If you think FedRAMP-authorized cloud solutions are just for Government agencies, you aren’t alone.
As part its “Cloud First” initiative to drive cloud adoption across the Federal Government, the Federal Risk and Authorization Management Program, or FedRAMP, was created to enable the Government to quickly, rigorously, and consistently assess the security capabilities of cloud solutions.
As a FedRAMP-authorized cloud solution, U.S. Federal agencies have official validation that Accellion kiteworks is a superior solution for enabling Government employees to securely access and share sensitive information.
Commercial businesses that operate in the private sector can also utilize Accellion’s FedRAMP Moderate authorized cloud solution and leverage the same level of control, visibility, and confidence that government agencies do when sharing sensitive information.
Many commercial businesses contract with government agencies and are strongly encouraged, and in some cases required, to use a FedRAMP-authorized solution to share information. Whether encouraged or required, using a FedRAMP-authorized solution to share sensitive information is a best practice.
Take for example a manufacturing company that makes components for missile systems. In order for the company to work with the Department of Defense, they must be ITAR compliant. ITAR, or International Traffic in Arms Regulations, is a regulation established to control (read: limit) the export of defense and military related technologies to safeguard U.S. national security. An ITAR violation can result in costly criminal or civil penalties, being barred from future business with the Government, and, in extreme cases, imprisonment. Because highly sensitive information is being shared, the DoD needs to be convinced that the information is shared and stored securely with only authorized persons granted access.
Because Accellion kiteworks is FedRAMP-authorized, the component manufacturer’s choice to use it demonstrates to the DoD a shared commitment to data security and privacy.
Government contractors aren’t the only private sector businesses that benefit from the security and governance capabilities offered with kiteworks. Consider a technology company that hosts a global support web portal to enable customers to upload large files, logs and system dumps and receive case numbers assigned to appropriate folders. This upload activity occurs in parallel with hundreds of thousands of customer devices that "phone home" and upload files and system dumps to designated customer support teams. At any given time, there are 50-100 concurrent connections uploading reams of data to homegrown solutions, shared drives and an FTP server. In short, lots of customer data is being generated, shared and stored and it all needs to happen with the highest levels of security and compliance.
Public and private sector organizations using kiteworks have full control of their sensitive content: AES256 and FIPS encryption on all content in transit and at rest, encryption key ownership, AV and DLP scanning on file uploads and downloads, role-based permissions, and much more. In addition, kiteworks integrates with an organization’s existing security infrastructure, including LDAP/AD, SSO, MFA, DLP, ATP, SIEM and more. Lastly, organizations have full visibility into where sensitive content is stored, who has access to it and what’s being done with it. All file activity is auditable and allows organizations to demonstrate compliance with GDPR, ITAR, HIPAA, HITECH, FISMA, GLBA, SOX and other rigorous government regulations.
Accellion’s FedRAMP Moderate authorized kiteworks solution is available to Federal Government and commercial clients in isolated environments on Amazon Cloud. Per FedRAMP requirements, kiteworks customers using a FedRAMP solution are supported by US citizens who have undergone thorough background checks and reside within the United States.
The kiteworks FedRAMP package features:
- Separate customer virtual private cloud (VPC) for all processing
- Dedicated servers
- Data isolated from all other customers
- Encrypted file storage and transfer with sole encryption key ownership
- Remote wipe for all mobile clients
- Reporting and audit trails
- Continuous monitoring for intrusions and other threats
- Includes vulnerability and penetration scanning as well as rigorous, proactive remediation, plan of action and milestones for mediation tracking
When commercial businesses choose Accellion’s FedRAMP Moderate authorized kiteworks solution, they demonstrate to their partners and customers that data security is a top priority. And having FedRAMP Moderate authorization as a baseline set of security controls provides commercial businesses a distinct competitive advantage. It’s a commitment to the highest level of content security.
For more information, please visit: https://www.accellion.com/fedramp.