For enterprises and government agencies moving from an on-premise deployment to a Cloud-based solution, “security” consistently ranks as a top concern. Generally speaking, most Cloud solutions offer a higher degree of security than their on-premise cousins. The reason for this is simple – business that provide Cloud services must incorporate enhanced security protocols to remove any doubt from their potential customers’ IT staff. There are, however, security differences between different types of clouds – most notably between Public Clouds, Private Clouds, and Government (FedRAMP) Clouds.
At a minimum, most Cloud providers begin with an ISO 27001 industry-based security certification and must be re-certified on a continual basis. Private Clouds extend the level of security beyond what typical Public Clouds offer, with variances based on a customer’s specific requirements. For example, some organizations require dedicated servers (virtual or physical servers), encryption of data at rest, access restrictions to limited IP ranges, custom password policies, and more. Many of these enhanced security requirements are only possible within Private Clouds, hosted by the customer or by a partner like Project Hosts. Differences between Public and Private (Custom) Clouds are highlighted in the security table on the PPM Custom Cloud page of our website.
For maximum security, the U.S. Government has mandated, through its Cloud-First initiative, a FedRAMP authorized level of security for Cloud Service Providers (CSPs) with IaaS, PaaS and SaaS offerings. This translates into FedRAMP authorized Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service that include an additional 400 security controls. As of mid-year 2014, government agencies moving into a Cloud, must choose a CSP services that are FedRAMP authorized. Project Hosts provides government agencies with a hosted Project Server (PPM) Cloud, a hosted Dynamics CRM Cloud and a hosted SharePoint Cloud that meet FedRAMP authorization at a IaaS and PaaS level, and will soon be SaaS-level authorized. You can track our authorization progress on the FedRAMP site.