FedRAMP JAB P-ATO + PaaS + flexibility + agency specific security controls = Datapipe’s Federal Community Cloud Platform (FCCP).
Last week, we announced that Datapipe received its JAB P-ATO for the FCCP PaaS solution. If you recall from the Understanding the Multiple Versions of the FedRAMP ATOs blog, there are three types of P-ATOs that a cloud service provider (CSP) can achieve. A cloud that has achieved a JAB P-ATO has undergone the most stringent security audit from the JAB, which is made up of CIOs from:
- Department of Homeland Security (DHS)
- Department of Defense (DoD)
- General Services Administration (GSA)
Government agencies can trust that a JAB-approved cloud meets the security baseline required to deploy government applications.
In addition to the three different types of P-ATOs, a cloud will fall within one of three layers of cloud services: Infrastructure as a Service (IaaS), Software as a Service (SaaS), or Platform as a Service (PaaS); see IaaS, SaaS, and PaaS – Ooh My! for more details on differences between each platform. FCCP is a PaaS cloud providing full management and security across the entire infrastructure up through and, most importantly, including the virtual operating system (Windows or Linux). Currently, the hardening and management of the virtual operating system is rarely offered by CSPs. Usually the responsibility of securing, operating, and maintaining the virtual operating system falls upon the agency or other outside third-parties, thus making overall solution management more complex and costly. With Datapipe providing this level of management, a government agency can maintain its focus on the applications and data that reside within the cloud.
“We’re excited to have Datapipe’s FCCP offering as another unique PaaS offering under the FedRAMP JAB. The FCCP solution provides a true PaaS environment authorized up through the virtual operating system, allowing agencies to focus their attention on their applications and databases.” said Matthew Goodrich, FedRAMP Director.
While this might sound impressive by itself, where Datapipe really shines is in the unique way that FCCP is deployed for customers and the flexibility that this offers. At the heart of FCCP, you will find a community cloud that allows Datapipe to support any number of federal government customers within the cloud. However, each customer is provided with their own cloud platform module (CPM), which is comprised of dedicated firewalls, switches, host servers, storage arrays, and management and monitoring tools. This cloud is well suited for agencies looking to convert or migrate legacy systems to a cloud-based model by taking advantage of cloud efficiencies without sacrificing agency-specific security controls. This is sometimes the case with multi-tenant clouds.
Datapipe provides full transparency into the health and security of the customer’s CPM by providing authorized government personnel with access to Datapipe’s management and monitoring tools. Not only does this help build trust, but agencies may find this to be a cost savings mechanism, as they may not need to purchase their own management and monitoring software tools.
In providing these resources, Datapipe is able to work with our government customers to help layer their agency-specific security controls on top of the CPM. Chief Information Security Officers (CISOs) find this capability to be attractive. Perhaps for the first time, a government agency is able to take the best of FedRAMP with the baseline security controls, have the solution managed up through the virtual operating system, and feel comfortable adding their agency-specific controls. By combining the JAB P-ATO, PaaS, flexibility, and agency specific security controls, FCCP truly is a formula for success.