Over a million developers have joined DZone.

Cloud Behind the Firewall: Private PaaS and FedRAMP

DZone's Guide to

Cloud Behind the Firewall: Private PaaS and FedRAMP

· DevOps Zone ·
Free Resource

Open source vulnerabilities are on the rise. Read here how to tackle them effectively.

At this time, it’s no secret that Apprenda  is deeply involved in industries ripe with regulation and governance (e.g. Healthcare, Finance, Defense, etc.). The reason we appeal to the JPMorgan Chase’s and McKesson’s of the world is not coincidence- our platform is policy-driven and caters to industries with compliance requirements because we enable governance without minimizing innovation. We automate application deployment policies and authorization requirements on the fly so that developers do not have to hard-code these features in and instead can focus on innovation.

For the Federal Government, the Federal Risk and Authorization Management Program (FedRAMP) is one of the many policies that is meant to secure critical infrastructure and spawn innovation at the same time. FedRAMP aims to accomplish two goals: 1) Encourage federal agencies to move to the cloud to make IT more efficient and save on costs, and 2) Provide a consolidated approach by the Federal Government to address information security concerns when agencies and departments move to the public cloud.

What About Security Management?

It turns out the governance aspect of FedRAMP suppresses the innovative side by levying rigorous security requirements on Federal agencies in order to move to a public SaaS/PaaS/IaaS deployment. While the target cloud vendor solution may be FedRAMP compliant (AWS, Azure, Lockheed Solas), the responsibility of ensuring their database technologies, firewalls, operating systems, identify federation systems still falls on the agency. Moving applications and infrastructure to a FedRAMP-compliant cloud does not ease managing information security risk. In some cases, security management can mean more work and requirements are now levied on the agency because data and servers are in another vendor’s datacenter.

The Positive Take Away:

The good news for Federal agencies is that private cloud deployments are exempt from FedRAMP security requirements. If your agency has pain points related to meeting the rigorous list of FedRAMP requirements or you prefer to keep applications, data and infrastructure on-premises, Apprenda can help solve those pain points because we deploy on any infrastructure  (Bare metal, VMWare, Hyper-V, Openstack, AWS, Azure, etc.). In fact, we deploy the largest Private-PaaS implementation on the planet at JPMorgan Chase, behind the firewall, running on their infrastructure and keep Personally Identifiable Information secure.

We allow devs to innovate while we integrate with governance and security standards. In the end, the Federal Government can take advantage of Apprenda’s policy-driven platform, like JPMorgan Chase and McKesson did, without hampering innovation.

Learn about the ins and outs of open source security and management.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}