintains ongoing oversight of companies with authorizations; to maintain its status, Google Cloud will continue to undergo audits and assessments. This means security controls for Google Cloud Platform remain intact for government users.
In case you’re curious, Google provides a complete list of authorizations received for GCP and G Suite at the Moderate Impact Level under the FedRAMP program so you can be assured of cloud security with Google. Questions? Just ask. We have earned the Google Cloud Partner Infrastructure Specialization and have in-depth knowledge of GCP and how it can benefit federal agencies.