Over a million developers have joined DZone.

Cloud Behind the Firewall: Private PaaS and FedRAMP

· DevOps Zone

The DevOps zone is brought to you in partnership with Sonatype Nexus. The Nexus suite helps scale your DevOps delivery with continuous component intelligence integrated into development tools, including Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and more. Schedule a demo today

At this time, it’s no secret that Apprenda  is deeply involved in industries ripe with regulation and governance (e.g. Healthcare, Finance, Defense, etc.). The reason we appeal to the JPMorgan Chase’s and McKesson’s of the world is not coincidence- our platform is policy-driven and caters to industries with compliance requirements because we enable governance without minimizing innovation. We automate application deployment policies and authorization requirements on the fly so that developers do not have to hard-code these features in and instead can focus on innovation.

For the Federal Government, the Federal Risk and Authorization Management Program (FedRAMP) is one of the many policies that is meant to secure critical infrastructure and spawn innovation at the same time. FedRAMP aims to accomplish two goals: 1) Encourage federal agencies to move to the cloud to make IT more efficient and save on costs, and 2) Provide a consolidated approach by the Federal Government to address information security concerns when agencies and departments move to the public cloud.

What About Security Management?

It turns out the governance aspect of FedRAMP suppresses the innovative side by levying rigorous security requirements on Federal agencies in order to move to a public SaaS/PaaS/IaaS deployment. While the target cloud vendor solution may be FedRAMP compliant (AWS, Azure, Lockheed Solas), the responsibility of ensuring their database technologies, firewalls, operating systems, identify federation systems still falls on the agency. Moving applications and infrastructure to a FedRAMP-compliant cloud does not ease managing information security risk. In some cases, security management can mean more work and requirements are now levied on the agency because data and servers are in another vendor’s datacenter.

The Positive Take Away:

The good news for Federal agencies is that private cloud deployments are exempt from FedRAMP security requirements. If your agency has pain points related to meeting the rigorous list of FedRAMP requirements or you prefer to keep applications, data and infrastructure on-premises, Apprenda can help solve those pain points because we deploy on any infrastructure  (Bare metal, VMWare, Hyper-V, Openstack, AWS, Azure, etc.). In fact, we deploy the largest Private-PaaS implementation on the planet at JPMorgan Chase, behind the firewall, running on their infrastructure and keep Personally Identifiable Information secure.

We allow devs to innovate while we integrate with governance and security standards. In the end, the Federal Government can take advantage of Apprenda’s policy-driven platform, like JPMorgan Chase and McKesson did, without hampering innovation.

The DevOps zone is brought to you in partnership with Sonatype Nexus. Use the Nexus Suite to automate your software supply chain and ensure you're using the highest quality open source components at every step of the development lifecycle. Get Nexus today


Published at DZone with permission of Dan Domkowski. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}