Why did your organization become a StateRAMP member?
As an organization committed to helping get cloud solutions authorized for use and into the hands of both federal and state and local government organizations, it just made sense to engage with StateRAMP and leverage the program’s benefits.
What advice do you have for other providers progressing through the StateRAMP process?
We recommend communicating early and often with StateRAMP representatives and your sponsor if you have one about your solution, intentions, and concerns/questions. A little bit of guidance and support early in the process goes a long way in preventing unnecessary re-work.
How do you stay up to date with the evolving cybersecurity landscape?
Operating in the cybersecurity ecosystem requires daily reading of news stories, blogs and articles put out by those in the cybersecurity community or governing officials and a commitment to continuously learning new things – from new attack vectors and technologies favored by adversarial actors to newly identified vulnerabilities and weaknesses to new and emerging technologies and SecOps preventative/risk mitigation strategies. There is never a dull moment, or time to pause for continuous improvement.
Please share any specific challenges or lessons learned from your StateRAMP journey.
In order to benefit from StateRAMP’s Fast Track approach, we started our StateRAMP journey at the same time we finalized our FedRAMP moderate P-ATO.
Is there anything else you would like to share with the StateRAMP community or the broader cybersecurity community?
To those just getting started, we suggest embracing the opportunity to improve your understanding of and control over your cybersecurity posture (no pun intended). Compliance, if viewed in a vacuum, can seem mundane, overwhelming, and unnecessarily complicated at times. Just remember the goal of the journey is to reduce risk to your customers and improve your cybersecurity posture – which is a WIN and should be a goal for every organization. Shifting your mentality to one that embraces the journey first as a way to mature your internal operations, and significantly improve transparency, manageability and accountability will help the team implement the right controls in the way that makes the most sense to protect your customers and your organization. First is improving cybersecurity, second is improving it in a way that can be attested to against a compliance framework. The effort is one that ultimately protects and improves your organization’s reputation and business value.
