Stronger Data Security for Cloud Vendors Becomes Standardized


Cloud technologies are becoming a significant investment for organizations of all sizes. Cloud computing increases efficiency, helps improve cash flow, and offers many more benefits. You’re likely aware of how beneficial cloud technology can be if you’ve recently purchased (or considering) a new advancement Constituent Relationship Management (CRM). This is because many of today’s advancement CRM options are cloud-based vendors.


How does cloud based technologies affect data security?


Data security has become more prevalent, especially for the advancement community. Choosing a cloud vendor with robust data security standards are vital. This is because CRM data security management is critical to creating and maintaining an effective CRM system.


Until recently, data security standards have only been consistently applied to companies that contract with the federal government. But many states have now taken notice of the importance of data security standards. Here’s what to consider.


Cybersecurity Laws

Texas Gov. Greg Abbott recently signed a cybersecurity law that will implement several new programs at the state’s Department of Information Resources, including a cloud-security certification system modeled on a longstanding federal program.


Under the new law, Texas will create a rubric for verifying that the cloud services that state agencies and higher-education institutions contract with meet specific data-security standards. The program went into effect in January 2022 and is modeled after the Federal Risk and Authorization Management Program (FedRAMP), which grades the security of federal vendors.


Other states are taking similar initiatives to enact data-security standards—namely Michigan and Ohio, with many others likely to follow suit.


U.S. Senator Gary Peters (Michigan), Chairman of Homeland Security and Governmental Affairs, announced he had introduced bipartisan legislation to update and make permanent the FedRAMP program to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency. In addition, the bill will make FedRAMP more accountable to the American people and create private-sector jobs in companies that provide cloud services.


In a November 2021 press release, Senator Peters said, “This important bipartisan bill will ensure that agencies can procure cloud-based technology quickly while ensuring these systems—and the information they store—is secure. It will also help companies that provide these technologies grow and create jobs and incentivize them to provide innovative products to bolster our nation’s competitiveness in this space.”


FedRAMP and StateRAMP

FedRAMP provides a standardized approach to security authorizations for cloud service offerings. This standard empowers agencies to use modern cloud technologies, emphasizing security and protection of federal information—helping to accelerate the adoption of secure cloud solutions.


It consists of two primary entities: the Joint Authorization Board (JAB) and the Program Management Office (PMO). Members of the JAB include the chief information officers (CIOs) from the Department of Defense, Homeland Security, and General Services Administration. The JAB serves as the primary governance and decision-making body for FedRAMP.


FedRAMP has defined the responsibilities of federal agencies since 2012—when cloud technologies began to replace outdated tethered software solutions—to ensure cloud-based information technology is used appropriately. FedRAMP was born from the U.S. government’s “Cloud First” strategy. That strategy required agencies to look at cloud-based solutions as a first choice.


Getting FedRAMP authorization was (and is) no easy task. The level of security required is mandated by law. There are 14 applicable laws and regulations and 19 standards and guidance documents. It’s one of the most rigorous software-as-a-service certifications in the world.


All cloud services holding federal data require FedRAMP authorization.


StateRAMP is a nonprofit organization that launched in early 2021 with the intention to promote cybersecurity best practices through education, advocacy, and policy development to support members and improve cybersecurity.


StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve.