Software supply chain risk management and continuous monitoring are key strategies for maintaining a strong cyber posture in the cloud.
Before jumping into FedRAMP solutions, federal agencies should develop an intimate understanding of their data and data needs, cyber leaders said at FCW’s FedRAMP Summit last week.
“When you look at FedRAMP tech solutions and are looking to deploy them, it’s not a simple plug-and-play replacement,” said Nagesh Rao, CIO of the Bureau of Industry and Security at the Department of Commerce. “You’ve got to turn off the legacy platform, migrate the data to the new solution, and then part of that you have to make sure there’s a connectivity point to do the migration.”
FedRAMP works best when you understand how it can work for you, Rao said.
“For example, if you’re going from IaaS (infrastructure-as-a-service) to SaaS (software-as-a-service)-based solution, there’s got to be a touch point of that SaaS solution talking to the legacy system,” he said during the event. “When you do the FedRAMP stuff, there’s always those little tweaks and configuration changes that need to be adapted for that agency’s select system in…
