State and local governments want to embrace cloud services for the cost savings, flexibility, scalability, security, and improved customer experiences that they can bring. But the cloud brings challenges that are directly related to each of these benefits. For example, the pay-as-you-go cloud services model can deliver cost savings, but agencies need new processes in order to manage their cloud spending proactively. And while managed service providers (MSPs) secure cloud infrastructure in line with best practices and industry standards, agency customers are still responsible for securing applications and resources in the cloud.
Agency responsibilities can also extend to monitoring the environment, providing logging and analysis, spinning up virtual machines – the list goes on and on. In many ways, the technology aspect of a cloud services deployment can be the easy part. It’s the people and processes that can be stumbling blocks on the way to a successful implementation.
If agencies try to hire employees to fulfill all of these functions in-house – either directly or via a systems integrator – they often find themselves bringing on multiple full-time professionals with specialized expertise. This increases cloud costs – and what’s more, agencies may not have a full slate of work for them. In addition, before putting the cloud service into operation, the agency must often obtain authority to operate it from a certifying body.
Navigating the cloud journey is daunting even for the most experienced and savvy IT professionals. Standing up a new fully secure and managed cloud environment could take three to six months at least.
At Rackspace, we envision a shorter and simpler route. We have more than 20 years of experience providing multicloud managed services expertise and a cloud platform that goes well beyond hyperscale CSPs’ cloud infrastructure offerings. Our Rackspace Government Cloud (RGC) is the express lane to security in the cloud.
With RGC, state and local governments can procure a secure, compliant cloud platform that is available in both public and private cloud configurations, including AWS and VMware. Designed specifically for government organizations, RGC is built to NIST 800-53, FedRAMP, FISMA, NIST SP 800-171 (“DFARS”), and CJIS guidelines.
While Rackspace provides that turnkey part of the technology stack in the cloud, the people and process components are equally important. Rackspace has 500 experienced staff members who work with agencies and educational institutions to define needs, build custom environments, and maintain, secure and monitor them 24 hours a day. This means agencies don’t have to add specialized headcount, and they can focus on their mission, rather than the underlying technology. By leveraging the “buy, not build” capability that RGC provides, agencies reduce the burden on in-house IT teams while delivering secure cloud solutions in a fraction of the time it would normally take.
Security, of course, is imperative – and as threats proliferate, it’s a moving target. Increasingly, we see state and local governments request that their cloud service providers be FedRAMP authorized. FedRAMP is a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services developed by the Federal government. Others are looking for StateRAMP authorization. The newer StateRAMP program launched in early 2021 and is modeled after FedRAMP.
These programs, as well as similar, state-specific initiatives such as TexRAMP, offer valuable assurances that cloud services and software are secure. At the same time, they make the process of moving to the cloud even more complex, which creates additional requirements for people and processes.
State and local governments working with FedRAMP-authorized providers, such as RGC, reduce the need for specialized people and processes because cloud solutions built on FedRAMP-authorized platforms inherit that authorization. In addition, because of the similarities between FedRAMP and StateRAMP, state and local governments seeking StateRAMP authorized providers will already be well on their way to achieving it with RGC.
It’s important to understand that hyperscalers only provide 10 to 15 percent of the security controls required for FedRAMP authorization. It’s reasonable to expect a similar scenario with StateRAMP. That means agencies must implement the other 80 to 85 percent of security controls. It’s a huge investment in time and resources, and as noted above, often demands skills and experience that agencies lack.
That’s why Rackspace built our secure platform on top of AWS and VMware. We can address up to 80 percent of FedRAMP security and compliance requirements. Our goal is to make security inherent for our customers, so they can focus on meeting their mission with whatever they build on top. That might be continuous integration/continuous delivery (CI/CD) to speed software releases, DevSecOps environments, artificial intelligence and machine learning, productivity applications, call centers, and more – the possibilities are limitless.