Government Should Invest More Resources in FedRAMP, Zscaler’s Stephen Kovac Says

Stephen Kovac, the chief compliance officer and head of global government affairs at Zscaler, said in an FCW commentary that the government should provide more resources to the Federal Risk and Authorization Management Program.

FedRAMP is a government-wide program that serves as a standardized approach to evaluating the security of cloud-based products and services.

Kovac, a member of the Potomac Officers Club, said that FedRAMP assumed a greater role in the last 18 months as the coronavirus pandemic tested the limits of government networks, FCW reported.

The FedRAMP program allowed agencies to rapidly adopt cloud-based technologies that have been vetted for their high security, Kovac added.

He said that the program can only continue fulfilling its government-wide role if it is given the funding, staff and other resources it needs, especially for addressing the volume of requests from cloud service providers vying for certification.

“In a way, the program is a victim of its own success,” Kovac said, noting that FedRAMP certification is now needed to effectively sell cloud products and services to the federal market.

Earlier in December, the Senate Homeland Security Committee approved legislation seeking to codify FedRAMP. The Federal Secure Cloud Improvement and Jobs Act would direct the General Services Administration to automate FedRAMP assessments and ensure the continuous monitoring of cloud offerings.

Kovac said that while codifying the program is important, FedRAMP’s success will also depend on the growth of its project management office and Joint Authorization Board.

He added that their growth will require additional legislation that would provide the necessary funding appropriations.