Why Now

As a top target for cyber criminalsgovernments need to remain vigilant in protecting their most sensitive data.  

According to an August 2019 report by Barracuda Networks, nearly 66% of all ransomware attacks from January to June targeted government – and 70% of those attacks were successfulWhile ransomware isn’t new or the only form of malware, it alone was predicted to cause $11.B in damages in 2019.  

Cyber criminals have identified governments as easy targets in their exploits, and given the sensitive nature of government data, the lack of verified cybersecurity is a real threat.  

To date, most States have focused cybersecurity efforts on securing its internal systems and training employees. Those are critical initial steps for protecting citizen data from cyber-attacks. However, if States do not also address the cybersecurity of the cloud services in use, they are leaving the back door open to cyber criminals. 

While state and local governments have begun to take steps to secure their own databases, not much has been done to validate the oversight and protection of third party cloud service providers with whom they do business.  

Aware of the risks, most States have adopted requirements for third party cloud providers to meet cybersecurity standards developed by the National Institute of Standards & Technology (NIST), but there has not been a cost-effective way for States to efficiently verify compliance until StateRAMP.  

StateRAMP was developed with procurement and IT officials in mind – to bridge the gap between the two offices and provide a framework of cybersecurity standards for government contractors. All too often procurement officials are challenged with procuring the best cloud services and software for the lowest price, without the tools or resources to verify cybersecurity compliance.  

With StateRAMP, State procurement and IT offices can now:  

  • Ensure that third party cloud service providers meet the cybersecurity standards to do business with the government 
  • Reduce third party providers’ cyber risk to government, their employees, and citizens 
  • Curb cost of cyber insurance 
  • Reduce overhead in additional staffing 
  • Eliminate duplication of efforts and minimize risk management costs 
  • Enable rapid and cost-effective procurement of information systems and services for state and local governments