Over a million developers have joined DZone.

Cloud Behind the Firewall: Private PaaS and FedRAMP

DZone 's Guide to

Cloud Behind the Firewall: Private PaaS and FedRAMP

· Cloud Zone ·
Free Resource

At this time, it’s no secret that Apprenda is deeply involved in industries ripe with regulation and governance (e.g. Healthcare, Finance, Defense, etc.). The reason we appeal to the JPMorgan Chase’s and McKesson’s of the world is not a coincidence. Our platform is policy-driven and therefore caters to industries with compliance requirements because we enable governance without minimizing innovation. We automate application deployment policies and authorization requirements on the fly so that developers do not have to hard-code these features in and instead can focus on innovation.

For the Federal Government, the Federal Risk and Authorization Management Program (FedRAMP) is one of the many policies that is meant to secure critical infrastructure and spawn innovation at the same time. FedRAMP aims to accomplish two goals:

  1. Encourage federal agencies to move to the cloud to make IT more efficient and save on costs
  2. Provide a consolidated approach by the Federal Government to address information security concerns when agencies and departments move to the public cloud.

What About Security Management?

It turns out the governance aspect of FedRAMP suppresses the innovative side by levying rigorous security requirements on Federal agencies in order to move to a public SaaS / PaaS / IaaS deployment. While the target cloud vendor solution may be FedRAMP compliant (AWS, Azure, Lockheed Solas, etc.), the responsibility of ensuring their database technologies, firewalls, operating systems, and identify federation systems still falls on the agency. Moving applications and infrastructure to a FedRAMP-compliant cloud does not ease managing information security risk. In some cases, security management can mean more work. Requirements are now levied on the agency because data and servers are in another vendor’s datacenter.

The Positive Take Away

The good news for Federal agencies is that private cloud deployments are exempt from FedRAMP security requirements. If your agency has pain points related to meeting the rigorous list of FedRAMP requirements or if you prefer to keep applications, data and infrastructure on-premises, Apprenda can help solve those pain points, because we deploy on any infrastructure (Bare metal, VMWare, Hyper-V, Openstack, AWS, Azure, etc.). In fact, we deploy the largest Private PaaS implementation on the planet at JPMorgan Chase, behind the firewall, running on their infrastructure and keep Personally Identifiable Information secure.

We allow developers to be innovative, while also integrating with governance and security standards. In the end, the Federal Government is able to take advantage of Apprenda’s policy-driven platform, like JPMorgan Chase and McKesson did, without hampering innovation.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}