FedRAMP is widely recognized as one of the most robust and demanding security regulations.
“Machine-data is inherently sensitive in nature. We found early on that government customers need more than a ‘Low-Impact Software as a Service’ FedRAMP designation, for a Security Incident Event Management (SIEM) solution” said George Gerchow, chief security officer at Sumo Logic. “The road to FedRAMP Moderate designation wasn’t easy, but we know from experience that the effort was worthwhile. We saw this project as a natural extension of our support for simplified, easy to implement compliance with other security standards like PCI and HIPAA - that puts Sumo Logic at the forefront of log analytics and continuous intelligence.”
Grow your PUBLIC SECTOR business
Entering or accelerating your public sector business can have a big impact on your revenue. Offering your services on a FedRAMP-Moderate authorized platform, agencies eliminate costly and time-consuming processes in selecting cloud technologies. Now, service providers can ingest agencies’ data once and use that same data to address a variety of challenges across those respective agencies. By leveraging the data across the entire organization, agencies also have the ability to leverage this investment across various programs and initiatives.
In addition to the Federal space, many SLED organizations are now looking to FedRAMP as a standard for the protection of their data. Your FedRAMP authorized platform to offer these services will give you a unique differentiator against your competition.
Your PRIVATE SECTOR customers may work with within PUBLIC SECTOR requirements
Many enterprises and SMBs that work with the government are required to handle data with the same protections required of their agencies. So, even if you don’t plan to work directly with the federal government, many of your customers and prospects may benefit from your FedRAMP authorized platform.
Enterprises’ ideal managed services provider would live up to FedRAMP requirements
Bigger, longer and more profitable sales require more from the service providers that are standardly delivered from FedRAMP platforms:
Maintenance
FedRAMP authorized platforms are required to adhere to a set of controls surrounding maintenance of their systems and software. FedRAMP cloud service providers are required to maintain support contracts and adhere to manufacture required/specified updates and regularly scheduled service or system maintenance.
Business Continuity & Contingency Planning / Disaster Recovery Planning
Cloud Service Platform Providers who receive FedRAMP authorization are required to define and actively test system survivability, failover and recovery procedures and network redundancy. The provider is also required to define roles and responsibilities for internal staff should a disaster occur in order to maintain service availability. Moving to FedRAMP platform moves your services from the “risk” column to the asset column!
Security, security, security
Service providers under the FedRAMP label are required to continuously monitor and maintain the information system on a 24x7x365 basis, including monthly audits, penetration testing and threat assessments as well as the iterative process of updating and maintaining the Plan of Actions and Milestones. Providers are required to report and discuss their findings with their sponsor on a monthly basis. Additionally, an independent auditor, known as a Third Party Assessment Organization (3PAO) audits ⅓ of the current control set annually for 3 years. By adopting a FedRAMP solution, the security posture of your service is enhanced as security resources are permitted to focus on incident response.
Visibility into complex, ephemeral cloud-based environments is an ongoing challenge for network and security teams across the federal government. Legacy, on-prem solutions simply don’t translate well into the dynamic world of the cloud. Sumo Logic’s pure SaaS log analytics solution is a game-changer for agencies looking to bolster security and optimize performance.
- For more information about Sumo Logic’s FedRAMP journey, please visit: https://www.sumologic.com/blog/fedramp-moderate-in-process/
- For more information about Sumo Logic FedRAMP-Moderate product, please visit: sumologic.com/fedramp
- For more information about Sumo Logic’s MSP programs, please visit: https://www.sumologic.com/msp-partners/
Author Jared Hufferd is director of security service providers at Sumo Logic. Read more Sumo Logic guest blogs here.
