Federal CIOs, Struggle No Longer – Compliant Managed Cloud Services

July 20, 2017

In a CIO.com article titled, “5 years into the ‘cloud-first policy’ CIO’s still struggling”, Marlon Andrew, deputy CIO at the National Archives and Records Administration was quoted, saying, “The greatest challenge is not getting a contract in place, but what you find out is where those boundaries cross of who’s now responsible because you’re in a different infrastructure set-up, and what the cloud provider’s going to do versus the contract staff, versus the application support staff versus the infrastructure staff,” Andrews says. “So, that’s the greatest challenge we’re having now is defining roles and responsibilities and who’s going to do what because the world has changed as we’ve known it, and we’ve been client-server for so many years that this is truly a different environment for us.” He continues with this question, “What does the word ‘manage’ mean in a cloud environment.”

It’s a great question, and like so many questions, the answer is “it depends.”   It really depends on the type of cloud solution provider you’re working with, the types or levels of services they offer, and the amount of control they’re willing give you. When it comes to “managing,” Project Hosts offers a range of “managed services”.  From helping or assisting you in your subscription, to co-supporting an environment based on the software layer, to fully managed hosting services.  In this way, you can apply the talent and resources you have where they’re most likely most needed and valued — typically at the application layer where you’ve done custom development or configuration for your software solution. You should consider offloading things like infrastructure, server, platform and networking management to a cloud solutions provider as they can manage and monitor the environment more cost effectively than using your own staff.

In addition, some CSPs, like Project Hosts, offer advanced  management services such as security controls implementation and management to ensure compliancy with regulatory standards.  Project Hosts provides ready-to-run containers that support the necessary security controls including ISO 27001, HIPAA/HITRUST, NIST 800-53, and FedRAMP Moderate, High and DoD CC SRG IL4/5 level with full compliancy. 

So in summary, we provide the managed services to deploy, host, monitor, and maintain your subscription, ensuring ongoing trouble-free operation in a highly secured cloud. Whether you need us to provide managed services for your Azure cloud subscription, or you need us to deploy, host and manage the solution over it’s lifespan using our subscription, rest assured we will secure your cloud.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


FedRAMP Websites made Secure through Required FedRAMP Control Families

June 22, 2017

FedRAMP-Websites2Pursuant to a memorandum released in November, 2016 by the US Office of Management and Budget, M-17-06 Policies for Federal Agency Public Websites and Digital Services, Project Hosts’ FedRAMP compliant websites can meet website objectives and recommendations. U.S. federal and state government agencies and enterprise organizations that need a highly secure website and content management system can now use Drupal, Joomla and WordPress for FedRAMP compliant websites with database.

Vulnerability scans, expensive audits and access control are at the forefront of the RA, AU and AC Control Families, which along with 253 additional controls, give Federal and State agencies and their citizens peace of mind when accessing and sharing information over their FedRAMP websites. Project Hosts, Inc. has put together a series of videos going over the various control families necessary to achieve FedRAMP compliance. While some of the control families are industry standard for IT security management, it is the substantial number of controls required in FedRAMP that adds the impenetrable layers of security through FedRAMP Compliance.

FedRAMP_Video_SeriesThe RA- Risk Assessment FedRAMP Security Control Family is primarily about vulnerability scanning on your system.

The AU – Audit and Accountability FedRAMP Security Control Family covers the logging that you must do in you systems to be able to alert you when something is going wrong, or to diagnose incidents. Such audits can cost upwards of $200k annually.

The AC- Access FedRAMP Security Control Family is the largest family with 43 controls. This family of controls covers how you provide control over who accesses your environment and how you authorize that access.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


Understanding the FedRAMP Control Families ( Video Series with Project Hosts)

May 9, 2017

Project Hosts has recently released a series of 17 videos that outline the security controls required for FedRAMP compliance of an environment built on Microsoft Azure.  IaaS/PaaS services like Microsoft Azure take care of 25-30% of all required FedRAMP security controls, but the remaining 70-75% still need to be put in place.  In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

FedRAMP_Video_Series

In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail, what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

Our Federal Private Cloud for Windows and Linux Applications (FPC) provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management.   A hybrid cloud architecture allows agencies to leverage shared services for some functions (e.g. authentication, monitoring, scanning) while still having the option to choose dedicated servers for applications and databases. This series of videos offers some insight into the controls that make all of this possible.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


FedRAMP goes live with High Security Baseline

June 23, 2016

Today, the Federal Risk and Authorization Management Program (FedRAMP) announced the FedRAMP High Security Baseline. The importance of this is significant, as stated in today’s FedRAMP announcement: “These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.”

With this announcement, Cloud Service Providers (CSPs) have a high-level security model to offer federal agencies. Prior to the new baseline, federal agencies could only migrate low and moderate impact data into the cloud. With this release, government agencies can now leverage the cloud for their most critical data through High Security Baseline CSPs.

Microsoft Azure is one of three CSPs currently with provisional authority to operate from the FedRAMP Joint Authority Board or JAB. Under the new baseline, CSP data centers must be secured to the levels mandated for unclassified data in cloud environments, outlined by the Federal Information Processing Standard, or FIPS.  Project Hosts’ Federal Private Cloud, a FedRAMP SaaS-level cloud with an agency ATO, is currently certified at the Moderate level, and with this announcement has started the process to gain a High Security Baseline. Specific details on the expected availability of this capability will be announced at a later date.

Click for additional information about Project Hosts’ Federal Private Cloud


DocPoint Brings Project Hosts’ FedRAMP Cloud Solutions & Services onto GSA Schedule 70

April 28, 2016

Today, our partner DocPoint Solutions, Inc., a leader in the implementation, customization, training and support of SharePoint solutions and its integrated suite of products, announced that they have brought our  Federal Private Cloud (FPC) cloud solutions to onto their General Services Administration (GSA) Schedule 70. Through this partnership, DocPoint will be able to promote and sell FedRAMP SaaS-level compliant cloud solutions as part of a complete enterprise content management (ECM) system.

DocPoint-Graphic

Scott Swidersky, president of DocPoint Solutions, said, “Like companies in the commercial sector, government agencies are turning to cloud-based solutions to promote information sharing across the enterprise in a more cost-effective, scalable manner. However, federal organizations must comply with strict standards to safeguard data and prevent security breaches. With Project Hosts on our GSA Schedule 70, we can offer these clients a complete, secure and compliant ECM solution in the Microsoft Azure Government cloud.”

Project Hosts’ FPC for Windows and Linux Applications provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, Gimmal, Innovative-e, Nintex, eSignLive, UMT360 and more; and open source website content management applications such as Drupal, WordPress and Joomla.

With Project Hosts’ cloud solutions and services on DocPoint’s GSA Schedule 70, federal agencies and government organizations have the benefit of turning to a single entity for a secure, compliant and cost-effective ECM solution that improves productivity, efficiency and enterprise-wide collaboration.

 

 


FedRAMP Compliant Websites Powered by Drupal, Joomla! and WordPress

February 15, 2016

FedRAMP-Websites2More great news for our U.S. federal and state agency customers –  today we announced that our FedRAMP SaaS-compliant Federal Private Cloud now supports websites powered by content management systems from Drupal, Joomla! and WordPress.

This means that U.S. federal and state government agencies can now quickly and easily create and manage their websites while having complete assurance that they are fully secured and meet all of the GSA’s FedRAMP SaaS-level compliance controls.

“If you’re an agency who needs to build and maintain a FedRAMP compliant website using Drupal, Joomla! or WordPress, we have exactly what you need,” said Scott Chapman, CEO and co-founder of Project Hosts. “Unlike FedRAMP Infrastructure-as-a-Service (IaaS) website offerings where you still have to put in place and manage all of the scanning, patching, log correlation, intrusion detection, incident response and other security services required for FISMA compliance, our FedRAMP SaaS-level compliant websites allow you to focus on your website content and leave all of those security controls to us.”

Need to know more?  Follow these links….

FedRAMP Compliant Website / CMS Tools

FedRAMP Compliant Cloud Services (Applications)

FedRAMP ISV Program

FedRAMP SharePoint Pricing

FedRAMP Dynamics CRM Pricing

FedRAMP Project Server Pricing 


“ISV FedRAMP Program” for Azure #Gov_Cloud Enables ISVs to Deliver Their Applications from a @FedRAMP SaaS-Compliant Cloud

November 17, 2015
Project Hosts Federal Private Clouds

Project Hosts Federal Private Clouds

Today at the Microsoft 2015 Government Cloud Forum in Washington DC we announced a new ISV FedRAMP Program that enables Microsoft ISVs to deliver their applications as an Azure Gov cloud service that meets the FedRAMP SaaS-level security controls. The new program is immediately available to ISVs that must adhere to the hundreds of SaaS-level security controls in FedRAMP in order to sell to US Federal and State agencies.

“ISVs with applications targeted to federal government agencies can work with Project Hosts to provide their solution in a FedRAMP SaaS-compliant Azure Gov cloud,” said Michael Batt, Director Government Cloud Partner Programs, Microsoft Corp. “This program utilizes Project Hosts’ FedRAMP SaaS-compliant status and expertise in Azure and can significantly reduce both the time and expense it would take ISVs to secure FedRAMP SaaS compliancy on their own.”

By joining the program and aligning with Project Hosts, ISVs can sell their add-on solutions to U.S. federal and state agencies that require a FedRAMP SaaS-level compliant cloud service.  The program:

  • Fast-tracks ISVs into the Azure Gov cloud – the emerging cloud standard for both federal and state U.S. government agencies
  • Enables ISVs to be selling to US Government Agencies – typically within 3 months of joining the program
  • Creates a ready-made community – an ecosystem of FedRAMP SaaS compliant applications on the Azure Gov platform

azure_logoThe ISV FedRAMP Program utilizes Project Hosts’ Federal Private Cloud solution platform in a Azure Gov Cloud and incorporates Windows Server, Windows SQL Server database, SharePoint collaboration platform, Dynamics CRM, Project Server, Team Foundation Server (TFS),  Remote Desktop and a host of third party ISV applications and add-ons.

 

 

 


%d bloggers like this: