Vbrick achieved FedRAMP Authorization in February 2019 and has seen an overwhelming response from government agencies seeking to leverage secure live streaming and on-demand video to communicate and collaborate. Vbrick has continued to focus on meeting our customer needs and plans to increase its security baseline to FedRamp Moderate, which encompasses over 300 security controls.
Tell Me About FedRAMP
According to a 2019 study by Deltek, the US Federal Government is expected to nearly double its spending on cloud computing from 2019 to 2024 when it will reach $9.1 Billion. The much-heralded benefits of cloud technology – cost savings, improved cybersecurity, operational effectiveness, and improved citizen service experience – make the implementation of cloud solutions key to Federal IT modernization strategies. In response to this increased appetite for cloud solutions, the Federal government has implemented the Federal Risk and Authorization Management Program (FedRAMP) to ensure the proper level of security is in place when government agencies access cloud products and cloud services. This program standardizes the approach of security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). The aim of FedRAMP is to save time as well as minimize costs that each agency would have to spend to assess the security of cloud service providers. FedRAMP grants authorizations to CSPs in three impact levels: Low, Moderate, and High. Each impact level is viewed through the lens of the following three FedRAMP security objectives:
- Confidentiality – data remains confidential
- Integrity – data integrity is maintained, avoiding data alteration or destruction
- Availability – Vital data is readily available
The three levels differ based on the intensity of a potential impact that may occur if an information system is jeopardized. To ensure that government data is adequately protected, additional security controls are added as the levels move from Low to High. The security controls outlined in FedRAMP are based on the National Institute of Standards and Technology (NIST) Special Publication 800-53, which provides standards and security requirements for information systems used by the Federal government. Controls are the technologies and techniques CSPs use to secure the government data they store in the cloud. Low-level systems have 125 controls, moderate level systems have 325 controls, while high-level systems are required to comply with 421 controls. FedRAMP released the high-level security baseline in June 2016. Before that date, federal agencies were only able to outsource low-level and moderate-level cloud operations to CSPs. A more detailed description of each level can be found below:
Low: Data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation.
Moderate: Includes data that’s not available to the public, such as personally identifiable information. A breach of this data can have a serious impact on an agency’s operations.
High: Includes sensitive federal information, such as law enforcement, emergency services, and healthcare data. Breaches to government systems containing this data would potentially shut down operations or result in financial ruin or posing a threat to intellectual property and maybe even human life.
What Is Vbrick Doing Related To FedRAMP?
In February 2019, Vbrick announced the achievement of FedRAMP Authorization for the Rev Platform. This investment is part of a long-standing commitment to enabling the Federal government to leverage video to improve communication, collaboration, and knowledge sharing. Our government customers have been able to leverage Rev to engage audiences with live video, to empower with on-demand video and to transform video content management and distribution with confidence that Vbrick can meet their security requirements for cloud solutions. Since last year, Vbrick has secured multiple new Federal government customers based on this achievement. However, with the aim of serving increasing security needs as the use of video broadens across the federal government, Vbrick has conducted a FedRamp Moderate gap assessment with the aim of achieving FedRAMP Moderate authorization. This gap analysis evaluated 325 controls across the following areas:
- Approved Cryptographic Modules
- Transport Layer Security
- Identification, Authentication, and Access Control
- Audit, Alerting, Malware, and Incident Response
- Contingency Planning and Disaster Recovery
- Configuration and Risk Management
- Data Center Security
- Policies, Procedures, and Training
Based on the findings of the gap assessment Vbrick is well-positioned to pursue Moderate status. Terry Medhurst, CIO of Vbrick offered the following perspective. “Our investment in FedRAMP is part of a broader security program aimed at being at the forefront of our market. FedRAMP raises our security posture for all customers and in particular Federal customers seeking cloud-based secure video management and delivery.” The gap assessment results indicate Vbrick is ready to partner with an agency sponsor. Many of Vbrick’s existing on-premise customers are excited about the plan as it supports their objective to move to the cloud.
Vbrick is proud to be actively supporting the Federal government with advanced video creation, management, and distribution tools to communicate ideas and project status at scale and to collaborate between local and remote teams, agencies and departments. Our government customers have been able to launch live webcasts to align and inform each organization, share knowledge videos in a highly secure portal, and enhance existing communication and collaboration activities with the power of video. To learn more, visit https://vbrick.com/industries/government/.