Over a million developers have joined DZone.

Cloud Behind the Firewall: Private PaaS and FedRAMP

DZone's Guide to

Cloud Behind the Firewall: Private PaaS and FedRAMP

· Cloud Zone
Free Resource

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

At this time, it’s no secret that Apprenda is deeply involved in industries ripe with regulation and governance (e.g. Healthcare, Finance, Defense, etc.). The reason we appeal to the JPMorgan Chase’s and McKesson’s of the world is not a coincidence. Our platform is policy-driven and therefore caters to industries with compliance requirements because we enable governance without minimizing innovation. We automate application deployment policies and authorization requirements on the fly so that developers do not have to hard-code these features in and instead can focus on innovation.

For the Federal Government, the Federal Risk and Authorization Management Program (FedRAMP) is one of the many policies that is meant to secure critical infrastructure and spawn innovation at the same time. FedRAMP aims to accomplish two goals:

  1. Encourage federal agencies to move to the cloud to make IT more efficient and save on costs
  2. Provide a consolidated approach by the Federal Government to address information security concerns when agencies and departments move to the public cloud.

What About Security Management?

It turns out the governance aspect of FedRAMP suppresses the innovative side by levying rigorous security requirements on Federal agencies in order to move to a public SaaS / PaaS / IaaS deployment. While the target cloud vendor solution may be FedRAMP compliant (AWS, Azure, Lockheed Solas, etc.), the responsibility of ensuring their database technologies, firewalls, operating systems, and identify federation systems still falls on the agency. Moving applications and infrastructure to a FedRAMP-compliant cloud does not ease managing information security risk. In some cases, security management can mean more work. Requirements are now levied on the agency because data and servers are in another vendor’s datacenter.

The Positive Take Away

The good news for Federal agencies is that private cloud deployments are exempt from FedRAMP security requirements. If your agency has pain points related to meeting the rigorous list of FedRAMP requirements or if you prefer to keep applications, data and infrastructure on-premises, Apprenda can help solve those pain points, because we deploy on any infrastructure (Bare metal, VMWare, Hyper-V, Openstack, AWS, Azure, etc.). In fact, we deploy the largest Private PaaS implementation on the planet at JPMorgan Chase, behind the firewall, running on their infrastructure and keep Personally Identifiable Information secure.

We allow developers to be innovative, while also integrating with governance and security standards. In the end, the Federal Government is able to take advantage of Apprenda’s policy-driven platform, like JPMorgan Chase and McKesson did, without hampering innovation.

The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.


Published at DZone with permission of Dan Domkowski. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}