Innovative Minds - On Point - One Group  

ISP Blog

23
Jun
2015

Choosing a 3PAO: FedRAMP, Cybersecurity & Cloud Expertise are Vital

By:

As a direct result of the Cloud First policy, the Federal Government is spending more time, money, and effort on cloud procurement services than ever before. Currently, there are only 38 FedRAMP compliant Cloud Service Providers (CSPs) in a market that is projected to grow to $6.4 billion by 2019. For the time being, this means that the federal green field for cloud offerings is being cornered by only a handful of compliant CSPs. However, GovWin has projected that there will be a surge in applications starting in 2017. If you are a CSP without a FedRAMP compliant offering and are planning on seeking authorization in the near future, your window of opportunity for establishing a competitive advantage in the Federal cloud market is now, before saturation occurs.

As you are likely aware, CSPs in the Federal space are required to be compliant with FedRAMP, which set forth a standardized approach to risk management by assessing and monitoring the security posture of new and existing cloud products and services. When you consider the fact that data breaches are hitting the news on what seems to be a daily basis, you can clearly see that complying with FedRAMP baseline controls is an essential first step to clearing the way for Federal organizations to safely and securely implement CSP offerings in an ever-changing landscape.

To best guide you through your journey to FedRAMP compliance, your organization needs a trusted 3PAO partner to provide thought leadership and meticulous insight into the security posture of your cloud service. Without proper guidance, the path to FedRAMP compliance is a potentially long and costly journey. Whether assisting you with packet preparation or assessing your package, your 3PAO needs an intimate understanding of the FedRAMP process, cybersecurity subject matter expertise as well as deep knowledge of all things cloud. These services should not be viewed as commodities and your 3PAO shouldn’t simply ensure compliance by checking boxes. The journey to authorization requires a 3PAO to help you navigate the process, but also presents an opportunity to validate and improve your security posture. As of this blog post, there are:

  • over 40 3PAOs on the FedRAMP marketplace list[1];
  • Seven (7) of these companies are listed on the Cybersecurity500 list of the world’s top 500 cybersecurity companies[2]. Of those seven;
  • Three (3) are pure play firms that focus exclusively on cybersecurity[3]; and
  • One (1) is actively pioneering federal cloud security services for the government’s largest cloud adoption – MindPoint Group. 

MindPoint Group’s singular focus and expertise in cybersecurity provide CSPs with a FedRAMP 3PAO team that has:

  • Deep understanding of cloud security and the FedRAMP Security Assessment Framework (SAF) that resulted in the completion of MindPoint Group’s external 3PAO assessment with zero findings, a singular achievement by MindPoint Group among all 3PAOs;
  • Subject Matter Expertise in cloud security, FedRAMP compliance, and ISO auditing;
  • Cloud security expertise supporting clients like NASA where we have been helping one of the first and largest cloud brokers in the Federal Government deploy a secure hosting solution to migrate the largest web presence in the Federal Government to the cloud. Very few businesses, large or small have designed and operated a cloud solution at this level for large organizations. Our success and hard work resulted in a 2014 NASA Honor Award for Taking NASA to the Cloud and the 2014 NASA, NSSC Small Business Subcontractor of the Year [4]; and
  • Security assessment expertise for a myriad of Federal Government Agencies to include: Department of Justice, Department of Agriculture, Department of Transportation, Department of Treasury, NASA, Department of Interior, as well as many commercial clients to include large financial institutions.

To learn more about FedRAMP 3PAO services from MindPoint Group, email fedramp@mindpointgroup.com today or check back with us on Thursday for the publication of Part II in our FedRAMP whitepaper series titled, “Fast Track to FedRAMP”.

 

Additional Resources:

Email: FedRAMP@mindpointgroup.com

MindPoint Group Whitepaper – FedRAMP Part I: The Path to Success

MindPoint Group FedRAMP Services: https://www.mindpointgroup.com/services/fedramp-services/

MindPoint Group Cloud Services: https://www.mindpointgroup.com/services/cloud-security/

MindPoint Group Managed Security Services:  https://www.mindpointgroup.com/services/mss/

Federal Risk and Authorization Management Program (FedRAMP): http://www.fedramp.gov/

CSOonline.com: When a data breach hits, enterprises turn to outside firms to pick up the pieces

hstoday.com:  White House Requires Federal Agencies to Follow FedRAMP for Cloud Security

Cybersecurity 500: http://cybersecurityventures.com/cybersecurity-500/

MindPoint Group NASA NSSC Subcontractor of the Year Award, Page 34:  NASA 2014 SB Industry Awards Publications

Follow MPG

Matthew Biester

Consultant at MindPoint Group
A consultant with MindPoint Group, Matthew Biester works with both the Human Resources and Marketing departments serving as a Corporate Outreach Specialist. Matt also serves as a committee member on MindPoint Group's Volunteer Initiative Program.
Follow MPG
Categories: Application Security, Certification and Accreditation, Cloud, Compliance, Continuous Monitoring, FedRAMP, ISP Blog, Risk Assessment, Risk Management, White Paper
Share: